Tailored Solutions for Mid-Sized Fleets

Part two of this initiative, titled “Cybersecurity Best Practices Guidebook – Mid-Sized Fleet”, is a key component of the NMFTA’s broader Roadmap to Resilience program. This guide is designed to help mid-sized fleets enhance their defenses against cyber threats, an increasingly pressing issue for the trucking industry.

“The transportation industry is a prime target for cyberattacks, and mid-sized fleets often struggle to implement robust cybersecurity measures due to resource constraints,” said Ben Wilkens, cybersecurity principal engineer for NMFTA. “As a current CDL holder and former professional truck driver, I know how essential this resource is to the industry. The guidebook offers a clear roadmap for these fleets to enhance their security posture and safeguard their operations.”

Why Cybersecurity Matters in Trucking

The trucking sector remains a prime target for cyberattacks, with mid-sized fleets finding it particularly challenging to implement effective security measures. NMFTA has developed this guide to provide fleet managers and staff with practical strategies that help lower their risk while protecting daily operations from disruptions.

Key Topics Covered

The guidebook includes essential insights such as:

• Recognizing and mitigating common cyber threats.

• Establishing and enforcing key cybersecurity policies and protocols.

• Boosting email, password, and network security.

• Creating incident response and recovery strategies.

• Utilizing industry tools for long-term cybersecurity improvements.

Learn More & Access Resources

Mid-sized fleet operators can download this latest guide from NMFTA to take proactive steps toward improving their cybersecurity defense.

Missed the first installment? You can still access the Cybersecurity Best Practices Guidebook – Owner Operator and Small Fleet to learn how owner-operators and smaller fleets can tackle their own unique cybersecurity challenges.

For more free tools, webinars, and research on fleet cybersecurity, head to NMFTA’s cybersecurity resource hub.

Stay one step ahead of cyber threats with these comprehensive resources from NMFTA, and ensure your fleet remains secure.

Source: The Trucker

Image Source: NMFTA

The post NMFTA Reveals Second Cybersecurity Guide for Fleets appeared first on Truck Drivers USA.

Cyberattacks targeting the trucking industry have become increasingly prevalent, with hackers exploiting vulnerabilities in electronic logging devices (ELDs) to gain unauthorized access, manipulate data, and disrupt operations. A recent study by researchers at Colorado State University sheds light on the potential risks posed by compromised ELDs.

The study highlights three critical vulnerabilities in commonly used ELDs. Firstly, these devices can be wirelessly controlled, allowing hackers to take control of vehicle systems remotely. Secondly, malicious firmware can be uploaded, enabling attackers to manipulate data and vehicle operations. Finally, there is the potential for a self-propagating truck-to-truck worm to spread through interconnected ELDs, leading to widespread disruptions in commercial fleets.

“The challenges highlighted in our paper are substantial, and we have identified several critical vulnerabilities in a particular ELD model that represents a significant share of the existing market,” said Jake Jepson, systems engineering graduate student and a primary author of the paper. “The manufacturer is working on a firmware update now, but we suspect these issues may be common and potentially not limited to a single device or instance.”

To demonstrate the severity of these vulnerabilities, the research team conducted tests on a 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. The results underscored the ease with which multiple devices could be hacked through a single compromised ELD, posing significant safety and operational risks to fleets.

“A bad actor who gains access to a wirelessly enabled ELD may be able to quickly spread the malware to other ELDs in its network,” said Stephen Ritzler, transportation and logistics sales manager at CoverWallet. “The viral spread of the malware could give large-scale access to a cybercriminal. They could uncover a lot of sensitive information about the routes and transfer points of high-value loads they may have intentions to commandeer. …They could also interfere with the data related to safe operations of the vehicles,” he added. “This could involve modifying logbook data to incorrectly display hours of use that are beyond the daily limit, which may put the operator of a compromised vehicle at risk for a DOT sanction.”

The implications of such cyberattacks are far-reaching for trucking companies. Apart from potential accidents resulting in increased insurance costs, ELDs are also used to inform safety and insurability assessments by insurers. Therefore, ensuring the security of these devices is paramount.

To address these vulnerabilities, the researchers propose several measures to enhance ELD security. These include disabling unused interfaces, implementing high-entropy default passwords, using secure firmware signing mechanisms, eliminating unnecessary API features, and implementing telematics device firewalls. These recommendations are deemed practical, user-friendly, and cost-effective.

“To address the vulnerabilities identified in our research and effectively prevent truck-to-truck worm attacks in electronic logging devices, a multifaceted approach is required,” the researchers wrote. “This approach encompasses the enhancement of default security settings, implementation of robust firmware integrity and authenticity checks and the elimination of unnecessary and high-risk features.”

Jeremy Daily, the lead researcher, emphasizes the significance of these findings not only for the trucking industry but also for broader infrastructure vulnerabilities as different assets become increasingly interconnected. By addressing these vulnerabilities proactively, trucking companies can mitigate the risks posed by cyberattacks and ensure the safety and security of their operations.

“Our group will continue to develop adaptable security measures, assessments and models that can easily be integrated into existing operations,” Daily said. “These security design patterns can also be utilized over the truck’s lifecycle, from conceptual design to system retirement.”

Source: Commercial Carrier Journal

The post The Findings of Recent ELD Cybersecurity Research appeared first on Truck Drivers USA.