When it comes to cybersecurity, it might be best to first focus on the positives.
“Everyone has come to grips with how incredibly serious” the issue has become, said Monique Lance of Argus Cyber Security.
That is far different than in 2013 when Argus was founded. Back then, “companies didn’t understand the gravity of the problem,” she said.
However, Chris Sandberg, PeopleNet’s vice president of information technology, pointed out “while they are thinking about it, they don’t know the right questions to ask.”
Experts interviewed by Fleet Owner agreed the information technology sector has done a good job of establishing best practices and recommendations, which are beginning to combat a problem the White House Council of Economic Advisers estimates cost the U.S. economy as much as $109 billion in 2016 alone.
For trucking and transportation firms, cybersecurity worries extend beyond back office networks to every single truck on the highway.
“What an attacker wants to do is disrupt commerce,” said Mark Zachos, president of DG Technologies, which provides vehicle diagnostics and testing to the trucking and automotive industries.
“They want to stop the engine from running … because they want to collect ransom from you,” added Zachos, who is also chairman of the cybersecurity task force of the Technology & Maintenance Council.
It is generally believed a ransomware attack is a more likely scenario than a hacker remotely seizing control of trucks, turning them into driverless vehicles of mass destruction. These attacks could potentially be launched through vulnerabilities in some electronic logging devices (ELDs).
Lance stressed that “trucks and commercial vehicles are lucrative targets for cyber criminals,” and that viruses can disrupt operations and force companies to pay large sums in ransom and/or face major economic losses to bring their networks back online.
Even the largest transportation companies are not immune. In June 2017, FedEx Corp. announced worldwide operations of its TNT Express unit had been hit with a virus known as NotPetya. The U.S. government later determined it was likely a Russian-sanctioned attack, and that TNT was among the side victims. Even though it was detected early, the resulting delays and damages cost the company at least $300 million in earnings.
“We have experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems,” FedEx said in a statement shortly after the attack.
Maersk was also affected and cost the Danish shipping giant hundreds of millions of dollars in damages. “We can, with great certainty, say that we have never experienced anything like this,” Maersk reported in a statement.
In the months leading up to the Dec. 18 implementation date of the ELD mandate, the National Motor Freight Traffic Association (NMFTA) was among the groups raising the alarm about entry-level ELD manufacturers.
The ELD mandate calls for two-way communication of the controller area network (CAN bus), the nervous system of the vehicle that enables communications. It has created fears “regarding the cybersecurity posture of the ELD devices themselves as they create a bridge between the Internet and the CAN bus network of the vehicle,” NMFTA said. “If the ELD devices could be exploited to send malicious traffic to the vehicle CAN bus, it could have serious consequences to the safe operation of the vehicle.”
PeopleNet’s Sandberg said despite all of the positives with the mandate, it does mean there is a need protect more sensitive electronic data.