You’re the operations manager of a major truckload carrier. It’s Tuesday, a little after 2 p.m. The morning rush is over, the drivers and customers are all reasonably happy, and you’re gearing up for the onslaught of late-afternoon messages from customers wondering where their trucks are and drivers alerting you that they can’t load until tomorrow. It’s a typical day — until you get a call from a driver with something out of the ordinary.
“My engine has just shut down and I’m sitting dead in the center lane of the Cross-Bronx expressway,” he says. “There were no warnings, no red or yellow lights. It just quit. Traffic was too heavy for me to get over to the shoulder, so I’m sitting here blocking traffic. What a mess.”
Then your phone chirps with a text message: “Send 25,000 in Bitcoin and you can have your truck back.”
If you’re chuckling, saying, “No, that could never happen,” wipe the smile off your face. It has already happened — so far only in a lab, but it’s likely to happen in real life if truck makers, regulators and fleets don’t take steps to protect certain vulnerabilities in the basic electronic architecture of nearly every truck built in the past 25 years or so.
A large part of the potential threat comes from the J1939 data bus. As the Society of Automotive Engineers defines it, “J1939 is a common communication architecture that offers an open interconnect system allowing ECUs associated with different component manufacturers to communicate with each other.”
But while J1939’s open design provides a great deal of efficiency to the industry, it also makes it vulnerable.
“We worked, as an industry, to develop that open architecture of J1939 so that we could have this great flexibility, as fleets and as OEMs to work collaboratively,” says Gary Hunt, vice president of equipment and maintenance at ABF Freight System. “Is it going to be our Achilles’ heel now?”
Hunt is part of a new task force put together by the American Trucking Associations’ Technology & Maintenance Council to address cybersecurity issues.
The open architecture of J1939 is just one of the challenges. There are actually vulnerabilities all the way up and down the truck manufacturing chain.
Truck makers “buy major systems and components from a lot of large suppliers, who, in turn, buy from other suppliers,” said Keith Doorenbos, a system engineer with Paccar, speaking at the inaugural session of the S.5 Cyber Security Taskforce at TMC’s annual meeting in Nashville earlier this year. “And when we complete our part of a truck, we hand it off to bodybuilders, to telematics providers and to the fleets. Even drivers are installing or connecting their own electronics to the truck. So every piece that gets connected provides another path into the system and another risk to the system.”
Theoretical models have been developed that suggest even diagnostic tools could be used to move a virus-like attack from one truck to the next, but so far, Doorenbos says that’s entirely theoretical.
“I don’t believe it’s even been demonstrated by any of our white hats [good-guy hackers], but there’s a lot of exposures in different elements. Basically everything that’s ‘smart’ out there creates another opening,” he warns.
Researchers and industry insiders have known about these vulnerabilities for years, and have been testing systems for permeability. What began as a class project at the University of Michigan Transportation Research Institute in spring 2016 made it to the pages of Wired magazine as a follow-up to the widely reported controlled hacking of a Jeep Cherokee while it drove around public highways in St. Louis. The UMTRI exercise was conducted on a closed test track, and the hacker was sitting in the sleeper with a laptop plugged into the on-board diagnostics port of a 2006 Class 8 tractor.
They’re not the only ones. Last year, the University of Tulsa in Oklahoma began research on a truck-in-a-box. It was a typical Class 8 electronically speaking — just the wiring and electronics without the truck. While the “Truck Duck” originally was designed to monitor operations, “I realized if I can monitor it, I can probably alter what it’s doing,” said James Johnson from the Tandy School of Computer Science in a press release. “I wrote a very basic piece of malware that changes what the software does without anyone being able to tell.”
And for the past six years, the Battelle Memorial Institute and a working group within the SAE have teamed up to host an automotive cyber challenge in Detroit, where OEMs bring their vehicles in and a team of students try to hack into the systems.
These and other exercises all have concluded that the weakness is real, and the vulnerability poses a threat to operations. But just how much of a threat, and what it could be used to exploit, isn’t yet clear.
“It’s no longer a question of if, but when,” stresses Mark Zachos, chair of the TMC S.5 Task Force on Cybersecurity and chair of the SAE J1939 Network Security Task Force. He is also founder and president of DG Technologies and CEO of Dearborn Group Inc.
“The OEMs who bring their vehicles into the Battelle challenge certainly do get hacked,” Zachos says. “Those OEMs get a lot of good information from the session, but all of the information gleaned from the attempted hackings stays in the room. They publish nothing, there are no press releases. In fact, everybody involved has to turn in their notebooks at the end and the notebooks are destroyed. It’s designed as a learning experience only.”
So far, all of those projects were just demonstrations, and they were accomplished with hard-wired connections to the truck. But nobody can guarantee that today’s connected truck is completely and absolutely safe from some kind of deliberate intervention. As Doorenbos noted, there are plenty of ways into the system.
Who would want to hack a truck?
By now you might be prepared to concede that the potential for a cyber-attack on a truck is real, but you may have a hard time imagining why someone would bother. Well, a truck could become a pretty effective weapon in some sort of terrorist attack, or it could be used by someone with an axe to grind, or even some kid who wants to prove something to his girlfriend. Doorenbos told attendees of the S.5 taskforce session that the threat could come from several quarters.
