We live in an era of the increasingly connected vehicle. Every component short of a piece of metal seems to come equipped with some sort of sensor, gathering data about everything from pressures to temperatures, fault codes to voltage. Forms can be automatically populated with VINs, vehicle service histories, and more.
It can be a powerful force for those who work in service bays and fleet offices alike. But open doors also introduce new vulnerabilities. A task force discussion during the recent meeting of the American Trucking Associations’ Technology and Maintenance Council (TMC) demonstrated just how broad such threats can be.
Cybersecurity wasn’t really a consideration when the J1939 databus was first established decades ago. And the transportation sector has become a favored target for ransomware attacks around North America, where business systems are held hostage until some form of payment is made. Those who spec’ and update vehicles can serve as a first line of defence by ensuring that security protocols are part of the discussion when choosing any new system or component.
Admittedly, this can be a challenge. The new threats are exploiting systems that haven’t been an established part of the spec’ing process for very long. This goes beyond choosing the right horsepower and torque to move a load, or choosing a tread design that can combat irregular wear.
The good news is that help continues to emerge. The Society of Automotive Engineers (SAE) and TMC are developing new standards to ensure a level of protection for future systems. Through its oft-quoted Recommended Practices, TMC is in the midst of developing guidance for insurance considerations and what to do if an attack occurs. The ATA’s Fleet CyWatch even offers a service that allows fleets to share information about attacks, to warn others. The National Motor Freight Traffic Association has developed a Ransomware Playbook, which can be used to develop plans on what to do when a vulnerability is exploited. It has also reported extensively on the types of threats that exist in the world of trucking. (See www.nmfta. org/pages/HVCS for details.) Further research is underway at Carnegie Mellon University.
The more you know about the threats, the better equipped you are to ask vendors about the steps they take to ensure systems are safe, and steps that can be taken to ensure underlying data remains secure.
Such steps will become more important over time, especially with the onset of advanced driver assistance systems (ADAS) and semi-autonomous vehicles. Hackers who take control of GPS receivers, for example, can fool systems that rely on the related data for geofencing, navigation, positioning, tracking, fleet management, and tax collection. Thieves could use such information to lead drivers into a trap, or convince a semi-autonomous vehicle to apply the brakes by telling the truck it’s further up the road than it actually is. During the recent TMC task force meeting, one security software vendor showed a video of a Tesla being duped in this exact way.
In some respects, this has all become easier to do. Spoofing equipment that cost hundreds of thousands of dollars just three or four years ago has been replaced by Software Defined Radios that can be bought for less than $100 and outfitted with downloaded spoofing software. Depending on the antenna, it can interfere with signals from miles away.
Yes, security systems are being developed. Trusted vendors are not blind to the risks. But informed purchasing and maintenance teams can play their part, and help to ensure that new vulnerabilities are addressed. When the threats are known and accounted for, everyone can feel more safe and secure.