Security in the truck industry used to be a matter of locks and fences. Now that information has become as valuable as the freight it accompanies, security concerns have moved out of the terminal and into the invisible electronic world with firewalls, encryption, network redundancy, virus monitors and other systems designed to keep data safe from both acts of god and acts of criminal intent.
With the terrorist attacks of last September and concern over future threats, asset security has taken on new important for the trucking industry. While most fleets have moved quickly to protect their physical assets from harm or misuse, many may be overlooking or underestimating their exposure to IT-related dangers in this new data-driven business environment. Even if fleets installed basic security schemes when they established their IT networks, the world of information evolves quickly; it may be time to at least review that portion of the company's information operations.
“System security doesn't come up when we initially talk to fleets (about management systems) because it isn't part of the business process,” says one major industry software developer. “We can help, but they have to first identify security as a business continuity issue.”
“Anyone running a network who isn't concerned about data integrity and security has their head in the sand,” says another industry software provider. “We've seen a simple email virus put a fleet's system out of commission for two days.”
IT security within a fleet's operations starts with frequent, systematic backups to protect data and application updates in the event of a system failure.
Unfortunately, says the software developer, learning the importance of complete backups comes at a huge price when a fleet attempts to recover from a system crash. “Often, they've done some backups but didn't cover their entire operation, especially application modifications, so they have a difficult time recovering,” he explains.
Even fleets with stringent backup procedures often lack true disaster recovery protection, in large part because it can be expensive, requiring up-front installation costs as well as on-going maintenance fees. Some take minimal steps, such as storing backup tapes in separate facilities, but few feel they can cost-justify maintaining redundant facilities and network systems.
One fleet that has is Watkins Motor Lines, which contracts with IBM for disaster recovery services. “We test the system once or twice a year,” says Dave Lichtel, director of technical operations. “Our goal is to get anything involving freight management, our imaging system and accounting up within 24 hours.”
Sometimes called “hot-swap facilities,” such remote recovery sites should be at least evaluated by all fleet operations in terms of short- and long-term business losses from a prolonged system recovery effort, say IT industry consultants.
The IT operations should also look at redundant access points to networks that can also be vulnerable to natural or man-made disasters. “If our T1 line goes down because someone cuts a cable, we can switch to a satellite dish on our roof,” says Bill Nye, CIO of the online equipment auction house Hookup.com.
Another, much simpler internal security issue often overlooked by fleets is physical protection of their data. “Someone can walk into your data center and walk out with a disk in their shirt pocket that has 100s of megabytes of data,” says Nye. While some may question who would want to steal a fleet's data, Nye points out that customer credit reports, employee social security numbers, and bank information for both are classified as private. Any business that collects and stores that data is required by law to take steps to protect it.
Security would be much easier if a fleet never had to venture beyond it's own internal network, but isolationism won't work in the modern business world. The value of IT for a distributed business like trucking lies in efficient communication of data with customers and remote locations. With its open standards and easy access, the Internet has only accelerated the shift to data communications outside of a company's internal network.
As most understand, with this openness comes the danger of intrusion from hackers or, more likely, damaging viruses. “Fleet customers want access to service information, but the fleet has to decide how much to open the kimono,” says the developer. “The fleet has to strike a balance between protecting itself and still satisfying customers.”
Virtually all fleet operations with external access to their data networks use some type of firewall and log-on system with passwords to protect against intrusions. However, as more and more business moves to Internet data communications, the task of protecting a company against illegitimate intrusions gets increasingly complex.
“As the industry moves to more sophisticated servers and systems, it needs to take advantage of more sophisticated protection,” says one experienced software provider. “Data security and system integrity is definitely going to become more of a concern for fleet customers, especially those involved in supply chain logistics.”
Hookup.com, for example, uses a “lock-and-key” system that goes well beyond simple password protected log-ons. “When someone registers, they're assigned their own (software) key, which only unlocks files that are appropriate for that person,” says Nye. “The key for access to a privileged use has to be assigned by one of our customer service people.”
ASP (application service provider) operations, which store a fleet's data offsite on the vendor's servers, should also offer a higher level of data security, says the developer. “It's their core business, so they should be up on security issues,” he explains. “But you should still ask how they're going to protect you since you run your business with the data they store.”
Whether it's trucks or electrons, security is first and foremost about anticipation, about asking questions and pondering what-ifs. It may be harder to identify threats to a non-physical asset like your fleet's data, but it shouldn't be too hard to imagine what it would mean to your business if you lost that data or access to it. And from that perspective, IT security begins to look like relatively cheap insurance.
Protecting the IT infrastructure
A panel of fleet IT specialists and suppliers is scheduled to talk about security for the infrastructure that supports trucking's information technology at the Technology and Maintenance Council's (TMC) upcoming annual meeting.
Among those scheduled to participate in the panel are Dave Lichtel, directory of technical operations at Watkins Motor Lines and Mark Sands from wireless service provider Qualcomm Inc.
The annual meeting and transportation equipment exhibition is being held Mar. 5 to 8 at the Ft. Lauderdale Convention Center in Florida. For more program and registration information, call 703-838-1763 or go to http://tmc.truckline.com.
For daily trucking news, go to www.fleetowner.com