The Heightened Cybersecurity Risks of Electrifying Trucking

cyber security symbol

Trucking companies looking to modernize their fleets by electrifying must be aware of the increased cybersecurity risks they may face, warns the FBI. To minimize the potential chaos caused by cyberattacks, the federal agency is offering assistance to companies in the transportation industry.

During the American Trucking Associations’ Technology & Maintenance Council’s 2023 Summer Conference & Fleet/Utility Forum, FBI Supervisory Special Agent David Smith emphasized the enhanced attack surfaces that electric vehicles present to cyber criminals. Smith, who oversees transportation programs within the FBI’s cyber division, highlighted that the transport sector is vulnerable to a wide range of potential threats, including hacktivists, criminals, insiders, spies, terrorists, and even hostile countries engaged in warfare.

As trucking companies embrace the benefits of electrification, it is crucial for them to prioritize cybersecurity measures. By staying vigilant and working closely with organizations like the FBI, companies can protect their fleets and ensure the smooth operation of their businesses.

Panelist Mark Zachos, chairman of the TMC Cyber Security Task Force, warns of increasing vulnerabilities and back doors. As a cybersecurity and vehicle communications expert, he emphasizes that the evolution of technology also brings new and evolving hacks.

Scott Aaronson, senior VP of Security and Preparedness at Edison Electric Institute (EEI), emphasized the need for cybersecurity vigilance on three fronts: software, hardware, and people.

EEI, which represents power providers, plays a vital role in the electrification of the trucking industry.

Enforced with strict penalties, the power industry has implemented standards for both outages and cybersecurity. Collaboration and preparedness are crucial in combating cyberattacks, according to Aaronson.

While standards provide a good foundation, Aaronson notes that they can be insufficient. Cybercriminals will always find a way to surpass them, much like a 12-foot ladder scaling a 10-foot fence.

The lack of regulations in the U.S. automotive industry leaves products unchecked and standards unmet, according to Zachos. Unlike the European automotive industry, there is no certification by the International Organization for Standardization. While enforcing regulations may not be a priority, the need for it is evident.

Smith noted that enforcement and protection roles are taken very seriously by the FBI, but “we don’t know everything, no matter what it looks like on TV,” he said. He went on to encourage the audience not to go it alone when faced with a cyber-attack.

“We cannot tell you … whether to pay out or not, we just suggest you call us in,” Smith said, adding: “We’ve got to know about it to do something about it.”

A new cybersecurity threat to be on the lookout for is the use of artificial intelligence to develop polymorphic hacks with ransomware. According to cyber defense specialist Mimecast, this type of malicious code can change its shape and signature by using encryption keys. The consequences could be disastrous for trucking companies.

To protect themselves from such attacks, companies should prioritize keeping their IT systems up to date with patches from software providers. Additionally, collaborating with federal agencies early on can help prevent ransomware attacks. Acting proactively is crucial as ransomware payments by U.S. victims surged by 10 times in 2022 compared to 2021.

The U.S. government recognizes the severity of the situation and is actively exploring ways to penalize cybercriminals. It also aims to support critical infrastructure by providing tools to companies in key sectors. One initiative is the FBI’s Chief Information Security Officer (CISO) Academy, which facilitates discussions among private-sector CISOs to address cyber threats.

With cybersecurity threats increasing in sophistication, it is imperative for the trucking industry to stay vigilant and adopt proactive measures to defend against these attacks.

Smith extended an open invitation to the CISO Academy for TMC transportation and utility executives. Their focus is to protect their companies from cybersecurity threats. The executives are also eager to learn about improving productivity in fleet electrification.

Notably, TMC’s Cyber Security Task Force is working on developing recommended practices. As the nation moves towards electrification, it’s crucial for the trucking industry to acknowledge that they are not the only players in this field. TMC Technical Director, Jack Legler, emphasized this during a conference on June 20.

It’s evident that the industry is evolving, and staying ahead of the game is more important than ever.

 

Source: Transport Topics