In June 2017, Maersk and Merck—two giants in their respective industries—were brought low by the NotPetya cyberattack. This was one of the biggest disruptions of global shipping in history, hobbling Maersk’s worldwide fleet-management systems to the tune of a $300 million loss in profits.
Additionally, cybersecurity firms Onapsis and Digital Shadows published a study this past July providing evidence of how cybercriminals target and exploit SAP and Oracle ERP applications. Thousands of unpatched business systems are at risk, leaving the door open for hackers to steal sensitive information.
These are just two examples of how the warnings of security experts are becoming reality. The transportation industry is a major target for cyberattacks and the threat to the entire supply chain is great, yet the majority of motor carriers are still operating from a defensive position.
Cyber Threats To Trucks
While the IT infrastructure of overland versus overseas fleets is different, what the entire transportation industry shares is interconnected logistics and supply chain management systems. Transportation operations have become extremely dependent on software solutions (Internet of Things (IoT) systems, in particular), which attracts the unwanted attention of hackers.
A large part of the potential threat comes from the open, interconnected design of the J1939 vehicle bus. This communication architecture is efficient and commonly used, but also vulnerable to attack. And there are more vulnerabilities throughout the truck manufacturing and supply chains. Hackers intent on theft or sabotage target trucks’ engine control modules, infotainment systems, Bluetooth links to smartphones and onboard computers, and open USB ports. The government-mandated electronic logging devices (ELD), which collect ECM data and then transmit it through WiFi, cellular connections, or USB memory sticks, also present a risk to trucking companies. In short, every piece of connected electronic equipment provides a potential inroads to the system for attackers.
Protections From Attacks
While it’s become more of a “when” than “if” question when discussing cyberattacks in the trucking industry, the outlook is not all doom and gloom—there are ways companies can successfully protect themselves.
The number one way to protect and prepare for malware attacks is to double down on employee education. Cybersecurity training should be mandatory for all drivers and anyone who touches the equipment. Carriers with on-going training develop saavier employees who are wise to the latest hacker methods, which has proven to reduce risk dramatically.
Secondly, carriers need to follow IT industry best practices. These include actively monitoring networks, managing systems access, backing up data, consistently installing patches and updates, installing effective network firewalls and virus security software, documenting applications and systems, and creating a cyberattack recovery plan.
The American Truckers Association (ATA) is also throwing its weight behind the effort to protect the industry from hackers. It recently announced Fleet CyWatch, a new benefit for ATA members that “assists fleet members in reporting information about trucking related internet crimes and cyber-attacks, and shares information to fleets about cyber threats that may impact their operations.”
To learn more about how to protect yourself from risk, contact Falvey Shippers.