Keeping Your Fleet Safe from Cyber Attacks
In an increasingly connected world, more attention and resources are being directed to ensuring the technology connecting the Internet of Things (IoT) is properly secured. From hotel room keys to home appliances and personal fitness trackers to surveillance devices – “bad actors” sometimes look for ways to infiltrate and steal information or cause disruptions. Today’s smart commercial fleets are no different, and engineers and fleet technology providers are taking active steps to ensure connected smart rigs stay safe and secure on the roads.
Since the Federal Motor Carrier Safety Administration (FMCSA) established its mandate on electronic logging devices (ELDs) in 2019, commercial fleets in the U.S. have been required to use these integrated devices for improved compliance and safety for trucks and drivers. ELDs make it simple to track things like hours of service (HOS), vehicle motion status, engine status, and other basic data points.
By design, ELDs cannot control a CMV’s functionality and are not legally required to track vehicle performance data like speed, braking, and steering. However, commercial trucks are becoming steadily more connected to both the back office and other trucks in the fleet, with new technologies delivering a fuller picture of vehicle and fleet health, driver habits, road conditions, and more. With this increased connectivity come new concerns for potential disruptions by people with nefarious intentions.
Potential Problems for Fleets Caused by “Threat Actors”
While most cyberattacks on fleets today are – like for most businesses – targeting back office and company-level operations, there are some characteristics of ELDs that could make them susceptible to hackers. For example, they are wireless and typically Bluetooth-enabled, creating the potential for remote control. Their wireless nature also could leave them vulnerable for uploaded malware, while their connectivity with the rest of their fleet means that malware could possibly spread to other vehicles (commonly known in cybersecurity as a “worm”).
In a recent study on commercial vehicle ELD security, researchers explored vulnerabilities that left ELDs potentially prone to cyberattacks. The ELD brand they observed contained an easily identifiable SSID (name) on the network, were openly accessible, and were protected by a weak password. These features made it easy for attackers to identify the equipment on a nearby vehicle and then work to infiltrate it. Before the researchers published their findings, they shared their results with the ELD manufacturer, who had time to address and mitigate the identified vulnerabilities before the paper was published.
What can a fleet do to help combat cyberattacks on its trucks?
Fleets can better protect themselves from potential cyberattacks by implementing the following practices, according to experts:
- Evaluate the cybersecurity status of your ELDs and your entire system. Work with your telematics provider on how to conduct a risk assessment of your fleet using resources like the NIST Risk Management Framework.
- Identify critical systems that need to be protected and prioritize them. Develop contingency plans for what to do if those systems fail or are compromised.
- If drivers suspect their ELD device or vehicle has been hacked due to erratic vehicle performance, they should immediately contact fleet maintenance for guidance.
- Work with your telematics provider to enhance default security settings, implement more robust firmware, improve authenticity checks, and eliminate any unnecessary and high-risk features.
- Improve system passwords utilizing tools that generate complex passwords or use a standard password prefix with the last four digits randomized.
- Use a secure firmware signing mechanism involving cryptographic signing to ensure updates are authentic and from a verified source.
How Platform Science is helping protect its partners against cyberattacks
Platform Science has built defense in depth security into its hardware, software, and infrastructure to prevent the types of potential vulnerabilities described in the recent research, including:
- Regular third-party penetration testing
- Scanning of software updates prior to release for vulnerabilities and security risks
- Constant security scanning of live infrastructure for intrusion detection and anomalous activity
- Multiple overlapping security layers between the tablet, the ELD, and the truck via close relationships with OEMs, in addition to OEM multiple layers
- Mobile device management to prevent device compromises
- Signed firmware in our tablet and CVD, among other protections
We also work very closely with our OEM partners, their security protocols, and with all the security protections their vehicles provide. Additionally, we proactively monitor, test, and evaluate potential security threats. Finally, Platform Science has been System and Organization Controls 2 (SOC 2 Type 2) certified for more than four years.
View the wide range of secure telematics technologies Platform Science offers commercial fleets, or contact us today to schedule a demo or learn more about our security measures.