New robust security audit can guard against data and privacy breaches

Automakers are rapidly moving from an owned environment to a shared one to reflect the mass transformation in the use of digital technology and the increase in connectivity in cars. However, such moves open the industry and consumers to the growing risks of cybercrime. David Mudd, Global Head of Digital Trust Assurance at BSI, explains how car manufacturers can build digital trust in global supply chains so consumers of both personal and commercial vehicles know that their information and privacy will be respected and protected.

The scale of change and the challenge                                              

The amount of software and the surge of connectivity in our cars have increased dramatically over the last few years, with cars effectively becoming ‘computers on wheels’. Consumers expect advanced technology with the next generation of vehicles to function seamlessly, safely and securely. Digitization has become a mega-trend and the subsequent changes in the auto industry are moving at incredible speeds.

The scale of the challenge of securing information is enormous given that when a consumer buys a car from BMW, for example, they are not just buying from BMW. In fact, they are buying from possibly 12,000 suppliers from around the world that are not only supplying some of the different elements of smart connectivity but also handling sensitive digital information. This means the volume of information exchange between suppliers is growing exponentially, creating potential information security risks.

Preventing data and privacy breaches

Assessment to TISAX (Trusted Information Security Assessment Exchange) is increasingly being recognised, and in some cases, required by automakers, as a way to improve cyber defences, and inspire digital trust throughout the automotive supply chain and in consumers.

The independently assessed scheme provides a robust, methodical approach to assuring the security and exchange of data. It ensures that suppliers, partners and service providers to car giants, such as VW, BMW and Daimler, and their brands, implement up to 114 controls relating to the privacy and security of data being held and shared.

The scheme, which was developed by the Association of the German Automotive Industry (VDA), is now increasingly being mandated by its members. It represents a new set of industry best practices, building upon ISO 27001 the international standard for information security management, and references GDPR to address the automotive industry's specific data and privacy needs.

It is devised to cover information security between partners in the supply chain, covering those directly related to automaking, and services to automakers, such as management consultancy, IT support and recruitment. Essentially, all suppliers are covered by the requirements of TISAX.

A passport to trade

TISAX then protects information and data, allowing for a flexible supply chain and greater resilience to cyber security risks. However, its main role is to empower the collaborative nature of the automotive sector by ensuring a level of information security to deliver new, improved functionality and technologies quickly, securely and effectively into the core trusted brands of vehicles.

The attainment and exchange of a TISAX label is likely to become a passport to trade with partners and OEMs; hence, VDA members are moving to TISAX being mandated. This increasing requirement will then provide a baseline passport to enter the industry and do business. This will mean that a company obtaining a TISAX label can be trusted to handle third-party data securely and effectively - with the fundamentals of information security in place, without compromising intellectual property.

Opening the door to new technologies

Car buyers are always going to value safety, speed, performance and efficiency. However, the transformation in the digital space and surge in connectivity makes clear that car buyers will also add information security and privacy protection to the mix of buying decisions. As such, the demand for connectivity has meant there is now a growing need for TISAX around the world. This new kind of passport of trust will allow automakers to accelerate the production of the next generation of cars with the technology consumers want and expect, both safely and securely.

TISAX also supports the safer integration of artificial intelligence and the Internet of Things. It has a pivotal role in helping to build capability in the digital space, open the door to new technologies and accelerate adoption, while all the time, assuring information integrity and resilience in global supply chains.

To learn more, please visit our TISAX page.

ENDS

About David Mudd

David Mudd, Global Head of Digital Trust Assurance at BSI, is responsible for BSI’s digital trust assurance solutions, which include training, testing, assessing and certifying for ICT governance, risk management, cybersecurity and privacy, digital supply chain, data stewardship, and artificial intelligence.

He supports BSI’s clients across the key sectors of the built environment, healthcare, food, mobility, ICT, energy and manufacturing in the safe and effective adoption of disruptive digital technologies.