Truck drivers are the most vulnerable element in the freight supply chain because they interact daily with IT systems that use connected mobile devices and vehicles, experts warn. Electronic logging devices (ELDs) are specifically a concern, as ELDs can be an entry point for cybercriminals to access a vehicle’s controller area network (CAN) and IT systems.
Researchers stress that there is a need for more cybersecurity, especially when it comes to the human element of transportation. In a study conducted by PeopleNet, “Connected Truck Security: Slamming the Door on Hackers”, considerable concerns were raised about cybersecurity and the more-than three million ELDs deployed in the federal mandate requiring truck drivers to use ELDs.
Consider the case involving a transportation company that lost $340,000 in a single transaction. The crime was started by a hacker that infiltrated the home laptop of an employee. The cybercriminal gained access to the employee’s transactions and correspondence with other workers and was able to misdirect funds. Cybercriminals today are very adept at breaking into automatic bank drafting systems and accessing intellectual property.
Motor carriers should restrict their connected devices, such as tablets, to trusted websites. Cybercriminals can use links in websites to introduce malware to devices. Malware is a code that is downloaded on devices that can read emails, capture passwords and gain other sensitive data.
Experts caution against opening attachments such as Word or PDF files from unknown email senders as these files may contain malware. Stay away from free products, such as a free ELD, which could contain malware that can access your data.
Drivers that access Wi-Fi hotspots through mobile devices and in-cab telematics platforms are vulnerable as well; cybercriminals use hotspots to find and exploit data on connected devices. Once connected to the CAN bus, hackers can control the engine and even disable the brakes.
Even more frightening is the possibility that once a single truck has been compromised, a cybercriminal can use an over-the-air update process to hack into all trucks on the same mobile platform. It is conceivable that a vehicle could be hijacked by accessing its CAN bus remotely, although there is no record of this ever happening in real life.
If a fleet does become a victim of cybercrime, it is unlikely that the FBI will retrieve any lost money, especially if the money has been transferred to an overseas account, as their focus is on tracking down criminals, not tracking down lost funds.
Cline Wood recognizes that protection from cybercrime is a significant component of any business. We are a committed partner in managing the risk cybercrime poses to your business. To learn more about what we can do for you, click here.
This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting or legal matters are based solely on our experience as consultants and are not to be relied upon as actuarial, accounting, tax or legal advice, for which you should consult your own professional advisors. Any modeling analytics or projections are subject to inherent uncertainty and the analysis could be materially affective if any underlying assumptions, conditions, information or factors are inaccurate or incomplete or should change.fleet hacking, trucking cyber crime, trucking cyber liability