With every year that goes by in the trucking industry, we at the National Motor Freight Traffic Association (NMFTA) find ourselves tackling even greater challenges in the area of cybersecurity. The progress we have made is a testament to our commitment to the issue, the resolve of our members, and growing insight we’ve gained on how to stay 10 steps ahead of the bad guys.
The trucking industry is too important for us to do anything less, which is why we are going to follow some critical 2023 achievements with an even more ambitious agenda in 2024.
This is all very exciting for me, as I just joined NMFTA full-time as its chief operating officer. Having come to the organization from a company that develops fleet intelligence software, I’ve served freight carriers for more than a decade in that role. It’s a thrill for me to now serve them in this new role.
But one thing stays the same for me: The digital well-being of carriers is top priority. And I joined an organization that moved the ball significantly in 2023.
Through its Digital Solutions Conference on Cybersecurity, its ongoing webinars, and information distributed in the form of blogs, white papers, and so forth, NMFTA imparted tremendous cybersecurity knowledge onto carriers in 2023. We brought insight from federal law enforcement and offered real-life case studies from companies that have experienced attacks. We helped to establish and share information on best practices. We helped trucking companies to go through critical exercises to test their readiness.
We did a lot. But we have a lot more to do. Ransomware attacks are on the rise. Cloud security is growing as a concern in the industry. The cost of cybercrime is $8 trillion in 2023 and is expected to grow to $10.5 trillion by 2025, according to Forbes.
Attackers are accessing organizations in both high-tech and low-tech ways. The latter includes the use of stolen credentials or simply tricking people into opening phishing e-mails and clicking links that open the door for attackers.
And it’s not just enterprise security. At the asset level, we know that attackers are using the vulnerabilities of diagnostic systems – some of which were designed in the 1980s when no one was thinking about cyberthreats.
With all this in mind, we’ve identified several key areas in which we must make progress in 2024. They include:
Achieving widespread use of best practices throughout the industry. While the focus of NMFTA has always been on LTL carriers, we are not limiting these cybersecurity priorities to that group in 2024. The trucking industry at large is too critical. We will be working with big and small carriers – truckload and LTL alike – to ensure the industry shares information from exercises like penetration testing and white-hat attacks to guarantee we all know our vulnerabilities.
Trucking companies will understandably insist on protecting all kinds of competitive secrets. But they should be willing to share information like this. It’s in the interest of the entire industry.
Establishing a Customer Advisory Board. This body will serve as a conduit to share information about specific situations without compromising the anonymity of those involved. Let’s say Carrier X experiences a breach. Carrier X knows its experience can help educate the industry, but it doesn’t want to reveal it was the target. No problem. Through the Customer Advisory Board, NMFTA will share the information while leaving Carrier X’s name out of the equation.
Prioritizing partnerships with OEMs. This will have a direct impact on asset security, as we need to ensure that 1980s-vintage technology is replaced by new technology that anticipates the threat of cyberattackers – and comes equipped with strong security systems to keep them out.
NMFTA can help a great deal there by conducting research and studies that will tell the OEMs what the industry needs. We will also continue to work through third parties like the Technology & Maintenance Council (TMC) to ensure we can give the OEMs a complete picture.
Finalizing best practices for cloud-based and API security issues. Just about everyone in the industry now runs APIs, so they should be looking to us for guidance on how to continue doing so safely.
Finalizing best practices for work with third parties. If a trucking company does everything right to secure its enterprise and its assets – only to bring in a third-party vendor that has gaping holes in its security – the carrier could face major problems. We are working on protocols carriers can use to more effectively screen third parties for potential security issues.
Helping the industry to master business continuity planning. We want to believe otherwise, but in reality, someone somewhere is going to be breached. Carriers need plans in place to ensure they can get back up as quickly as possible and can maintain operations in the meantime.
Before long, we will also have to be dealing with issues like autonomous vehicle security. This is a ways away but it is not too soon to start strategizing.
As recently as this past fall, we saw several major players targeted and breached. The companies responded well, but the industry has to keep learning and preparing so we can minimize the number of breaches in the coming year and respond effectively to the ones that slip through.
The bad guys aren’t going to stop learning or preparing. We must stay 10 steps ahead of them, which is why our agenda for 2024 is so ambitious. It’s the only way we can beat back this threat and protect the trucking industry.