Modern electronics systems in class 8 trucks can open a virtual door to cyber criminals.
A recent Today’s Trucking article details how several testing projects at universities have already demonstrated how hackers – with little difficulty – can take over a truck’s electronics, seize controls, and mine for sensitive company data in the ECM by hard-wire connecting into the vehicle’s OBD port.
As trucks become even more connected going forward, experts believe they’ll be even more vulnerable to wireless security breaches and intervention.
From Today’s Trucking:
“What concerns me, as a fleet equipment manager, is increased opportunity for cyber attacks because of the inter-connectivity of our vehicles and all of the components now,” said Gary Hunt, vice-president of equipment and maintenance at ABF Freight System. “When you talk about how these different components are going to talk to the truck, across the J-1939, through our telematics system, to us, those are all opportunities that somebody else can talk to those components and get into the truck. That’s a real concern for me.”
Hunt was speaking at the at the inaugural meeting of a new Taskforce on Cybersecurity at the American Trucking Associations’ Technology and Maintenance council’s annual meeting.
A large part of the potential threat comes from the J-1939 data bus. It’s an open standard and provides a great deal of efficiency to the industry, but its open design makes it vulnerable.
“We worked, as an industry, to develop that open architecture, so that we could have this great flexibility, as fleets, as OEMs, to work collaboratively. Is J-1931 now going to be our Achilles heel?” asked Hunt.
The open-architecture CANBUS is just one of the challenges. To really look at the whole attack surface, we need to look all the way up and down the supply chain, noted Keith Doorenbos, a system engineer with Paccar who attended the taskforce session.
Theoretical models have been developed that suggest even diagnostic tools could be used to move a virus-like attack from one truck to the next, but so far, Doorenbos says that’s entirely theoretical. “I don’t believe it’s even been demonstrated by any of our white hats [hackers working for good], but there’s a lot of exposures in different elements. Basically everything that’s ‘smart’ out there creates another opening.”
Doorenbos says trucking hasn’t yet had a lot of exposure to what he called the classic cyber criminals who are after access to traditional servers for data-mining, identity theft, and financial theft.
More likely, Doorenbos believes, the biggest threat lays in the for-profit sector: cargo theft.
“Right now that’s pretty much done using old-school methods,” he says. “What we’re trying to do is prevent giving them new techniques that might make that simpler, more efficient or more accessible.”
There’s a huge amount of work in the background to better understand the scale of the problem, and a few solutions are emerging.
A key pillar of cybersecurity efforts is encrypting data and software so it can’t easily be reverse-engineered or accessed by outsiders. Another strategy is partitioning truck electronic architectures so that, rather than having a single-vehicle network on J-1939, there are a number of sub-networks separating the most critical systems from the less critical systems. Engineers are also inserting firewalls or gateways between the different networks so they can control the data and commands that can move from one network to another.
“Even if somebody can compromise your telematics system that does not automatically give them immediately the ability to send commands directly to an engine or a brake,” says Doorenbos.
Read the full article at Today’s Trucking here.