Managing technology risk in an evolving automotive industry

With a heavy reliance on code, autonomous and connected vehicles are especially vulnerable to technology risk


Danny Le

Danny Le

Principal, Cyber Security, KPMG US

+1 213-430-2139


Henry Bzeih

Henry Bzeih

Senior Vice President, Global CTO, Flex Automotive

Jason Cook

Jason Cook

VP, Business Development, SafeGraph

Colin Singh Dhillon

Colin Singh Dhillon

Chief Technical Officer (CTO), Automotive Parts Manufacturer’s Association (APMA)

Mike Krajecki

Mike Krajecki

Partner, IT Advisory & Healthcare Innovation, KPMG US

+1 312-665-2919

Technology risk—the possibility that a failure of technology will disrupt your business and result in a financial or reputational loss—is pervasive across today’s digital economy. With such a heavy reliance on code, autonomous and connected vehicles as a sector is especially vulnerable to technology risk.

In the self-driving market it’s all about the collection, management and deployment of data.

Mike Krajecki, Director Advisory, Emerging Tech Risk Services, KPMG (US) Mike Krajecki, Director, Emerging Technology Risk Services, KPMG (US)

“The more value data offers the more different threat actors and malicious parties will want to use it for the wrong purpose,” said KPMG’s Mike Krajecki. “The last couple of years, there's been so many examples of data being stolen and misused, and that’s going to translate more and more into the next gen mobility space. No data is more valuable than who we are, where we go and what our actions are every day.”

Krajecki stressed that as we continually find more ways to monetize data, we need to understand where that information resides at all points in the business life cycle. And it's not just a matter of who owns the data, it's also about who is protecting it. Because as soon as a weak link is identified, someone will expose it, and then the system starts to break down because people lose trust.

From left to right it’s Danny Le, Henry Bzeih, Jason Cook, Colin Singh Dhillon, and Mike Krajecki.

This gets into the need to balance privacy and security, said Jason Cook of Safegraph. You can’t solve the problem with just one or the other. Of course, there has to be a security platform to keep malicious users from accessing sensitive data. But a strong privacy policy will help identify instances where data unnecessarily contains personally identifiable information and specify the steps to take to anonymize the data.

“Researchers at Berkeley are exploring the concept of differential privacy, a statistical cyber security model that looks for ways to structure sensitive data so even if the security program fails, hackers can’t reverse engineer identity,” said Cook.

As this panel of technology experts made clear, there’s definitely a paradigm shift underway in the auto industry—not only in terms of a technological evolution, but also in how that transformation is managed. At the highest levels within the major auto makers, right up to the board level, some of the biggest concerns are around cyber security and privacy.

“The auto industry was not prepared for that aspect,” said Henry Bzeih of Flex. “Traditionally, the CAN architecture and the way cars were designed inherently did not have the level of protection that is needed today. We're talking about a redesign of the electrical design of the vehicle, adding the Ethernet to create networked security aspect.”

Colin Singh Dhillon, Chief Technical Officer (CTO), Automotive Parts Manufacturer’s Association (APMA) Colin Singh Dhillon, Chief Technical Officer (CTO), Automotive Parts Manufacturer’s Association (APMA)

From an “Islands of Autonomy” perspective, the APMA’s Colin Dhillon highlighted Stratford, in Ontario, Canada, a small city with a population of 30,000 and only 24 intersections an hour east of Detroit. In 2017 Ontario launched AVIN—the Autonomous Vehicle Innovation Network—in Stratford, an $80 million effort to establish the city and province as an autonomous technology hub, where researchers will work to perfect various AV technologies and conduct testing under a broad range of traffic and weather conditions.

“Not only are we connecting Stratford to autonomous technology for vehicles, we’re also looking at the city’s infrastructure to see how we can support and promote technology companies and their data,” said Dhillion. “By the end of next year, we will have Miovision smart traffic lights at every intersection, giving us the credibility of possibly being the first city in the world to have smart intersections throughout the whole city.” 

“At the APMA we're creating a subcommittee within AVIN to oversee cyber security because we feel it's paramount, not only for the vehicles and the infrastructure, but also the manufacturing facilities.”

To access this panel’s presentation, please click here

Click the below links for KPMG whitepapers on this topic:

Automotive cyber security series

Automotive technology governance series