Jason Cannon:
CCJ10-44 is provided by Chevron Delo Heavy Duty Diesel Engine Oil. Now you have even more reasons to choose Delo.
Matt Cole:
How safe is in-car technology from cyber threats? Not so much, according to new research
Jason Cannon:
you are watching CCJ's 10-44 is a weekly web source that brings you the latest trucking industry news and updates from our editors. CCJ. Don't forget to subscribe and press the bell to get notified so you don't miss the October 44th installment.
Hey everyone. Welcome back. I'm Jason Cannon, and my co-host is right here, Matt Cole. Cybersecurity in transportation is nothing new. We've seen many trucking fleets fall victim to cyber-attacks through phishing, ransomware, and other means that impact the back office, and as more technology is continually added to trucks, these How secure are my devices?
Matt Cole:
A new study from Colorado State University details the cybersecurity threat vector surrounding electronic logging devices, one of the most used devices in truck cabs. This week we are joined by Stephen Ritzler, transportation and logistics manager at insurance brokers Aon and CoverWallet, to talk about: The threats identified in the CSU document and what they mean for the trucking industry.
Steven Ritzler:
I believe an associate professor and two of his students conducted this research on a variety of devices. What they found is that many devices are now wireless by default. This is purposefully provided by manufacturers for what is called OTA or over-the-air updates, which allows software firmware updates to be distributed in real time to devices installed in a vehicle. The Colorado document addresses this because it is relatively easy for cyber attackers to crack the code and gain entry into devices where the default wireless settings are already enabled. It means that vulnerability introduces some kind of vulnerability. As such, compromised vehicles may be susceptible to falsification of records, such as time-of-service records, and operators of compromised vehicles may be at risk of her DOT sanctions.
Jason Cannon:
If an ELD is hacked, fleets can face a number of problems, from log tampering to cargo theft.
Steven Ritzler:
According to their research, it's a bit vague as to what vehicle systems can be manipulated using ELDs, but it could potentially provide a wide range of access to a vehicle's systems. As far as I understand, there isn't much of a risk from a compromised ELD itself unless you have a self-driving car or an automatic braking system. But the data that a malicious party could potentially collect by accessing her ELD is actually the broader issue, and the ability to manipulate that data. Even if they weren't tampering with the schedules, let's say they're the bad guys, taking a more careful and observational approach. If a vehicle has reached its daily operating hours, you may be able to know somewhat quickly when the vehicle is likely to stop. is currently at risk of being robbed or robbed.
matt cole
ELD vulnerabilities are most often out of the fleet's control. Steven explains how fleets can be proactive with his ELD vendors following word from his Chevron Lubricants, a 1044 sponsor.
Speaker 4:
The last few years have not been easy. We've never had to deal with anything from makeshift home offices and video conferencing to global supply chain uncertainty, price volatility, market disruption, and everything in between. I have faced challenges I never imagined. It has been difficult for all of us to provide the level of service and products that our customers have come to expect. We can't change what's behind us, but we can definitely learn from it. We can adapt, evolve, reset our thinking, adapt our strategy, and take steps to restore our customers' trust in us in order to better meet their needs now and in the future. Masu.
That change starts today. Today, we're breaking with convention and introducing the Delo heavy-duty engine oil rebalancing line. We reduced our product line from four categories to two. This integrated and simplified lineup removes complexity from the manufacturing process and enhances price stability and supply chain reliability, ensuring you get the premium products you need to keep your business moving forward. can do. By thinking outside the box, we've optimized the Delo lineup, allowing us to offer our customers the best synthetic blend and synthetic heavy-duty engine oils on the market at prices they can trust. This ensures your company is well-positioned as a reliable source of proven engine protection that will keep your equipment running and gives your customers even more reason to choose her Delo.
Steven Ritzler:
It is critical to understand what cybersecurity protections your ELD vendor already has in place. Nowadays, people tend to skim and click on things like terms and conditions. This is one area where our customers really need us. You should be careful and aware of what specific situations you have in place and how you intend to respond in the event of a breach event. So I would say that it's actually the vendor's responsibility to protect the data that they're supporting. I urge fleet operators and their ELD owner-operators to be extremely cautious and aware, to investigate and even contact her ELD vendor to determine what is available as a solution in the event of a breach. We recommend that you ask.
Jason Cannon:
Just as the truck owner's auto insurance is important to the finance company, the ELD vendor's cyber liability insurance should be just as important to the fleet, Stephen says.
Steven Ritzler:
Therefore, cyber liability insurance is a great product. It's truly at the cutting edge of innovation in the insurance industry today. When it comes to this particular scenario and risk, I'm more concerned about what type of cyber liability protection the ELD vendor has in place. If you're in the business of financing trucks, make sure you have a certificate of insurance that explains what coverage the person buying the truck has so you know your risks are covered. You will need it. And on a similar note, if you're currently an owner-operator or fleet manager, it's natural to have a healthy curiosity about what type of cyber liability insurance your ELD vendor carries. I think it's about. This actually relates to her two main areas: response and recovery. So, in a nutshell about cyber liability, I'm a trucking expert and it's just a level setting. To put cyber responsibility in a nutshell, my understanding is that the response element is what you intend to do to respond if a breach occurs, and the other element is what you intend to do to prevent or mitigate an active breach. The question is whether you can do it.
Matt Cole:
Beyond ELDs, the more technology added to trucks, Stephen says, the more vulnerable they can become.
Steven Ritzler:
So I think ELD is very interesting, especially for this paper. Apart from this, trucking technology is increasingly utilized in that two-way cameras become part of the network and loads are distributed, now mainly online. Both of these systems are as vulnerable to compromise as any other system. This could cause massive disruption to supply chains in the United States and across North America if systems were tampered with, loads were shifted, or location data, especially service data over several hours, was distorted. A really big vulnerability that I'm seeing today.
Jason Cannon:
This actually doesn't need to be that complicated. Stephen says simple cybersecurity measures can also prevent cyberattacks.
Steven Ritzler:
Some simple best practices in technology have been around for decades, right? Make sure you use a sufficiently sophisticated password, which will be more difficult to breach. The key vulnerability in these devices is here, the default wireless-enabled passcode, so username is username and password is like password. I think it's certainly more sophisticated than that, but once you have access to the device, enter a key into it and look at the network settings to find the fields you can change.
If you can't change the default network settings, it may be time to consider a different device or a different vendor. If you are a fleet manager or owner-operator looking to purchase an ELD device today, this should be one of the factors determining your search criteria. It's the cyber security of the solution that they're trying to provide. In addition to that, multi-factor authentication is a great solution to help with cybersecurity. What this means is that you can't just plug your password into your device. We will also need access to your email, mobile phone, or other additional forms of communication so that we can actually authenticate your identity.
Jason Cannon:
That's it for this week's 10-44. For more information, please visit CCJDigital.com. While you're here, sign up for our newsletter to stay up to date with the latest news and trends in the trucking industry. If you have any questions or feedback, please leave them in the comments section below. Don't forget to subscribe and get notified so we can deliver next week.