Trucks are becoming even more connected, with tools like telematics systems tracking every move.
The challenge is that potential vulnerabilities continue to grow with the capabilities. The “air gaps” around vehicle systems are increasingly being penetrated by the internet and wireless connections, said Jeremy Daily, associate professor of systems engineering at Colorado State University.
Electronic logging devices (ELDs) offer just one example, and they’re actually mandated by the government.
When it comes protecting vehicle systems, any strategies should consider confidentiality, integrity and availability, Daily explained, in a broad-ranging presentation for the Truckload Carriers Association’s virtual safety and security meeting.
Hackers have a distinct advantage when it comes to cybersecurity, he adds. They only need to record a single victory. Those in charge of the systems need to defend everything.
“Vehicles in transportation have relied on security through obscurity in the past,” he says. But just about anything can be hacked. The goal is to make the hacking process economically unfeasible, so the steps can’t be easily scaled.
Rather than adopting “check-box security” measures, Daily stresses the importance of looking at security as an ongoing practice. The work never actually ends.
“There was a lot more work done on automotive cybersecurity,” he says. “There’s still the same types of challenges and vulnerabilities when it comes to heavy trucks.”
One of the challenges to advancing such cybersecurity measures, however, is that few skilled students are exposed to heavy vehicles.
But there are initiatives looking to change that dynamic, such as the Student Cybertruck Experience hosted at Colorado State University. Through that, student researchers have demonstrated ways to tap into telematics devices and expose wifi passwords, proving that such data should not be stored in plain text. They were also able to impersonate a truck’s electronic control unit using an open-source tool called a Beagle Bone.
“We were less than $70 as far as hardware goes,” he said.
Students participating in the challenges have been able to turn off a running truck’s engine using computers connected to a Controller Area Network. They were also able to keep the engine running when the key was removed, and spoof random values on the dashboard.
“We try to bring in four very separate entities – academia, industry, government, and the hackers themselves,” Daily says of the Cybertruck Experience. The event that began in 2017 had expanded to six trucks and a trailer in 2019. This year’s event was sidelined due to Covid-19, but there are plans to renew things for 2021.
John G. Smith is the editorial director of Today's Trucking, where this article originally appeared, and was used with permission from Newcom Media as part of a cooperative editorial agreement.