By Moshe Shlisel, CEO and co-founder of GuardKnox
Today’s cargo fleets are integrating more and more connected technologies, bringing substantial improvements in performance. But greater connectivity also means greater vulnerability to cyber attacks — a serious threat even in boom times. Amid the current coronavirus pandemic and a sharp global economic downturn, it’s now more important than ever that essential goods like medical supplies and food reach their intended destinations free of malicious disruptions.
For hackers, any system with Wi-Fi, Bluetooth, GPS, or internet connectivity – including federally-mandated electronic logging devices (ELDs) for trucking and transportation fleets – represents an enticing entry point for attack.
And it can work two ways. First, vehicles can be directly hacked through their internal communication networks, enabling hackers to take control of the one vehicle and the vehicle can serve as a gateway into the fleet company’s IT system itself.
Alternatively, hackers can enter through fleet companies’ IT systems and ultimately penetrate vehicles within the fleet. By gaining access to these systems, hackers can inject harmful ransomware devastating enough to paralyze entire fleets.
To protect the safety of fleets’ cargo and to avoid financial ramifications, it’s imperative that OEMs ensure that they implement robust cybersecurity protection. Now more than ever, people’s lives and livelihoods hang in the balance.
Ransomware and safety-critical systems
Ransomware can prove highly lucrative for hackers – and highly damaging to networks and fleet operators that experience such an attack. The NotPetya ransomware attack, linked to a group of Russian military hackers, is perhaps the most potent example of the havoc these attacks can wreak: Victims received ransom messages requesting payment if they wanted to unlock their files, but all computer files were encrypted anyway, with some completely erased. This particular attack cost FedEx’s TNT courier delivery service nearly £221 million, impacting both deliveries and sales.
More prominently, the 2017 WannaCry cyber attack disabled computers across the globe, with North Korea-linked hackers demanding locked-out users pay ransom in Bitcoin. In the United Kingdom alone, the attack shut down computers across the nation’s hospitals and cost the National Health Service £92 million. Crucially, hackers penetrated below the level of IT-based cyber solutions, via a zero-day vulnerability found in out-of-date operating systems, highlighting the need for connected devices to be secure by design.
The implications of a similar attack on cargo fleets would be grave – particularly given how many safety-critical systems, whose malfunction could result in death or injury to the driver, are internet connected. By 2022, two in three new vehicles in the United States will have connected safety-critical systems. Ransomware attacks on these systems – among which include brakes, steering wheels, and airbags – can stop entire fleets of vehicles from functioning or even bring them to a halt on the highways, potentially causing significant casualties. Massive supply-chain chaos would financially harm fleet operators, as well as potentially cause billions of dollars of economic damage.
Understanding ransomware
How might hackers go about executing such an attack? They’d start by obtaining a small set of target vehicles on which to practice. Hackers would then create a primary malware for infiltrating the vehicles (or fleet IT network), perhaps with the aid of a social engineering attack in which they gain access to sensitive information through malicious (if seemingly legitimate) emails. Their next order of business is finding a mechanism for actually infecting vehicles with the malware, via an over-the-air (OTA) update or through a physical connection, for instance.
Malware – either the primary malware or some secondary malware it has spawned – then targets the vehicle’s ECU. Executed across an entire connected fleet, the ramifications could be catastrophic.
Even the less calamitous possibilities are troubling to contemplate. Say hackers successfully extort a ransom payment: It’s possible they may simply pocket the payment and allow the attack to proceed anyway – but even if they unlock the vehicles, fleet owners will still have paid a substantial sum, likely in cryptocurrency payments that authorities won’t be able to trace.
What’s at stake for fleet owners
The financial costs to business go beyond any payments lost to hackers and not covered by insurance. If a shipping company has its fleet disrupted by a cyber attack, the company will experience substantial downtime between the onset of an attack and its resolution – and for many businesses, as well as the economy, downtime can prove devastating. In some cases, paying the ransom will be cheaper than going through the necessary steps to remove the ransomware, which could take weeks.
The risk isn’t merely theoretical. After the Australian Toll Group fleet operator was struck by a ransomware attack earlier this year, it took six weeks before deliveries and core services were returned to normal operating capabilities.
That attack came on the heels of a 2019 ransomware attack targeting Pennsylvania-based trucking company A.Duie Pyle; it took days before the company was back online, and once systems were restored, the company had to rebuild all its applications. And while the financial cost was never disclosed, it’s clear that the fleet operator, their customers and others in the economic shipping chain, were hurt financially.
To avoid a hit to business – or worse – fleet owners need cybersecurity solutions that can be implemented across their entire fleets during production as well as in the aftermarket. Because a fleet is only as secure as its least secure vehicle, it’s essential that each and every vehicle in the fleet is cyber-secure. For automakers to safeguard vehicles against ransomware threats, security-by-design must be the fundamental principle underpinning every aspect of the vehicle; more importantly, for models already on the road, aftermarket solutions are necessary for all fleet vehicles. Fortunately, for manufacturers, solutions currently exist that can be easily retrofitted to existing trucks at minimal costs.
By providing ongoing monitoring of all messages transmitted in the vehicle network, an automotive cybersecurity solution can guard against both known and unknown threats, preventing infiltrations.
In this increasingly connected age, it’s inevitable that virtually every organization will face a hacking attempt – and for hackers looking to maximize their impact, cargo fleets represent prime targets. Only by fortifying each vehicle in their fleet against this threat can fleet owners stop hackers in their tracks.
