The recent Intermodal Association of North America (IANA) Intermodal EXPO in Long Beach featured a welcome and necessary focus on cybersecurity. I was honored to represent the National Motor Freight Traffic Association, Inc. (NMFTA) as one of two primary presenters on cybersecurity issues.
It couldn’t have come at a better time, especially considering the impact of cybersecurity issues on ports like the one in Long Beach. And as drayage carriers know all too well, it’s not just their enterprises that could be subject to cyberattacks. It’s their on-road assets – their vehicles – as well.
During last year’s NMFTA Cybersecurity Conference in Houston, we demonstrated how easy it is to hack a tanker trailer, giving commands to a vehicle and causing it to chuff the brakes, all with a simple antenna. I shared this experience with the IANA attendees, walking them through our research findings and the vulnerabilities we've uncovered.
Trucks have become offices on wheels, with multiple connection points. Hackers can target the connections between the tractor and the trailer or even the engine control module (ECM) itself. They can also target sensors, which would have the potential to impact the supply chain and overall safety.
It was good to have the group’s attention, because there are powerful steps they can (and must) take to protect their assets from these attacks and their enterprise. The main ones include:
User awareness training. The first line of defense against attacks like these is always well-informed people, who know what can happen and have been trained for how to be proactive in guarding their vehicles against attacks.
Tabletop exercises. These are highly-valuable gatherings in which companies game out possible attack scenarios and go through what could happen, and how they would respond. We have led several companies through these exercises and they came away well-informed and much more ready.
PenTesting. Nothing tests the vulnerability of a system like actually attacking it. PenTesting involves letting a white-hat attacker (a good-guy hacker who is working for you) attack the system and report where the vulnerabilities are. What you find through PenTesting gives you guidance for how and where to shore up the system.
Data classification and critical asset identification. Recognizing the highest security priorities helps a carrier make the best decisions in allocating security resources. You must start somewhere. This is how you decide where that will be.
In addition to these reactive measures, we have also been working with truck original equipment manufacturers (OEMs) to show them how their vehicles have been vulnerable to attacks. They have been extremely receptive – they don’t want to see their products compromised, after all – and most have been making design modifications to address the vulnerabilities going forward.
This should give us more secure trucks when near-term new models come out. But we still have to deal with what’s happening on the road now, so the steps above remain crucial.
Along those lines, the Transportation Intermediaries Association (TIA) also presented an eye-popping look at the realities of cargo theft in today’s market through a panel. This is another real threat to our assets. Whereas the old days saw thieves stake out trucks and break in under cover of darkness, today’s cargo thieves are also cybercrooks. They’re using cyberattack like methods to redirect trucks and even make changes to bills of lading to put the truck and its cargo where they’re not supposed to be – and where the crooks can get their hands on the goods.
Anyone who is transporting cargo, which is everyone in our industry, needs to understand the nature of these threats as well and how well organized these groups are.
A good place to gain that understanding is at our upcoming NMFTA Cybersecurity Conference in Cleveland. The conference will be held from October 27-29, and brings together the finest minds in the industry to really dig into the issue of cybersecurity in trucking – and how we need to respond and protect ourselves.
