The days of fleets comprised of disconnected, self-contained trucks have long passed. Semis in 2024 are sprawling, connected computer and IoT devices on 18 wheels.
For almost a decade, Electronic Logging Devices (ELDs) have been mandatory mainstays in cabs. While the ELD mandate is relatively recent, it isn't as if ELDs were invented 10 years ago; the first ones began appearing on the scene in the early 1980s. And cybersecurity experts say that legacy equals vulnerability.
Michael Hasse, an independent cybersecurity consultant who works in the trucking industry, said most of the ELDs on the road today were designed decades ago.
"That makes retrofitting security into an embedded system like that, when it was never planned for previously, cost-prohibitive for various reasons," Hasse said, adding that implementing security often requires a complete reimplementation and reimagining of the entire product. And usually, manufacturers are slow to react until there's an actual incident. However, the cheapest, most effective way to stop a cybersecurity problem is to prevent it in the first place.
"These security flaws are quite serious, but until somebody starts exploiting them and crashing trucks or hijacking loads, the industry isn't likely to respond in any meaningful fashion, and it may take a government edict to force the issue," Hasse said.
Hasse finds parallels in trucking to what has happened in upscale automobiles like Tesla, where criminals found connectivity vulnerabilities and caused real damage before the issues were fixed.
"Although, even in the case of cars, there's been considerable disparity between manufacturers," Hasse said.
