News

AIAG Releases Cyber Initiative to Help Determine Vulnerabilities in Automotive Supply Chain

by Greg Creason | Aug 01, 2019

Small and medium suppliers can now assess their information security and ability to meet cybersecurity expectations of automotive customers.

SOUTHFIELD, Michigan, August 1, 2019 – The Automotive Industry Action Group (AIAG), in partnership with NQC – a global leader in cyberthreat detection – today announced the launch of a suite of cybersecurity tools to help automotive suppliers compare their current cybersecurity capabilities to industry best practices. The Supply Safe™: Cyber Safe Bundle includes a one-time third party virtual audit, along with either a basic or advanced enterprise risk assessment. Together, these resources allow suppliers to evaluate their overall cybersecurity efforts and identify the most critical areas for improvement.

The Supply Safe™: Cyber Virtual Audit is a remote threat analysis that searches a supplier provided URL or domain name for known vulnerabilities using a database of more than 53,000 common configuration issues, updated in real time with the latest threats. The audit – which is non-intrusive and will not damage the resource being checked – identifies systemic weaknesses and provides an automated corrective action plan with practical steps the supplier can take to immediately improve its cybersecurity. Real-time signposts guide suppliers on what to do to improve their cyber capabilities, which means they can take action more quickly.

“The frequency, sophistication and virulence of cyberattacks has grown exponentially over the past five years,” says Tanya Bolden, AIAG’s director, supply chain products & services. “These attacks are a clear and present danger to the security of our global supply chain, impacting both direct and indirect suppliers. AIAG remains committed to making resources developed by OEMs available to smaller companies in the automotive supply chain – companies that may not have the budget or expertise to proactively protect themselves along with their customers’ and suppliers’ data.”

The Cyber Risk Assessment questionnaire, both the basic and advanced version, is based on AIAG’s CS-1 document – the Cyber Security 3rd Party Information Security guideline – which is the collaborative work of automotive volunteers facilitated by AIAG. This new risk assessment defines the minimum security requirements needed to support the secure exchange of information within the automotive supply chain.

“The consequences of a cybersecurity breach are extremely alarming, with 60% of small companies failing to recover,” explains Charles Morrison, NQC managing director. “With only 14% of smaller enterprises rating their ability to defend against a cyberattack as effective, automotive suppliers should be strongly encouraged to make use of the Cyber Safe Bundle. We are very pleased to bring our expertise to this collaboration with AIAG and we are confident this suite of tools will provide much needed protection to suppliers across the industry.”

AIAG sponsored member companies can access the self-assessment and one-time virtual audit at no charge. Non-members may access the self-assessment and a one-time virtual audit for a nominal fee. Additional virtual audits can be customized and/or provided in cadence of the supplier’s choosing for an additional fee as well.

For more information, visit www.aiag.org/cyber.

About AIAG: The Automotive Industry Action Group (AIAG) is a unique not-for-profit organization where OEMs, suppliers, service providers, government entities, and individuals in academia have worked collaboratively for more than 36 years to drive down costs and complexity from the automotive supply chain. AIAG membership includes leading global manufacturers, parts suppliers, and service providers. Visit www.aiag.org for more information.

About NQC: NQC is a global supply chain specialist, providing technology and insight to global industry and governments to help tackle supply chain challenges worldwide. NQC provides the automotive industry with a common technical platform for supply chain assurance and offers the largest global database of automotive supply chain risk assessment data.  Visit www.nqc.com and www.supplierassurance.com for more information.