Cybersecurity risks aren’t limited to enterprise environments, heavy-duty trucks, too, are increasingly vulnerable due to the prevalent deployment of different systems being connected to the truck, including telematics and video-based safety. As I walked through the Manifest conference in Las Vegas in early February, it was apparent that both the connectivity and the data to and from the trucks and trailers will significantly increase over the next few years.
These connected systems, which are widely used in commercial trucking, collect and transmit various types of data wirelessly—including GPS location, engine diagnostics, engine hours, and data from numerous other sensors. While these systems enhance fleet safety, efficiency, and compliance, in many cases they also introduce security concerns. The ability to collect vast amounts of sensitive data, combined with wireless connectivity to truck systems that were not originally designed for internet connectivity, makes these systems a potential target.
As with any information system, it is the owner/operator of these systems who bears the responsibility for managing their security. This includes security of the information being collected, managed, and stored, but also the security of the assets being monitored. While fleets can take steps to protect themselves and their on-board systems—such as ensuring proper configurations are applied—many security aspects remain opaque or unconfigurable to end users. Security capabilities and limitations these systems are largely dependent on the vendor, which means that fleet operators must leverage their purchasing power to select vendors that prioritize cybersecurity and underscores the critical importance of the procurement phase for these systems. In today’s market, the main vendors in this space are telematics vendors.
Recognizing this, the National Motor Freight Traffic Association (NMFTA) has helped develop a valuable resource called the Telematics Security Requirements Matrix (TSRM) in collaboration with motor freight carriers, Telematics Service Providers (TSPs), and cybersecurity experts. The TSRM provides a comprehensive list of cybersecurity requirements that should be met by all components of these telematics systems and includes validation steps for commercial fleets or government agencies to follow when selecting and deploying telematics solutions. The TSRM is designed to equip stakeholders with the knowledge to understand and mitigate cybersecurity risks associated with telematics, fleet management information systems (FMIS), and electronic logging devices (ELDs).
Additionally, the TSRM is also available in a supplier questionnaire format, covering key areas such as vehicle connections, communication protocols, mobile applications, and cloud infrastructure security.
In short, the TSRM is a critical tool and should be used by fleets to evaluate telematics systems in order to strengthen their cybersecurity posture and safeguard their operations. NMFTA continues to enhance this vital resource, ensuring it remains a robust and up-to-date security framework for the industry. We invite all Telematic Vendors offering ELDs to reach out to NMFTA and join us in this important initiative by working on further updates to this valuable resource.
The TSRM is just one of many resources that NMFTA has released to increase the cybersecurity resilience of the trucking and logistics industry, including the NMFTA Cybersecurity Best Practices Guidebooks and the Owner Operator Core Controls document.
Make plans today to join us for the trucking industry’s only cybersecurity conference: NMFTA Cybersecurity Conference, set October 26-28 in Austin.
Access our free resources and learn more about the cybersecurity conference by visiting: www.nmfta.org/cybersecurity.
