Q&A: Upstream CEO on Protecting Trucks Against Cyberattacks

Most fleets aren’t doing enough to protect their vehicles, cargo and customers from the threat of hacking, says Yoav Levy, co-founder and CEO of Upstream, a cybersecurity firm that specializes in protecting both individual vehicles as well as fleet assets.

HDT talks with Levy to see how hacking impacts fleet operations. Here’s what you should know.

These interview questions have been edited for clarity, style and brevity.

HDT: Fleet executives are concerned about hacking and cyberattacks, but they often seem to think of these threats in terms of a future problem. You have said the threat is already a massive problem and they need to act now to protect their businesses, correct?

Levy: Correct. Cyberattacks have increased exponentially over the past 10 years and the numbers are increasing at an astonishing rate. Cyberattacks on both individually owned vehicles (including passenger cars) and fleets has increased by 344% since 2010. These attacks are vicious and can cripple or even ruin a fleet business. If you’re not protecting your fleet and vehicles now, you need to act soon before you become a target and a victim.

HDT: What are the main types of cyberattacks fleets fall victim to?

Levy: The first threat fleets face is having intellectual property stolen – which can then be used to facilitate other crimes later on. It’s astonishing to consider the massive amounts of proprietary business data stored on a modern truck. Thieves who hack into a vehicle can get anything from spec’ing information, maintenance records, operational data, route information, and even personal data: Where did the truck go last night? Where does this driver live? And it’s not hard to imagine how thieves could use that data for all sorts of criminal activity.

HDT: What’s the second primary cyberattack threat?

Levy: Broadly speaking, we identify the next serious threat as fraud driven by monetary gain. In the old days, a thief had to break a window and hot-wire the ignition if they wanted to steal a vehicle. Today, they can just hack into the vehicle interface, or mobile app, unlock the doors and start the engine.

Outright vehicle theft is the most obvious threat here, but hackers can also do many other things. They can roll back odometer mileage to make warranty claims, for example. Or, if you’re leasing trucks, they can roll back the odometer and not pay for the miles they actually ran with the vehicle. They can disable exhaust aftertreatment systems so they don’t have to add diesel exhaust fluid, for example.

Really, the only limit to the many types of fraud they can commit once they’ve hacked into a vehicle is their imagination.

HDT: And you have said the third threat is actually the greatest today – and growing.

Levy: These are ransomware attacks. Recently hackers made news by getting into a Russian taxi fleets’ software system and sending all the cars to the center of Moscow to create a massive traffic jam. But you don’t have to even move vehicles to create massive problems for a trucking business. Imagine if you run a package and delivery fleet at Christmas time and hackers disable your ability to unlock the doors on the delivery trucks sitting in your yard. You begin to understand the magnitude of this threat.

There is still, I think, a tendency to think of ransomware attacks as coming from rogue nations. And those are very real threats – particularly for hospitals. But ransomware attacks are on the rise. And fleets are highly tempting – and vulnerable targets.

HDT: What should we know about cybercriminals?

Levy: They may start a hack with a certain goal, but they will almost always opt for first, or the easiest, opportunity they find once they’re in your system. They’re looking to make money. And they want the easiest means of forcing you to give it to them. That makes it harder to defend against their attacks, because it’s usually a cookie-cutter approach once they’ve hacked in. If they can’t get to their original goal, they’ll pivot to something easier.

HDT: Are there several ways cybercriminals can go about hacking into a fleet?

Levy: Yes. We see most of the hacks currently targeting telematics systems and application servers. But mobile apps are easy prey, too. The hacker pretends to be someone else and pairs the hacked-in app with a vehicle they do not own, for example.

HDT: OEMs and vehicle electronic control module suppliers try to defend against these criminals. Is the problem simply too large for them to adequately defend against?

Levy: The threat is evolving constantly. I tell people to start thinking of their vehicles the same way they do about buying a new desktop or laptop computer. Of course, the manufacturer and the software designers have impressive cybersecurity systems built-in that new computer. But, the first thing you’re going to do when you get it home and start it up is buy and install additional anti-virus and cybersecurity programs. Because we all understand that the threat desktops and laptops face from hackers is far bigger than a single software developer can effectively counter by themselves.

It’s time we started looking at our new vehicles in exactly the same way. No matter how good their proprietary cybersecurity systems are: They need extra protection.

HDT: How does Upstream help fleets get that extra protection?

Levy: At Upstream, we build cloud-based cybersecurity platform that are purpose-built for connected vehicles from the ground up. And our platform analyzes connected vehicle data, looking at telematics in real time for data foot printing through both apps and over-the-air updates, data sources and data streams such as modems and SIM cards for trigger warnings that tell us is someone is trying to remotely connect to a vehicle.

There are many different ways to hack a vehicle, and we have many playbooks and responses keyed up to take immediate action when a threat is detected. We can simply deactivate a SIM card inside a vehicle, for example, and stop a hacker dead in their tracks. We also have many automatic responses set in place for certain types of attacks. And we monitor vehicles continuously from our security operations center. We work with nearly every manufacturer on the planet and protect over 12 million vehicles worldwide.