Autonomous trucks are an especially attractive target for hackers, cargo thieves and cyber criminals, experts say.
“If you move to autonomous navigation systems or even just the usual driver-controlled navigation systems, they’re all vulnerable to attack,” says Jeffrey Carr, a consultant and founder of the Suits and Spooks cybersecurity conference series.
Once a truck target has been identified, a hacker can identify which GPS satellites are used to guide its navigation. This can be hijacked by creating his own transmitter and codes to mimic the ones sent by that satellite, then gradually increasing the frequency of the signals from that transmitter.
“You can fool the receiver in the vehicle to lock onto the fake codes instead of the authentic GPS codes and reprogram the mapping coordinates for where the vehicle is headed,” Carr said.
Part of what makes trucks more vulnerable to cyber attacks than cars is that they all use the same protocol, said Monique Lance, with Argus Cyber Security, based in Tel Aviv, Israel.
“There’s a common communications standard in trucks called J 1939 that makes it possible to craft one attack that fits all,” Lance said. “An attack that accesses one truck will potentially access most trucks.”
Argus advocates a three-pronged approach that begins with prevention — by designing cybersecurity into trucks from the concept stage. Transportation companies need to be proactive rather than reactive, she said. But if a hack does occur, the system needs to be able to understand it’s been compromised and respond as quickly as possible.
“Because trucks are depended upon to transport goods and services, if you hold a fleet of trucks for ransom, you’re more inclined to get a quick payment because those organizations can’t afford to have their trucks stalled for a day or two,” Lance said. “The costs of not getting those goods delivered is very high.”
The most likely forms of cyber attack on trucking are stealing freight or holding it for ransom, but terrorism is also a possibility.
“Nobody’s interested in one car unless it’s carrying an executive or an official, but a truck? We already know trucks have become a preferred method of delivering attacks,” Carr said.
Once trucks are automated, even more harm could be done, Carr said.
“Cybersecurity is definitely an issue to be developed and implemented as quickly as possible,” said Jeremy Carlson, an analyst at IHS Markit.
Carlson points to the infamous hack from July 2015 when white-hat hackers Charlie Miller and Chris Valasek took remote control of a 2014 Jeep Cherokee’s digital systems over the Internet while a reporter from Wired magazine was driving. That hack resulted in Jeep recalling 1.4 million vehicles at a cost of about $140 million, Carlson said.
“It certainly represents a better financial investment to do something before the fact rather than as a reaction,” Carlson said.
Full article here.