By Wally Stegall
Editor’s note: Written by Wally Stegall, technical fellow at Morey Corp. This is one in a series of periodic guest columns by industry thought leaders.
While connected and autonomous fleets are still in their infancy, investments are booming — 55 percent of trucks in North America and 43 percent of trucks in Europe will be connected by 2025. These connected commercial vehicles often carry far more value than the goods they haul. As Internet of Things, or IoT, data connectivity and analysis improve, fleet managers will hold a literal wealth of data around route management, GPS tracking, transit points and timing, load conditions, and other key factors that compose logistics information technology, or LIT.
But with new capabilities and data come new cybersecurity vulnerabilities. While the days of hackers plugging directly into a truck’s diagnostic port to harm a fleet are ending, the doors to a host of new dangers have been flung open as autonomous technologies grow in the age of Industry 4.0.
Fleet managers must apply future-forward cybersecurity best practices to holistically protect their trucks against hackers, who see commercial vehicles carrying high-value goods as more lucrative targets. These best practices will help kick-start such a mindset within your organization.
Think about the vehicle as a security ecosystem. Hackers have multiple points of entry for attacking a connected truck — so why would a fleet employ just one mode of cybersecurity?
Start by thinking about the physical environment of the vehicle and all potential points of entry. A multilevel audit, from components to control modules to subsystems to multiple systems and total vehicle, paints a complete picture of cybersecurity threats from the outside in. Use this insight to inform your broader security plan.
As you protect each point of entry, apply a variety of segregations to hardware and software — like a door with many keys. These walls help protect vehicles from hackers who might aim to throw them into Limp Mode, a security function that limits the vehicle’s power and activates a denial of service. Instead of shutting down the truck completely, a security breach will cause the autonomous systems to close off vulnerable areas while still allowing the vehicle to reach its destination.
THE SECURITY SCALE
Autonomous driving isn’t an all-or-nothing equation; the National Highway Transportation Safety Administration identifies levels of automation from 0 (solely a human driver) to 5 (fully automated driving). Cybersecurity shouldn’t be an all-or-nothing plan, either.
Instead, fleet owners should apply the same scale to their own cybersecurity and maintenance levels, matching sophistication to strength of protection. In a truck with no automation, security and safety is entirely up to the driver. But as soon as the driver is removed from complete control, maintenance and security must be leveled up to replace human intuition. Training drivers in this new world order — interacting with, learning from and reacting to automation instead of treating it as an unwelcome interloper — is key to successful cybersecurity implementation.
TRANSPARENCY AND COMMUNICATION
Industrywide transparency and conversations lead to better security for all.
The future of LIT holds immense possibility for data-sharing among original equipment manufacturers, third-party providers, tier-one companies and fleets. This is especially true of add-on solutions, from data sensors to software to cloud-based data storage, as they become more prevalent. These solutions are easier to implement — but they’re also easier to attack.
While specific, industrywide standards around technology and cybersecurity yet may not yet exist, stakeholders have a responsibility to ensure their own assets and customers’ exchanges are safe. How can manufacturers segregate their products at a component level to make sure a low-level hacker can’t cause harm? How can IoT devices become more rugged from the inside out? How can data become more standardized to make it easier for users to spot a hacker? These questions and more will help shape the future of trucking cybersecurity.
The No. 1 danger to the future of trucking cybersecurity lies in autonomous technologies getting too far ahead of safety and maintenance. Fleet managers must realize the very real cybersecurity risks that threaten their vehicles and implement more sophisticated measures that not only build complicated walls in the face of attackers, but that also support the long-term goals and benefits of LIT.
Editor’s note: Wally Stegall is the technical fellow and director of business development at Morey, where he’s led engineering, sales, technical management and business development efforts for the company.
Trucks.com welcomes divergent thoughts and opinions on transport technology and trucking industry issues. Use the comments section to cite yours. Qualified opinion leaders are welcome to offer suggestions for opinion columns. Contact firstname.lastname@example.org