On July 15, the National Motor Freight Traffic Association, Inc. (NMFTA)™ officially launched ClassIT+, a cloud-native reinvention of our freight classification platform. End users now enjoy intuitive search, near real time NMFC lookup, and collaborative tools like the Company Common where teams can share favorites, search history and more across their organization.
The release of this groundbreaking new tool coincides with the historic changes to the classification system as a whole in Docket 2025-1, which was released on July 19. These two changes together mark the most significant updates to the National Motor Freight Classification (NMFC®) system in its nearly 90-year history. I could not be prouder of the team here at NMFTA for their dedication and the sustained efforts that brought these changes to fruition. To learn more about the changes introduced in Docket 2025-1 and to access educational resources, visit www.nmfcchanges.com.
NMFTA Research Selected for DEFCON 33
NMFTA is also proud to announce this month that Ben Gardiner, NMFTA’s Senior Cybersecurity Research Engineer, has been selected to give two presentations on his research into blind wireless seed key exchange vulnerabilities at DEFCON 33 in Las Vegas (August 7-10). Ben will present both on the main stage and additionally, he will present a deep-dive technical talk in the Car Hacking Village. Titled “Blind Trailer Shouting” Ben will present his research that demonstrates how an attacker using only affordable Software Defined Radio (SDR) tools can inject diagnostics commands wirelessly over trailer powerlines without authentication. Relying only on timing manipulation and predictable seed keys Ben will demonstrate how it is possible to provoke trailer brake controllers to act on commands like chuffing even when the ECU’s responses are unobserved.
New Research Project
Anne Zachos, NMFTA Cybersecurity Research Engineer, initiated another research project focused on physical asset vulnerabilities this month. Anne will be working with several other researchers to identify shared device code across different brands of telematics devices. They will also be taking a deep dive into the country of origin of the components used in these devices due to the security concerns surrounding many Chinese electronics manufacturers. This project will allow for the identification of vulnerabilities that may be present in multiple device brands due to the practice or white labeling within the manufacturing industry where source code is re-used across many devices. Vulnerabilities of this type could represent systemic risk across fleets. Findings from this research will be shared with the industry in the coming months.
Webinar Recap
In July’s NMFTA Cybersecurity webinar, I moderated a panel discussion with Artie Crawford, NMFTA’s Director of Cybersecurity, and Ben Wilkens, NMFTA Principal Cybersecurity Engineer, where we took a deeper look at the recently released Cargo Theft Reduction Framework. We explored the initial impetus for this project, as well untangling many of the complex and interdependent relationships in both the threat actor space and the prevention and response ecosystem. As always, this discussion is available on demand at nmfta.org/cybersecurity for those who may not have been able to attend the live webcast.
Looking Ahead
Stay tuned next month for continued updates on our ongoing research projects, as well as the release of research that NMFTA has been working on related to the strategic supply chain and cybersecurity risks posed by hardware manufactured in China. Many of us have seen the news about Salt Typhoon, Volt Typhon, and other Chinese state-backed Advanced Persistent Threat (APT) actors but these entities only represent one facet of the coordinated efforts that the PRC has undertaken to infiltrate and exploit technology and critical infrastructure in the United States and many other nations. The team will be releasing their research into this topic on nmfta.org/cybersecurity as well as hosting an informative webinar on the topic on August 14.
Registration for the NMFTA Cybersecurity Conference in Austin, TX on October 26-28 is filling up fast, so be sure to secure your seat.