The Auto Channel
The Largest Independent Automotive Research Resource
The Largest Independent Automotive Research Resource
Official Website of the New Car Buyer

Security Concerns Holding Up Digital Progress in Auto Industry

11 January 2001

Security Concerns Holding Up Digital Progress in Automotive Industry, According to KPMG Global Study 
              Manufacturers Fear Capture of Proprietary Designs

    DETROIT, Jan. 10 As industries move rapidly into the
digital age, automotive executives greatly fear the capture of their
proprietary designs and this is holding up e-business progress, according to
the results of a global B2B e-commerce study conducted by KPMG, the
professional services firm.
    In the global study of automotive leaders from multinational OEMs and Tier
1 and Tier 2 suppliers in the United States, England, Germany and Japan,
conducted in October and November 2000, the respondents feared that
proprietary designs would be sensitive to Internet hacking, unethical
competitive behavior, or viruses.
    "This came through loud and clear in the survey," said Larry Kelsey, a
partner in the Information Risk Management practice at KPMG.  "This is not
only a signal that Covisint and other exchanges must wrestle with security
before they get buy in, but auto companies need to adopt safeguards to protect
themselves.  A breach of security on the engineering side could significantly
impact profitability."
    Even if a company has limited e-business activities at this point, it must
safeguard proprietary information and protect its systems from hackers.  "A
worst case scenario would be the ability for an external party to change
information on a company's computer, which results in the shutdown of a
production line,"  he says.  "This can also affect profits."
    To be successful, Kelsey notes, there are five key considerations for
maintaining a secure environment. They are as follows: one, to secure the
connections (e-mail, Internet access, etc) the company has with the outside
world; two, to establish and implement an information security program; three,
to review host and network security; four, to review application security,
with respect to actual applications involved in B2B and B2C programs; and
five, to perform semi-annual penetration testing.
    According to Kelsey, every automotive firm needs a security assessment as
a first step.  "Unfortunately, there are no shortcuts in setting up a secure
environment," he says.
    Kelsey further adds that as companies move from Internet isolated to
Internet enabled, the associated risks increase.  "An organization must
consider and promote the integration of business strategies and processes,
technology infrastructures, and organization structures to help control risk
in the company's e-business initiatives," he says.
    He says there are three misperceptions floating around the industry.  One
is, 'if Microsoft can be hacked, then how can I possibly protect my company.'
"A company needs to take preventive measures and can't have a defeatist
attitude for its bottom line health is at risk," says Kelsey.
    A second misperception is that 'a minor e-business initiative is not
something to worry about.' Kelsey sees this as management's most common
mistake as it gives hackers an opening to wreak havoc.  "Even the smallest e-
business initiatives need protection."  And third, that 'security measures
will slow down the process.'  "Security measures, for the most part, run
parallel to development and do not crimp progress," he says.