Cyberattacks Called a Growing Threat to Trucking Industry
RALEIGH, N.C. — The threat of cyberattacks to the trucking and logistics industries is real, the number of attacks are growing and each attack has the potential to cripple a company, according to a panel of experts June 6 at the Fleet Data Management and Cybersecurity Conference here.
The panel included representatives from a fleet, a telematics provider, technology and diagnostic firm, a security company and American Trucking Associations.
Small and midsize businesses are especially vulnerable because crooks look at them as low-hanging fruit, said Randy Goggans, co-founder of ThreatAdvice, a 3-year-old firm that markets security software and advises banking, transportation and health care firms on fighting computer-based attacks
“This is an organized crime. It’s sophisticated, it’s real and they are after you,” said Goggans.
The audience listens to the cybersecurity panel. (Robert Braswell/TMC)
A cyberattack will seek entry to a company through its employees, often by targeting a fleet’s back office finance or accounting department. The rise of telematics and the adoption of electronic logging devices has made trucks more vulnerable because the technology connects them to the wider world.
The most common attack methods are through phishing via email, smishing via text messages and vishing by using phones, said Goggans.
A criminal may seek the truck to steal its freight, to shut it down or to control it in some way. One fear is that criminals will use a USB device with timer-activated malware installed that gets passed around by drivers, leading to multiple vehicles being shut down simultaneously.
And the increased use of third-party firms means the more sophisticated bad guys will attempt to go through these firms to get into their target company’s system, said Goggans.
Criminals that conduct a cyberattack look to gain the power to shut down a company’s systems. Once they have that level of control they will demand ransom from the firm to unlock its operations.
Chris Cooper, president of Boyd Brothers Transportation Co., counts his firm fortunate because it has the resources to repel many attacks. Boyd Brothers is a Daseke Co. firm with 1,090 trucks and $200 million in annual revenue.
“We have a full-time information technology staff to work on this but many flatbed firms don’t have those resources,” said Cooper.
Still, Boyd Brothers receives 107,000 emails on a typical day and about 27% are spam, said Cooper.
In our debut episode of RoadSigns, we ask: What does the move toward autonomy mean for the truck driver? Hear a snippet from Alex Rodrigues, CEO of Embark, above, and get the full program by going to RoadSigns.TTNews.com.
Ryan Brander, manager of product and cybersecurity with the tech firm Geotab, warned attendees about criminals hacking the telematic devices that have become ubiquitous in trucks. Geotab has about 1.1 million ELDs in use today.
Unfortunately, “most telematic devices do not have security features,” said Brander. “There is no encryption, there is no encrypted software in the devices.”
“Attacks will only increase,” said Brander, who believes the ELD mandate will be modified due to this lack of security.
Another threat for trucking is the widespread use of Wi-Fi as the bad guys can intercept these communications, said Brander. “A crook can position themselves at a busy truck stop all day to suck up drivers’ Wi-Fi information,” he said.
But firms can start protecting themselves by sharing information on threats and educating their staff on ways crooks will attempt to access their systems, said Mark Zachos, president of DG Technologies.
In April the American Trucking Associations launched Fleet CyWatch, a reporting tool for fleets to report cybercrimes. It was developed by ATA’s Technology & Maintenance Council and the Transportation Security Council in conjunction with the FBI.
The goal is for Fleet CyWatch to become a central office for cybercrime awareness, education, prevention and mitigation methods, said Ross Froat, director of engineering and IT with ATA.
Fleet CyWatch also seeks to become a kind of liaison office that connects the trucking industry with federal enforcement, organizations like the National Motor Freight Traffic Association, trade groups and third-party firms.
“Security is a process. There’s working on awareness, the sharing of information, and conducting penetration testing to find where a company might be vulnerable,” said Zachos, who commends TMC for taking steps to address the issue.
Zachos is also involved with strengthening security standards, reviewing insurance issues for business interruption and developing guidelines for fleets creating cybersecurity programs.
“There’s a lot of work to do,” said Zachos.
