• Subscribe
  • In Print
    • Pixabay
    There are resources available to fleets to help educate and mitigate cybersecurity issues.
    1. Shop Operations
    2. Shop Management

    Are all systems secure?

    Oct. 7, 2019
    What are you doing to protect your company’s central system files – both on vehicles and in the office?

    While the risk of having a tractor-trailer remotely hijacked, controlled, and at the mercy of a sinister individual or organization is a valid concern, this is not the only threat that fleets should be apprehensive about when it comes to cybersecurity.

    At the Technology & Maintenance Council’s (TMC) annual fall meeting this year, the S.5 Fleet Management study group continued its focus on cybersecurity during the study group’s S.5 Cybersecurity Issues Task Force meeting. Mark Zachos, president of DG Technologies, is the chairman of both this TMC study group and the Society of Automotive Engineers (SAE) J1939 Task Force.

    His dual role with both TMC and SAE’s task force groups has helped to highlight the need for transportation professionals to learn and prepare for potential cybersecurity issues with vehicles and their company’s operations.

    One example of this is through Zachos’ work to develop and manage a cybersecurity training station, introduced at the 2018 annual TMCSuperTech technician skills competition.

    While TMC and SAE have brought greater focus to cybersecurity issues, these are not the only organizations in the industry working to educate fleets with potential hacking issues and system security.

    Another organization focused on collaborative efforts with TMC is the National Motor Freight Traffic Association (NMFTA). NMFTA manages a Heavy Vehicle Cyber Security (HVCS) program, which focuses on collaborating with private companies, government organizations, and trade associations to address cybersecurity issues in the transportation industry.

    NMFTA has been working to create a contract template with appropriate language fleets can use to ensure potential telematics providers are fulfilling cybersecurity requirements.

    Stemming from this development, the TMC S.5 study group is also working to create a similar recommended practice that includes a request for proposal (RFP) template that would guide fleets through the process of purchasing or contracting with a telematics service provider.

    A real-world example

    The TMC S.5 Fleet Management Study Group co-chair and Senior Vice President for Quality Transport Co. Amanda Schuier, shared a real-world experience from her own company’s business on a recent cybersecurity threat during the TMC Fall Meeting last month.

    Her organization recently received a threat from a hacking group, which had accessed and shut down the fleet’s office computer systems, causing the systems to go offline. The hackers held the fleet’s files for a ransom, stating they wanted bitcoin in return for access back to their company’s computer systems.

    Downtime already plays a significant role in revenue loss for a company. When a hacking threat like this occurs, it can mean no access to computer systems that house important files on service and repairs, PMs, general inventory. You name it, it’s tied to a computer and can potentially be accessed by outside sources.

    “Why does cybersecurity fall into fleet maintenance management? Because our shop software was down for a day,” Schuier said. “We lost dispatching capabilities, access to ROs (repair orders), maintenance records for trucks. Ours was easily resolved. We didn’t pay the ransom, we used backup (files) and we were okay.”

    Ultimately, the root cause had been an image file opened on a driver’s tablet on one of the truck. The truck itself hadn’t been hacked, but rather the mobile device used by the driver on the trucks.

    Schuier suggested some best practices fleets should consider to improve your fleet’s cybersecurity based on her experience:

    • Don’t pay the ransom.
    • Backup files often. This should include a master backup file weekly, if not daily.
    • Just like a fire drill, conduct a practice run with staff where all systems are shut down and brought back online as soon as possible.
    • Train staff about the potential threats of compromised e-mails or corrupt files, and the process for reporting issues if and when they occur. This should involve all employees, including all management, all departments, and drivers.

    Zachos also suggests all fleets become members of Fleet CyWatch, which provides a means to report a hack.

    Fleet CyWatch is a program managed through TMC and the Transportation Security Council. Fleet CyWatch also provides member fleets with an updated list of cybersecurity threats that could impact operations. The program provides cybersecurity training and education for members and benchmarks cybersecurity programs. 

    Conclusion

    While it is a necessity to make sure your organization’s systems, files, and sensitive information are all kept secure, it certainly goes without saying that our industry must keep tabs on vehicle connectivity as well.

    In this month’s cover story, Connecting to the future, we discuss the current landscape of connected vehicles. While access to a vehicle and its data has helped continually better optimize fleet maintenance and service, it does not come without risks. The implications of having all of this data accessible through multiple channels means fleets may be at the mercy of corrupt organizations or individuals with bad intentions attempting to access this information.

    The most important steps are to first acknowledge the potential risks of your vehicles and/or shop being hacked and your data being compromised. After that, use your resources to educate and prepare your staff to help limit or stop damage and downtime before it occurs.

    About the Author

    Erica Schueller | Media Relations Manager | Navistar

    Erica Schueller is the Media Relations Manager for Navistar.

    Before joining Navistar, Schueller served as Editorial Director of the Endeavor Commercial Vehicle Group. The commercial vehicle group includes the following brands: American Trucker, Bulk Transporter, Fleet Maintenance, FleetOwner, Refrigerated Transporter, and Trailer/Body Builders brands.

    An award-winning journalist, Schueller has reported and written about the vehicle maintenance and repair industry her entire career. She has received accolades for her reporting and editing in the commercial and automotive vehicle fields by the Truck Writers of North America (TWNA), the International Automotive Media Competition (IAMC), the Folio: Eddie & Ozzie Awards and the American Society of Business Publication Editors (ASBPE) Azbee Awards.

    Schueller has received recognition among her publishing industry peers as a recipient of the 2014 Folio Top Women in Media Rising Stars award, acknowledging her accomplishments of digital content management and assistance with improving the print and digital products in the Vehicle Repair Group. She was also named one Women in Trucking’s 2018 Top Women in Transportation to Watch.

    She is an active member of a number of industry groups, including the American Trucking Associations' (ATA) Technology & Maintenance Council (TMC),  the Auto Care Association's Young Auto Care Networking Group, GenNext, and Women in Trucking.

    In December 2018, Schueller graduated at the top of her class from the Waukesha County Technical College's 10-week professional truck driving program, earning her Class A commercial driver's license (CDL).  

    She has worked in the vehicle repair and maintenance industry since 2008.

    Email
    Getty Images
    Vehicle-to-vehicle communication makes platooning feasible by enabling each vehicle to know when the one in front of it brakes or accelerates.