Protecting the Auto Supply Chain, Part One

Written by Sean Martin of imsmartin consulting

According to a survey conducted by Purdue University and the Center for Education and Research in Information Assurance and Security (CERIAS) in association with McAfee, as much as $1 trillion of intellectual property is stolen by cybercriminals each year. Is this figure not enough to suggest that an ‘out of sight, out of mind’ placement of security in favor of cost-cutting could actually prove to be more costly for the automotive industry in the long run?

The automotive industry relies heavily on its secure and reliable communications for key business operations such as supply chain management via Electronic Data Interchange (EDI), Computer Aided Design (CAD), Computer Aided Engineering (CAE) and Product Data Management (PDM). One could say that the systems and data that enable these communications are the lifeblood of the automotive supply chain, potentially even the automotive industry. Make a poor decision that affects the ability for the supply chain to move, and the results could be globally catastrophic. However, as the industry struggles to operate more efficiently with fewer expenses, these collaboration and document exchange services become a very large and natural target for cutting costs.

In an attempt to formally find ways to cut costs associated with the enablement of these services, the Automotive Industry Action Group (AIAG) established a committee in the latter part of 2010 designed to bring together a number of global industry representatives with the goal of identifying cost-effective alternatives to dedicated private collaboration networks. This committee recently met with other global industry representatives during the recent “Collaborative Supply Chain Data Network Connectivity” event held in Southfield, MI.

It should come as no surprise that the topic of cost-cutting ran hot through most of the sessions and conversations during the event. Unfortunately, it appeared that the main discussion point of cost-cutting and the associated discussions surrounding the adoption of new technologies as a way to reduce costs have pushed the topics of security and reliability to the side. With a suggested move to leverage the public Internet, the industry could indeed save some money through lower technology and service acquisition costs. However, this decision could come at the expense of trade secrets being stolen, supply chain productivity decreasing and even increased operational overhead.

As described by McAfee in their 2011 report entitled “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” the globalization and commoditization of information technology have driven businesses to store increasing amounts of precious corporate data in the cloud. As this shift has taken place, cybercriminals have discovered new ways to target this precious data, both from inside and outside the organization. More pointedly, in 2010 alone, the US Secret Service handled cybercrime violations totaling over $500 million in actual fraud loss (source: Verizon Business 2011 Breach Report).

One such case of theft can be viewed where Hyundai Capital admitted to nearly 25 percent of its 1.8 million customers’ personal information was stolen; roughly 420,000 people were affected through the unauthorized access to Hyundai’s customer database via a successful hacking attack.

Come back tomorrow for Part Two of our series on Protecting the Auto Supply Chain,

Edited by Kevin Scarpati