Device Management and In-Cab Security: A Growing Cybersecurity Challenge

For the modern transportation company, in-cab technology is a vital component of doing business and keeping drivers safe on the road. But fleet safety is more than just accident protection; it’s also the 24x7x365 effort required to guard the company against unconventional dangers, such as cyberattacks, security breaches and data piracy. That’s why it’s critical for fleet managers to understand the risks in-cab devices pose as a potential vulnerability and have a mobile device management (MDM) plan in place to mitigate them.

In this first installment of our “Full Circle Safety” series on how carriers can leverage technology to protect their operations, we’ll look at the essential role of a robust MDM and security strategy and how Trimble’s solutions can help ensure the modern fleet’s digital safety.

Wireless on-board and back-office systems enable the exchange of actionable operational information, but cyberattacks are happening with increasing frequency and severity, and those threats are real and growing.

• Upstream Security, a cybersecurity firm specializing in protecting connected vehicles, warned that the transportation sector is becoming increasingly targeted, and that there was a 400% increase in reported cyberattacks between 2017 and 2022.
• Risk management firm Overhaul found in its second-quarter report that thefts increased 15% year-over-year. Cargo thefts drove the trend, with deceptive pickup increasing three-fold as strategic tactics use technology to fraudulently redirect cargo.
• Research at Colorado State University showed it is possible to compromise Electronic Logging Devices (ELDs) remotely and use them to gain access to other devices on the same network. The result could be an attack against a large number of in-cab devices across a fleet or connected operations.

Increased Connectivity has Benefits and Dangers

Trucking companies have become increasingly connected via Cloud services to their vehicles and drivers to improve productivity and boost profitability. Connectivity allows fleets to operate more efficiently and enhance customer service, so they are using a range of in-cab devices for application distribution and workflow data, dispatching, load and vehicle location and status, tracking and Proof of Delivery information. Next generation connected devices also play a key and growing role in safety.

“Not that long ago, it was a common belief that while in-cab technology and information was important, as long as the truck could keep moving, connected information systems weren’t essential,” said Jason DeShaw, product director for driver experience at Trimble. “Now, however, those solutions and technologies have become integral to transportation operations, and along with them have come security threats.

“The need for trucking, transportation, and logistics companies to protect driver and customer information is not new, but in today’s world cybersecurity is being expanded to devices in the field,” DeShaw continued. “The management of in-cab devices, the applications they operate and the communications systems they utilize all need to be the focus of security measures because the threat of cyberattacks is at the forefront all the time.”

“The attack space where a bad guy can find opportunities and get into your system has expanded with the use of technology and the newer things coming into the vehicles,” Mark Zachos, president of vehicle diagnostics company DG Technologies told Transport Topics. “We want to protect the vehicle, and the systems, and the back offices. The boundary probably hasn’t moved, but the space inside of it has increased.”

Trucking Is an Easy Target

Hackers and malicious actors see trucking and transportation operations as ripe targets for attacks for several reasons.  For example, there are high value loads combined with generally weak cybersecurity practices and limited IT staff who receive minimal training. Moreover, trucking companies haven’t been all that worried about cyberattacks because they haven’t seen the risk related to in-cab equipment.

At the same time, when trucks are connected to back-office systems, drivers are highly susceptible, too. Their personal information is often sent electronically making it easy for hackers to collect, putting themselves and their companies at greater risk. 

In modern vehicles as well, telematics systems are sending and receiving a continuous flow of data from connected components, along with apps and software. Add to that the fact that logistics companies and commercial fleets often have complex operating parameters that present a distinct set of potential vulnerabilities and entry points, effectively widening the number of ways they can be attacked.

The more connectivity, the bigger the exposure, Upstream Security noted in a blog on securing telematics servers. Using a vehicle’s wireless system and in-cab devices as an entry point, for example, breaches could lead to fleet-wide attacks, ranging from ransomware causing financial and reputational damage to impaired operability and uptime, and worst yet, disabling critical devices and causing physical harm to drivers and others on the road. The stakes are even higher when talking about truck fleets carrying highly valuable or hazardous materials loads. It’s vital that a culture of safety in modern transportation must extend beyond the cab, all the way to the back office

Rigorous Protection Is Needed

When it comes to in-cab devices, it’s essential to monitor the entire chain of communication between the connected vehicle, mobile apps and back-office software systems, as well as the chain of custody of a device.  Trucking companies also need to include every employee and their drivers in cybersecurity training and should routinely audit their in-cab and connected systems for vulnerabilities.

Beyond enabling data encryption and protection measures, cybersecurity training should cover compliance with company policies and how devices can be used, stored and transported, DeShaw noted. “Make sure drivers are aware about cellular and WiFi networks and the in-cab devices that are always on,” he said.

“To protect in-cab devices from malicious attacks, authentication is important, as is training for both drivers and back-office personnel,” DeShaw said. “Physical security of the device is needed as well, manifested in policies that address things as simple as locking vehicles when parked and avoiding public WiFi connections at truck stops and customer facilities.”

DeShaw also advised trucking companies to develop a “breach playbook” and prepare for business continuity if there’s an issue. “Have a plan that addresses the criticality of information and the different levels of security needed,” he added.

“Every fleet has their own cybersecurity needs,” DeShaw said. “Some loads, like pharmaceuticals for instance, may be more valuable than others, and some may have high safety concerns like hazardous materials, but all loads have some value and are susceptible.”

Addressing the Challenge

For DeShaw, everyone is responsible for in-cab device security and that means enterprise mobile management practices are especially important. Part of secure device management – and by extension a key component of modern fleet safety – is a focus on in-cab technologies, he said, and app management is equally critical.

Trimble App Manager, part of the Trimble Instinct complete fleet management solution, provides a means of managing device policies and addressing the many different interdependencies and connections between in-cab devices and back-office systems. It allows administrators to remotely configure in-cab devices for an enhanced level of device control, limiting security risks and further promoting Trimble’s full-circle approach to modern fleet safety – one that extends from cybersecurity to driver security.

Trucking industry and government entities have also been actively working on ways to protect enterprise and information management systems and connected in-cab devices. The U.S. Department of Commerce is gathering input for potential regulations on connected vehicles and on whether wireless technology presents a national security risk. Included are in-cab technologies like cameras, and communications and telematics systems. The Commerce department’s Bureau of Industry and Security defines a connected vehicle as one that integrates on-board networked hardware with software systems to communicate, which would likely cover vehicles with global navigation satellite systems, remote access or control, wireless software, on-device roadside assistance and more.

And at the American Trucking Associations’ Technology & Maintenance Council annual meeting, SERJON LLC announced a collaborative effort to bring commercial vehicle cybersecurity training to TMC and ATA members. The online course entitled Defending Heavy-Duty Vehicles features modules that cover cyber threats and risks, cybersecurity basics, firewalls and endpoint protection and equipment setup and configuration.

“The rise of cybersecurity adversaries and the confirmation of potential security flaws in technologies deployed by fleets underscores the urgent need for motor carriers to take these threats seriously,” said SERJON Senior Vice President of Information Technology and Cybersecurity Urban Jonson.

To learn more about Trimble App Manager and the Instinct complete fleet management solution, contact our team for a demo.