“You’ve got the tuners, the age-old nemesis of OEMs; the people who go in and find ways to modify trucks to get more power, better fuel efficiency, and bypass emission systems without the approval of the OEMs,” he said. “Then you’ve got your prankster category; people who are just out to demonstrate that maybe they’re smarter than somebody else. And you’ve got your hacktivists; people who are either socially or politically driven with specific agendas. Hacktivists have an enormous amount of dedication to put into making their particular political or social point at anybody’s expense.”
He says trucking hasn’t yet had a lot of exposure to “classic cyber criminals” who are after access to traditional servers for data-mining, identity theft and financial theft (see story on p. 60). But that still leaves quite a cross-section of potential threat originators.
“And at the top end of the system, you’ve got your nation states or pseudo nation states, the types of organizations that have very large resources and are willing to mount large-scale, very sophisticated attacks in order to support political goals,” he warned. “They can be very difficult, if not impossible, to completely block if they come after a system.”
More likely, Doorenbos believes, the biggest threat lies in the for-profit sector: Cargo theft. “Right now that’s pretty much done using old-school methods,” he said. “What we’re trying to do is prevent giving them new techniques that might make that simpler, more efficient or more accessible.”
Whether it’s a kid with an inferiority complex or organized crime looking for more efficient ways of grabbing your cargo, there’s also a worst-case scenario to consider: a full-scale organized cyber terror attack using trucks.
“What if a cyber attacker decides to attack every truck that’s operating on the Beltway in Washington, D.C.?” asked Hunt, speaking at the TMC S.5 session. “[Hackers] break every single one of them and block the Beltway. Then they attack inside the beltway, and you can’t get emergency vehicles in there because the Beltway is blocked with commercial vehicles.”
And what might cyber terrorists do with trucks loaded with hazardous and explosive materials?
At the other end of the spectrum is something more insidious, such as a denial-of-service attack done to a truck or just some of its components.
It’s not hard to imagine what could be done. Perhaps the big challenge is imagining how to prevent any or all of the above scenarios.
Ongoing prevention efforts
As we’ve demonstrated, cybersecurity is an issue that affects nearly everyone in the industry, from the OEMs and their suppliers, to fleets, maintenance people, and even drivers. There’s a huge amount of work going on in the background to get a better understanding of the scale of the problem, and a few solutions are emerging that will help slow the black hats down, even if we can’t shut them out completely.
A key element of a lot of cyber security efforts is encryption. Encrypting data and software so that it can’t easily be reverse-engineered or accessed by outsiders is common now.
Telematics providers are on the leading edge of some of these mitigation and prevention efforts. PeopleNet, for example, says it has implemented multiple layers of security so that there are no openings for a hacker to exploit.
“We ensure this through encryption and data obfuscation,” says Chris Sandberg, vice president of information technology at PeopleNet. “Encryption and obfuscation ensure data is transmitted in a binary format and sent separately from the encryption keys, so there is no way to decipher what the data shows even if it isn’t encrypted. Essentially, this means that we created our own language — and there is no Rosetta Stone for hackers to be able to crack the code.”
Another strategy is partitioning the electronic architectures on trucks so that rather than a single-vehicle network on J1939, there are a number of sub-networks separating the most critical systems from less critical systems. Engineers are also inserting firewalls or gateways between those different networks so they can control the data and the commands that can move from one network to another.
“Even if somebody can compromise your telematics system, that does not automatically give them immediately the ability to send commands directly to an engine or a brake,” Doorenbos explains.
But those are all modern solutions for modern trucks. Consider this sobering fact: The National Motor Freight Traffic Association recently did a survey to gather registration data for all vehicles put into service since model year 2000. The results suggest that four out of every five trucks built in the last 15 years are still registered. That’s a lot of systems to reverse-engineer, partition, encrypt and protect.
The other critical component in the cybersecurity fight is technician training. The folks who work on trucks need to be able to recognize a possible threat.
“We have enough occasional hiccups with either the diagnostic software or the data connection that a legitimate threat could easily be confused as just another computer issue,” notes Zachos.
This year’s SuperTech technician competition at TMC’s fall meeting had a cybersecurity test station to expose technicians to the issue. Next year, the actual competition will probably include a cybersecurity component.
“The discussion could start with outlining a basic process that could link into an existing vehicle troubleshooting process,” says Zachos, who recently took over as chair of the TMC cybersecurity group from Guy Rini.
If this is the first you’ve really heard about cybersecurity as it relates to trucks and freight transportation, you’re not alone. It’s a fairly new problem, but as noted above, several U.S. universities are now actively engaged in research on the subject. The U.S. Department of Transportation, the Department of Defense, the Department of Homeland Security, the FBI, and other government agencies are also looking at it. And there are several industry groups actively engaged in discussion and research on the subject, including SAE, TMC, the National Motor Freight Traffic Association and the Automotive Information Sharing and Analysis Center.
Auto ISAC is an industry-operated entity created to enhance cybersecurity awareness and collaboration across the global automotive industry. Participants include light-, medium-, and heavy-duty vehicle manufacturers and their suppliers.
You’ll be reading more about this in the coming months — hopefully here in Heavy Duty Trucking first, not in Wired magazine.