If you haven’t heard the terms “jamming” and “spoofing” in relation to trucking telematics before, you are not alone, for both are highly rare forms of telematics hacking in the U.S.
Yet Guy Buesnel, product manager for the positioning & navigation business unit at Spirent Communications, warns that such activity has occurred in overseas freight markets and could eventually make their way here to the U.S.
“GPS jamming is very prevalent right now, and the jamming equipment is easily procured and very inexpensive,” he told Fleet Owner. “We know that criminals are starting to use jammers to carry out crimes. For example, in Italy gangs have been targeting shipments of scrap metal. They hijack a truck, force the driver to pull over, hold the driver captive and then use a GPS jammer so the cargo can’t be tracked as they drive off with it.”
One of the more “insidious effects” of GPS jamming in Buesnel’s estimation is that as a jammer gets closer to a receiver, the receiver might start outputting hazardously misleading information such as incorrect information on position and time.
“Without understating how your receiver behaves with jamming and spoofing attacks, you’re taking a really big risk in trusting the data it outputs,” he explained.
Spoofing, however, is “a little trickier” to conduct, Buesnel said, because spoofing is actually about “faking” a GPS signal.
“So far there hasn’t an instance where someone has spoofed by faking a satellite signal,” he explained. “However, we know spoofing is going to be a real threat because criminals are already getting into application software and faking GPS coordinates.”
For fleets, Buesnel thinks spoofing is going to become a real threat to navigation, positioning, and timing systems.
“In order to cope with this, you need to know how robust your equipment is today and to be prepared,” he emphasized. “And you can only do that if you assess your risks and then test your equipment against current and future trends.”
That includes closely monitoring how a trucking company’s information technology (IT) network is constructed as well.
“With fleet networks, often the focus is on the trucking and delivery aspects, and all too often the IT components—servers, routers, firewalls, etc.—aren’t necessarily taken as seriously,” Buesnel noted.
“But people can get into the networks and start messing with data, which can impact delivery schedules, for example,” he explained. “This can easily be addressed by looking at what you’re building and figuring out how to properly secure it.”
The firm polled 300 senior U.S. business professionals and found that cyber security retained the highest proportion of “business risk” with 21% of respondents naming it as the number one threat they were most concerned about.
The survey also found nearly half of respondents felt a “significant level” of cyber risk from the following scenarios:
- A hacking incident leading to theft of customer information
- Inability to use the organization’s network
- Theft of employees’ private information
- Theft of intellectual property
- Inability to access the organization’s website
“In the modern-day business environment where everything is interconnected, the potential threats facing a business are immense,” noted Ken Ewell, president and COO of The Graham Company. “This complexity of risks has caused many business leaders to become overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line.”
That’s one reason why Spirent’s Buesnel believes IT security on the “back-end” of a motor carrier’s network “is vital, as all it takes is someone doing the wrong thing once” and malware gets installed within the carrier’s computer system.
“At that point a hacker now has complete access to your network, including delivery schedules, credit card payments, customer lists, etc.,” Buesnel warned. “All of this data can be taken very easily if the back-end IT network supporting the fleet is not secure.”
It’s also wise policy not to put too much trust in off-the-shelf “firewalls” designed to protect IT networks from hacking, he emphasized.
“Companies will often buy a firewall but they don’t always take time to think, ‘What does it actually mean that I bought a firewall?’” Buesnel pointed out.
“Is it configured properly? Did I buy the right licensing for it? Is it actually going to provide the protection I’m looking for? That goes for anti-virus too,” he added. “In Spirent’s testing, we’ve seen well-known products that are only 44% effective at blocking attacks. Just because you buy a firewall doesn’t mean you’re automatically secure.”