In 2019, more than 3.5 million people worked as truck drivers, driving massive tractor-trailers or delivery trucks, according to the US census. Trucking is an essential aspect of the country’s crucial infrastructure since it transports more than 70% of all freight. Unfortunately, cybercriminals have taken note. Trucking firms such as B-H Transfer, J&M Tank Lines, Roadrunner, Total Quality Logistics, and Tom Berkowitz Trucking Inc. have been targeted by malware or ransomware assaults in recent years, as reported by many news sites.
The United States Department of Transportation (USDOT) introduced the electronic logging device (ELD) rule in December 2019, making every truck in the country a linked truck. These devices may track various car telemetry, such as position information, engine hours, vehicle miles, and vehicle diagnostics, using the vehicle’s ECM data. Cyber thieves who can steal data such as PII, location intelligence, sensitive cargo information, and other sensitive business information while assaulting a nation’s critical infrastructure are also interested.
Why was the ELD notification issued?
The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) on electronic logging device security on July 21. (ELDs). The document, titled “Electronic Logging Device Cybersecurity and Best Practices,” contains essential information on ELDs and cyber risk, as well as risk management guidance.
The FBI notice’s goal is to raise awareness among organizations about the importance of ELD cybersecurity and the risk of cybercriminal activity. Although there are no formal cybersecurity standards for ELD makers or suppliers, the FBI advises organizations to contact their vendors for security information.
How can fleets reduce their cyber-threats?
According to the FBI, businesses should adopt ELD best practices to reduce security risk. They also advise firms to discuss cybersecurity with their ELD provider. The FBI alert includes a list of questions to ask.
Questions to ask your ELD provider include the following:
- Is there a requirement for communication between the engine and the ELD?
- Was the gadget developed by current technical standards or best practices?
- Is the component [ELD device] secure communication confidentiality and integrity?
- Has the component [ELD device] been subjected to penetration testing?
- Is there a secure boot option on the device?
- Is debug mode turned off by default on the device?
- What comprehensive security measures does the provider have in place, from manufacture through hardware and software, data transport, and storage?
- What happens if a security breach occurs?
Taking an “active approach to vetting ELD choices,” according to the FBI, is an intelligent strategy. Taking the time to closely examine an ELD before implementation can help reduce risk while also ensuring quality to avoid costly downtime due to performance concerns.
Before self-certification, the ELD mandate in the United States does not require third-party validation or testing. This emphasizes the importance of fleets conducting thorough ELD research.
How to ensure ELD cybersecurity?
Following the hacking of multiple transportation and logistics companies in recent years, several federal authorities, including the FBI and the USDOT, issued cyber security best practices for ELD systems in 2020. While the FBI recommendations were intended to raise awareness about the importance of ELD cyber security, the FMCSA best practices focus on providing extensive technical considerations for trucking companies when purchasing new devices, emphasizing risk and vulnerability management for the software supply chain.
For help rating cybersecurity considerations, fleets can turn to the National Motor Freight Traffic Association’s (NMFTA) cybersecurity recommendations for telematics systems. Or you can partner with an ELD or TMS solutions provider such as TMS-Digital, who would care for the safety and compliances.
How can TMS-Digital help secure your data?
TMS-Digital with Protected Harbor takes a proactive approach to information security. TMS-Digital has created a robust and comprehensive cybersecurity approach as a global leader in linked vehicles and IoT. We collaborate with the transportation industry to develop security technology and procedures while raising awareness of recommended practices.
While TMS Digital does not endorse or recommend any particular ELD in terms of security, we can ensure that the data we import from your ELD is stored on secure, malware-free, virus-free, and ransomware-free servers. We take cyber-security very seriously when it comes to your data, whether used to calculate IFTA taxes using our IFTA Manager application or to locate trucks with our TMS Dispatch program. You’ll never have to be concerned about the security of your information saved on our secure servers.
Cybersecurity is a critical factor in any technology or equipment for your organization, including ELDs. The FBI’s notice on electronic logging serves as a reminder that fleets and solution providers must always keep security in mind in addition to safety, productivity, and efficiency.
ELD Cybersecurity is the newest and most advanced way to protect your data. However, it is still new and vulnerable to attack. That’s why we work with the transportation industry to develop a customized plan to suit their needs. If you’re looking for a reliable partner to help keep your trucks safe, contact us today.