By air, land or sea, cybersecurity has become a basic ingredient for safe and secure operations across all business sectors, including transportation. This is especially true in the age of the Internet of Things – and the trucking industry is no different.
To put things in context, during 2013 alone, U.S. heavy-duty and commercial trucks transported more than $11.5 trillion worth of goods. In 2015, fleet operators brought in a hefty $726.4 billion in gross freight revenues. With such numbers, trucks are breathing life into modern economies. Fueling this economic powerhouse are connectivity technologies specifically designed to improve fleet efficiencies and increase productivity.
However, these technologies also open the door to potential cyberhackers eager to gain control of these “computers on wheels” for criminal and other nefarious motivations.
As connectivity and all its benefits continue to pervade the trucking industry, truck fleets, operators and their customers are becoming increasingly susceptible to cyber attacks. For the trucking industry, these cyber-criminal exploits can stem from a variety of motivations, ranging from creating havoc and disrupting business continuity to gaining profit through ransomware or even data theft.
For truck fleets and operators, ransomware – in which a hacker is able to disable a truck completely, stranding its driver and goods until a ransom is paid – could have far-reaching consequences. Such attack methods could paralyze fleets on tight delivery schedules, strand drivers in remote locations far from basic amenities or security services and expose sensitive commercial details.
In addition, attacks on a truck’s physical systems pose a costly threat to the transportation industry not only in terms of physical equipment and goods, but more importantly, human lives. It’s not far-fetched to imagine cyber terrorists causing a driver to lose control of the safety-critical functions of his 80,000-pound truck as the result of a cyber attack. Such a scenario could potentially have devastating results.
As with most industries in the 21sst century, technological advancements and the introduction of internet connectivity have already made major changes to the trucking industry. Trucks are not just becoming more connected, but also more reliant on this technology to perform essential business functions and remain competitive in a highly demanding marketplace.
Nonetheless, commercial vehicles use wireless communication and continuously transmit and receive data, which make them vulnerable to cyber attacks. This connectivity can potentially provide access for would-be hackers to a truck’s internal communication network. SAE J1939, the recommended best practice for communication and diagnostics among truck components, is ubiquitous in today’s trucks and commercial vehicles. The benefits are easily discernible as all the service stations and technicians speak the same language when it comes to in-vehicle components.
However, just as the benefits are shared, so too are the risks. Communication between in-truck electric modules takes one form, regardless of the make and model of the vehicle. This means that, theoretically at least, hackers could develop one set of attacks that would be instantly applicable to the entire industry.
Further, the wide usage of the J1939 standard may have other drawbacks. Researchers at the University of Michigan released findings earlier this year that demonstrated how vehicles using the standard could actually be attacked more easily than consumer vehicles.
Once an attack has been devised, the main challenge for the malicious actor is finding the way into a truck’s internal network. This could be done by compromising a telematics dongle, a Telematics Gateway Unit (TGU) or any other penetration vector.
Good Defense, Good Offense
There are several defensive measures that can preempt such attacks from undermining industry operations. Ingraining a host of cybersecurity products, services, processes and practices and features is a critical step in ensuring the future development and technological advancements of the trucking industry as a whole.
The first line of business in planning a capable cybersecurity solution to neutralize trucking vulnerabilities is establishing multi-layered lines of defense. This is largely accomplished through securing the vehicles’ communications with the outside world, containing malware installations, detecting operating system anomalies, isolating suspicious applications, and thwarting any attacks attempting to penetrate or that have already penetrated the in-vehicle network.
Preparing for the Future, Today
Trucks are expected to stay in service for over a decade. Today, many of those are connected trucks and will therefore need to be protected from cyber attacks for an extended period of time. As the nature of cyber threats is dynamic and ever-changing, it is important to ensure that cybersecurity countermeasures are also adaptive to handle new threats.
“Future proofing” the automotive industry is a concept in greater play for those seeking an all-encompassing solution to cyber threats against the trucking industry. Not only does it add an extra layer of protection, but it also collects and analyzes data from in-truck cybersecurity solutions to gain critical insights to cyber attacks both in-progress and in-development.
As more and more technology is integrated into trucks, the industry exposes itself to an escalating risk of cyber-criminal exploits. Technology has introduced previously unheard-of complexity into the trucking industry, and therefore technology must provide the solution to the problems now facing the multi-trillion-dollar trucking industry.