{"id":8288,"date":"2020-11-02T14:43:08","date_gmt":"2020-11-02T13:43:08","guid":{"rendered":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/?p=8288"},"modified":"2020-11-02T14:43:08","modified_gmt":"2020-11-02T13:43:08","slug":"truckload-data","status":"publish","type":"post","link":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/2020\/11\/02\/truckload-data\/","title":{"rendered":"Researchers target truckload data security threats"},"content":{"rendered":"

Hacking and forensics tools are helping researchers determine the schematics of how heavy trucks are constructed so they can pinpoint cybersecurity vulnerabilities in commercial vehicles.<\/span><\/p>\n

\n

Cybersecurity vulnerabilities, which can be exploited remotely and in large numbers, are an existing threat in heavy-duty commercial vehicles, according to a National Motor Freight Traffic Association (NMFTA) white paper on heavy vehicle cybersecurity<\/a>. And given the potential for large-scale exploitation of heavy vehicle cyber vulnerabilities, the consequences for trucking companies could be catastrophic.<\/span><\/p>\n

Jeremy Daily, an associate professor of systems engineering at Colorado State University (CSU), has been working with student researchers at the university via a program called the Student CyberTruck Experience<\/a>, which originated through takeaways from an NMFTA meeting on heavy vehicle cybersecurity. The goal of CSU\u2019s program is to fill a talent pipeline and create a next-generation workforce that could work on trucks and cybersecurity at the same time, explained Daily.<\/span><\/p>\n

Daily spoke on truckload data security threats during a General Session of the Truckload Carriers Association (TCA) Safety and Security Conference. The 39th annual conference, held June 23-25, was offered virtually due to the COVID-19 pandemic.<\/span><\/p>\n

One of the key features of the CSU program is that students work on real projects and develop ideas and strategies on how to secure heavy vehicle communications systems.\u00a0<\/span><\/p>\n

\u201cThe reason I think this is so important is because there is really not a discipline that does this yet,\u201d Daily explained. \u201cIt\u2019s a new merger of traditional electrical and mechanical engineering as well as computer science and cybersecurity. Very few areas have that overlap, so this is one of those unique positions to work on heavy vehicle cybersecurity.\u201d<\/span><\/p>\n

\u201cI think this is successful because our graduates have actually gotten jobs at places like Allison Transmission, Volvo Trucks, and Blackberry, and they seem to be doing quite well in the marketplace,\u201d he added.<\/span><\/p>\n

Through the program, student researchers use hacking and forensics tools and create heavy vehicle testbeds, where they parse through a pile of truck wires and learn the schematics of how trucks are put together. These testbeds help students discover that there are different security issues associated with commercial vehicles. For instance, researchers tested a truck\u2019s brake system to see whether it could be hacked and then authorized to perform certain tasks. Researchers analyzed responses from the truck\u2019s electronic control unit (ECU) versus a rogue node that they had introduced.<\/span><\/p>\n

Another test was done on a telematics system, where a student researcher was able to reveal the WiFi password from the telematics software. \u201cIt was subsequently determined that the WiFi password was out-rhythmically-generated based off of somethings that were easily discovered, which means there was no real WiFi password,\u201d Daily said. \u201cThis speaks to the issue of confidentiality and that you should not store passwords in plain text.\u201d<\/span><\/p>\n

Daily pointed out that there are a lot of opportunities to improve the cybersecurity of heavy vehicles and prevent cyber-attacks. Based on his experience over the years, Daily shared some of the following observations.<\/span><\/p>\n

\u201cNever roll your own cryptography, that\u2019s the mathematics behind encryption. If anyone says they have a proprietary solution, I would be very suspicious of that,” he emphasized.<\/span><\/p>\n

Daily also noted there are hackers who can go into a truck\u2019s ECU and find vulnerabilities. He pointed to a challenge with air gap systems being penetrated by the internet and wireless connections. An air gap, air wall or air gapping is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public internet or an unsecured local area network.<\/span><\/p>\n

\u201cI\u2019ve also noticed that the government might be prompting us to introduce these cybersecurity vulnerabilities through things like the ELD mandate, unwittingly of course,\u201d Daily noted.<\/span><\/p>\n

\u201cCybersecurity is full of asymmetries, which means that the attacker has the advantage, and they only need to find one victory, whereas we have to defend against everything,\u201d he added.<\/span><\/p>\n

Daily said another challenge is that cybersecurity is a hard sell because of the cost associated with implementation. He also has seen companies utilize what is called checkbox security, a strategy that focuses solely on compliance where companies check items off a list before they deem their systems secure.<\/span><\/p>\n

\u201cThat\u2019s usually insufficient because cybersecurity is evolving, and the attackers usually get smarter, so that means our defense has to get better as well,\u201d he said. \u201cVehicles and transportation have relied on obscurity in the past where there are secret implementations, which are discovered with the right skill set, like reverse engineering. Then, they can be exploited because they weren\u2019t actually secure to start with.\u201d<\/span><\/p>\n

Daily added that once a system or hardware is an adversary\u2019s possession, it can be hacked at any point.<\/span><\/p>\n

\u201cThe challenge is to make it economically infeasible, so the result of the hack doesn\u2019t provide any benefit or that it takes a long time and they don\u2019t scale,\u201d Daily explained. \u201cThose are some good strategies to keep up with it.\u201d<\/span><\/p>\n<\/div>\n

 <\/p>\n

By Cristina Commendatore<\/a><\/span><\/p>\n

Source: https:\/\/www.fleetowner.com<\/a><\/span><\/p>\n

CUT COTS OF THE FLEET WITH OUR AUDIT PROGRAM<\/strong><\/a><\/h3>\n

\"\"<\/a><\/p>\n

The audit is a key tool to know the overall status and provide the analysis, the assessment, the advice, the suggestions and the actions to take in order to cut costs and increase the efficiency and efficacy of the fleet. We propose the following fleet management audit.<\/p>\n

FLEET MANAGEMENT AUDIT<\/strong><\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"

Hacking and forensics tools are helping researchers determine the schematics of how heavy trucks are constructed so they can pinpoint cybersecurity vulnerabilities in commercial vehicles. Cybersecurity vulnerabilities, which can be exploited remotely and in large numbers, are an existing threat in heavy-duty commercial vehicles, according to a National Motor Freight Traffic Association (NMFTA) white paper…<\/p>\n","protected":false},"author":3,"featured_media":8289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[18],"tags":[361],"_links":{"self":[{"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/posts\/8288"}],"collection":[{"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/comments?post=8288"}],"version-history":[{"count":1,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/posts\/8288\/revisions"}],"predecessor-version":[{"id":8290,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/posts\/8288\/revisions\/8290"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/media\/8289"}],"wp:attachment":[{"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/media?parent=8288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/categories?post=8288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/wp-json\/wp\/v2\/tags?post=8288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}