Nmfta Tsrm 637e0bee529ec

Cybersecurity: 'White hats' offer tips to help execs head off hackers

Nov. 29, 2022
Any business that moves items of high value must always take security measures, and modern technology brings a whole new element to old-fashioned highway robbery. The coming era of autonomous trucking adds even more levels of concern for vehicle security.

It's 11:59 on a Sunday night, and your company's computer system has been shut down until a ransom is paid. Will anyone even notice before the office opens on Monday? Will anyone know what to do when the doors open but the computer system is offline?

These “ransomware” attacks routinely make headlines, as American businesses, government offices, hospitals, and schools all have fallen victim to cybercriminals, typically based overseas.

And trucking is not immune. Additionally, any business that moves items of high value must always take security measures, and modern technology brings a whole new element to old-fashioned highway robbery. And the coming era of truck autonomy adds even more levels of concern for vehicle security and safety.

So what’s a fleet to do? First and foremost, how do we avoid that midnight crisis in the first place?

See also:Trucking remains a top target for cyberattacks

The National Motor Freight Traffic Association (NMFTA) hopes to provide some answers. The organization, traditionally focused on LTL issues, put out an industry-wide invitation to its annual Digital Solutions Conference on Cybersecurity. Held recently in Alexandria, Virginia, the event drew a range of fleet representatives, cybersecurity experts, and policymakers for a couple of days of presentations that ran the gamut from Ph.D.-level cellular network vulnerabilities to common e-mail scams.

Ben Gardiner, NMFTA’s senior cybersecurity research engineer, bridged the gap between the theoretical and the practical with the opening slide deck of the conference. Specifically, Gardiner outlined his successful remote attack on the hydraulic braking system of a tractor-trailer via the J2497 trailer databus, using about $300 of off-the-shelf electronics.

The good news: Gardiner is a good guy, a “white hat” hacker who looks for vulnerabilities and works to resolve them. (His primer on truck hacking is YouTubed below; similarly, for those unfamiliar with the CyberTruck Challenge, follow that link.)

So, because so much of the conference was so far over my head, I sat down with Gardiner for a few minutes to glean some perspective.

“We’ve tried to tread that line between making it enticing for the experts to participate, and making it practical and actionable for the fleets,” he said. “It doesn't take a lot to imagine a truck getting ransomwared someday. People are making a lot of money off ransomware and it's pretty obvious that you could ransom a fleet of trucks.”

Among the challenge for fleets, of course, is that a key asset—the truck—is mobile. But as Gardiner discovered in working to resolve truck security vulnerabilities, today’s trucks feature a lot of technology yet very few people understand both the software and the heavy-duty hardware.

“What I experienced with multiple fleets was either deferring vehicle cybersecurity decisions to their IT department or not really having anyone to deal with cybersecurity vehicle decisions and problems,” he said. “It's not a stretch to say that a lot of IT people don't get what the maintenance people get, and maintenance people understand how the trucks work but don’t understand what the IT people do. So both sides need to learn from each other to be able to really secure those rolling assets.”

See also: Zero trust: Chaos creates cybercriminal opportunities

But, as was obvious at the conference, it takes graduate-level education—and/or a lot of time pursuing the dark web—to understand and mitigate the threats. Surely that’s beyond the expertise (and budgets) of even the most tech-savvy folks at many fleets.

“The LTLs are big enough and have enough resources to have their own IT, their own in-house software development, their own access to resources to secure themselves,” Gardiner said. “They need to start taking more of an industrial control system approach, where their maintenance and their IT staff consider both the IT and the things that roll, to give a unified security perspective on their operations. That's where it's going to have to go to be ahead of that attack.”

And for the rest of us?

“If you're small and you can't spend the money to hire the experts, use cloud services,” Gardiner said. “By purchasing that solution, you're going to have their security teams working for you. So that's a big bang for the buck.”

Decision guides

Additionally, NMFTA has developed resources to ease the anxiety for fleet executives looking at tech investments: the telematics security requirement matrix, or TSRM. The solution is open-sourced and available for developers on GitHub as well, he noted.

“It's a series of cybersecurity requirements in the form of a questionnaire,” Gardiner said. “The fleets can take the questionnaire and give it to two or three telematics service providers that they're thinking of purchasing from in the procurement phase, and then evaluate who has the better cybersecurity. We're trying to move that visibility of cybersecurity closer to the wallet to the people that make the decisions.”

Likewise, NMFTA is working on heavy-duty vehicle cybersecurity requirements.

For NMFTA Executive Director Debbie Sparks, the conference was about “building a community” of experts to guide the industry as it faces “new challenges in the digital era.”

“NMFTA is a leader in cybersecurity and digital transactions, so we understand the importance of making sure that the transportation community is aware of what's at stake and how we work together to make sure that what we do is safe and secure,” Sparks said.

More to come from the meeting—much more—once my brain quits spinning (so yours doesn't have to).

About the Author

Kevin Jones | Editor

Kevin has served as editor-in-chief of Trailer/Body Builders magazine since 2017—just the third editor in the magazine’s 60 years. He is also editorial director for Endeavor Business Media’s Commercial Vehicle group, which includes FleetOwner, Bulk Transporter, Refrigerated Transporter, American Trucker, and Fleet Maintenance magazines and websites.

Working from Little Rock, Kevin has covered trucking and manufacturing for 15 years. His writing and commentary about the trucking industry and, previously, business and government, has been recognized with numerous state, regional, and national journalism awards.

Voice your opinion!

To join the conversation, and become an exclusive member of FleetOwner, create an account today!

Sponsored Recommendations

Leveraging telematics to get the most from insurance

Fleet owners are quickly adopting telematics as part of their risk mitigation strategy. Here’s why.

Reliable EV Charging Solution for Last-Mile Delivery Fleets

Selecting the right EV charging infrastructure and the right partner to best solve your needs are critical. Learn which solution PepsiCo is choosing to power their fleet and help...

Overcoming Common Roadblocks Associated with Fleet Electrification at Scale

Fleets in the United States, are increasingly transitioning from internal combustion engine vehicles to electric vehicles. While this shift presents challenges, there are strategies...

Report: The 2024 State of Heavy-Duty Repair

From capitalizing on the latest revenue trends to implementing strategic financial planning—this report serves as a roadmap for navigating the challenges and opportunities of ...