Ahead of the electronic logging device (ELD) implementation date, one common line of argument against the use of the devices was privacy concerns. To date, there have been no verified accounts of ELD data somehow getting hacked, but that hasn’t slowed the concern.
All the ELD providers have maintained that the data is safe, that the devices themselves are merely collection units, and they do not provide any access to further data. However, they do include identifying driver information that is necessary for roadside enforcement. And there is always the transmission of the data itself from the device to an enforcement agent. How safe is that process?
According to Daren Lauda, vice president & general manager, North America, for Teletrac Navman, there are over 200 ELD providers and whether they all provide proper security of data needs to be considered, and in some cases, may be an unknown. And in reality, it is not so much the devices themselves, he notes, but the companies and FMCSA where a hack is more likely.
“With an ELD solution, we’re storing someone else’s driver data,” he tells FreightWaves. “Does FMCSA protect the data when it has it?”
It is somewhat of a rhetorical question, of course, because FMCSA is required to protect the data under law. The reality is, FMCSA has had this kind of data for years – just not in electronic form. The broader point, though, is that there are few mechanisms or standards to ensure data privacy – not just for ELD data, but all data commercial vehicles generate.
That’s why what Teletrac Navman has just gone through is so unique. Last week, Teletrac Navman announced that its Director platform had achieved FedRAMP Ready status from the Federal Risk and Authorization Program (FedRAMP) and had been prioritized to receive a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB).
Director is a GPS fleet management platform and is currently in use in over 500,000 vehicles across six continents.
FedRAMP is a U.S. government-wide risk management program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services among federal agencies. Currently, Director is the only GPS fleet management solution to be selected for a JAB P-ATO, which applies to non-classified technology systems under the Federal Information Security Management Act (FISMA), the company explains.
But what does this actually mean? It boils down to data security, and as more data from commercial vehicles becomes available, the fear of cyberattacks grows.
While the FedRAMP certification enables Teletrac Navman to sells its telematics solutions to the federal government and its contractors, it also ensures that the products meet the strictest security protocols.
Lauda explains that the rigorous process involves meeting over 50 different certifications, including some basic levels such as conducting background checks on all employees, and took the company more than 6 months and over 600 pages of documentation to meet. The process will also help with commercial products, Lauda notes, as some of the steps the company had to implement to achieve FedRAMP status can be applied to securing additional marketplace certifications. There is also the overall trust factor that comes from knowing a company meets government standards, he says.
“Everything we’re doing to get ready for FedRAMP makes our entire infrastructure better,” Lauda says.
In the case of Teletrac Navman’s commercial customers, Lauda explains that the company utilizes a private cloud through Amazon Web Services to transfer all data so any data – including that ELD data – never touches a public cloud, significantly reducing the chance of an attack.
“One of the things I wondered about as ELDs took shape was that there were a lot of providers that [popped up],” he says. “I think a lot of the companies in the consumer space have a customer-first model, and then does it work, and security was third. Security is always first in our mind.
“The people and processes really matter when you try to secure people’s data,” Lauda adds.
Data breaches can be costly for companies. Maersk and FedEx each said hacks in 2017 cost them $300 million each.
“In today’s cybersecurity climate, where a single data breach can prove catastrophic, we recognize that the protection of government information and critical infrastructure is beyond imperative. By participating in the FedRAMP program, Teletrac Navman underscores its commitment to maintaining our federal customers’ security posture,” Lauda says. “Additionally, our private-sector customers can remain confident in the protection of their most sensitive business data with Director’s government-grade security standards.”
Teletrac Navman said it was told by FedRAMP officials that it is the first GPS/fleet management telematics provider to achieve the certification. Director is now in the “in process” stage of the certification program and once that is complete, it will be “authorized” by officials.
Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.