Cybersecurity may not seem as an important job in your business, but safety is. The safety of your technicians on the shop floor, the safety of your drivers on the highway, the safety of your equipment and freight; all very important that rely on the safety of your organization’s online service and network capabilities. Without the capabilities to receive and send fleet data, pay your employees, track shipments, control customer relations, etc. can not only damage your business but the businesses of others. Not to mention the unthinkable, like drivers and bystanders around an uncontrollable moving commercial vehicle.
Currently, the Federal Bureau of Investigation (FBI) provides an Internet Crime Complaint Center (IC3) which aids citizens by bringing pervasive cyber-crimes and scams to the attention of law enforcement. Over the last five years, the IC3 received an average of nearly 300,000 complaints per year and that’s an estimated 15 percent of victims that report their crimes. So far there have been at least two reported transportation related hacks that involved ransomware, a form of malware that targets weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Most trucking organizations that have been hacked or don’t know they’ve been hacked do nothing about it due to being unaware of reporting the crime. If anyone is unaware of this process, www.ic3.gov is the free national internet crime complaint service.
The key areas to focus on with ransomware are prevention, business continuity, and remediation. It is very difficult to detect a successful ransomware hack before it is too late. The best approach is to focus on defense in depth, or several layers of security, as there is no single method to prevent a cyber-threat. As ransomware techniques and malware continue to evolve and become more sophisticated, even with the most robust prevention controls in place, there is no guarantee against exploitation. This fact makes contingency and remediation planning crucial to business recovery and continuity, and those plans should be tested regularly to ensure the integrity of sensitive data in the event of a compromise.
More information prepared by FBI's CyberDivision:
https://www.fbi.gov/about-us/investigate/cyber/ransomware-brochure
For one TMC example, RP 1225 “General Guidelines for Security Risk Analysis of Electronic Driver Log Systems” is a guideline for identifying security risks associated with an ELD system. The suggested risk analysis approach serves to identify potential vulnerabilities for which to consider whether appropriate security controls have been effectively implemented. Mandating ELDs have been well known as another gateway to compromise a fleet’s assets. This RP as well as others define specific risk analysis approaches and cataloged security risks that provide users a general framework for system characteristics.
At TMC's 2016 Fall Meeting an exploratory Task Force will be formed to inform the membership of progress toward uniform efforts of manufacturers, SAE, government agencies, academia, and other cybersecurity defense organizations. If this topic interests you and you'd like to know more about it and participate in the objectives for the proposed Task Force, be on the look out for its time and place September 19th at TMC's 2016 Fall Meeting in Raleigh, NC.