Ongoing focus, training are keys to plugging cybersecurity gaps in trucks

by Today's Trucking

ALEXANDRIA, Va. – Trucks are becoming evermore connected, with tools like telematics systems tracking every move.

The challenge is that potential vulnerabilities continue to grow with the capabilities. The “air gaps” around vehicle systems are increasingly being penetrated by the internet and wireless connections, said Jeremy Daily, associate professor of systems engineering at Colorado State University.

The last CyberTruck Challenge was held in 2019, but the 2020 event was sidelined because of Covid-19. (Photo: CyberTruck Challenge)

Electronic logging devices (ELDs) offer just one example, and they’re actually mandated by the government.

When it comes protecting vehicle systems, any strategies should consider confidentiality, integrity and availability, Daily explained, in a broad-ranging presentation for the Truckload Carriers Association’s virtual safety and security meeting.

Hackers have a distinct advantage when it comes to cybersecurity, he adds. They only need to record a single victory. Those in charge of the systems need to defend everything.

“Vehicles in transportation have relied on security through obscurity in the past,” he says. But just about anything can be hacked. The goal is to make the hacking process economically unfeasible, so the steps can’t be easily scaled.

Rather than adopting “check-box security” measures, Daily stresses the importance of looking at security as an ongoing practice. The work never actually ends.

“There was a lot more work done on automotive cybersecurity,” he says. “There’s still the same types of challenges and vulnerabilities when it comes to heavy trucks.”

One of the challenges to advancing such cybersecurity measures, however, is that few skilled students are exposed to heavy vehicles.

But there are initiatives looking to change that dynamic, such as the Student Cybertruck Experience hosted at Colorado State University. Through that, student researchers have demonstrated ways to tap into telematics devices and expose wifi passwords, proving that such data should not be stored in plain text. They were also able to impersonate a truck’s electronic control unit using an open-source tool called a Beagle Bone.

“We were less than $70 as far as hardware goes,” he said.

Students participating in the challenges have been able to turn off a running truck’s engine using computers connected to a Controller Area Network. They were also able to keep the engine running when the key was removed, and spoof random values on the dashboard.

“We try to bring in four very separate entities – academia, industry, government, and the hackers themselves,” Daily says of the Cybertruck Experience. The event that began in 2017 had expanded to six trucks and a trailer in 2019. This year’s event was sidelined due to Covid-19, but there are plans to renew things for 2021.

Have your say

We won't publish or share your data