With the evolution of trucks into computers on wheels, cybersecurity becomes more of an issue. Autonomous trucks are especially an attractive target for the hacking community.
Jeffrey Carr, a consultant and founder of the Suits and Spooks cybersecurity conference series, told Trucks.com, “More harm can be done with trucks than cars.”
As trucks take on an increasing amount of autonomous capability, such as platooning, the points of entry for hackers increase. Unlike passenger vehicles, freight trucks can carry precious cargo and in the unfortunate event of a crash can cause dramatically more harm.
The cost to hack a GPS system is relatively small, about $10,000. When given a choice a hacker wouldn’t waste their time hacking a personal passenger vehicle. However, heavy-duty trucks moving down the highway controlled by a computer is an inviting high-value target.
“Trucks are also more vulnerable to these attacks as they use a common protocol making it easier to compromise a fleet of trucks,” Argus Cyber Security researcher Monique Lance told Trucks.com.
The freight industry has already been a victim of cyberattacks, through GPS spoofing. So-called spoofing attempts to deceive navigation paths, which is commonly done by bouncing off GPS signals. The spoof can target the GPS satellites used to guide transport and mimic the satellites to send new navigation signals.
On June 22 of this year, the U.S. Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot. It was soon found that this affected 20 vessels, expected to be the first documented cyberattack of its kind. It will be essential to take the necessary steps to counter any such interventions in the future.
A secure external gateway that ensures safe external communication with devices/any component connected to the truck is crucial.
Argus Cyber Security has been working with some vehicle manufacturing heavyweights on cybersecurity systems for the last four years. Argus offers comprehensive, modular and multi-layered protection from vehicle hacking. Similarly, TowerSec Automotive Cyber Security is a leading global solution vendor, specializing in delivering onboard cybersecurity software products to OEMs, suppliers and the aftermarket telematics manufacturers.
Also, Harman International, a subsidy of Samsung Electronics, announced the launch of the International Cyber Security Smart Mobility Analysis and Research Test (SMART) Range in Israel. The SMART Range will fulfill the vision of an automotive development ‘playground’ in a smart-city environment, an innovation hub serving automakers, Tier 1 auto suppliers and academic research institutions for the testing and the certification of automotive cyber security, autonomous driving, and smart mobility technologies.
Automotive cybersecurity has been on the agenda of governments and institutions for some time. The Society of Automotive Engineers (SAE), which sets standards for the automotive, aerospace and commercial vehicle industries; or the Auto-ISAC (Resource and Analysis Center), a prominent industry body created by OEMs and Tier 1 companies, seek to enhance cybersecurity awareness and coordination across the global automotive industry.
Blackberry, recently released a white paper, highlighting what is called the seven pillar recommendation that helps reduce the vulnerabilities to cyberattacks in the automotive industry.
Policy for trucks is usually set by government bodies such as the National Highway and Traffic Safety Administration (NHTSA) or the Department of Transportation (DOT) in the U.S. Typically, the industry does not support a standard set of policies, as in many cases that can strangle innovation.
The whitepaper advocates for a standardized approach. “We feel that NHTSA and DOT can mandate a minimum set of requirements, such as the seven pillars, with certain criteria to be met to achieve a certain score,” it says. The star scoring system can be used for educating consumers, and help rank product offerings. “However, implementations should not be mandated and left to the automakers.”
It is essential for OEMs to tackle the issue of cybersecurity before the release of autonomous vehicles, to allow for a smooth transition. Points of vulnerability will most likely be exploited by those who seek to cause harm, economically or otherwise.
Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.