Steve Brumer, partner of 151 Advisors, said a recent discussion with the CEO of a trucking and warehousing firm is indicative of too many businesses across the United States. That CEO was unaware of any specific steps his company was taking to proactively protect its trucks or handheld devices from cyber threats. Instead, he was counting on third-party software partners to provide protection, though he was unaware of any details.
“A large segment ... is relying on third parties to take care of everything,” said Andrew Kopecki, owner of Advantage Asset Tracking.
The dangers were outlined in a recent PeopleNet white paper, which noted there have been cases where hackers stole customer data and contacted freight brokers, booking loads on false pretenses. That is an example of the legal problems that go along with ownership of the data being transmitted by third-party systems if there is a hack, Kopecki said.
While more attention may be paid to ransomware attacks, Kopecki said a data breach via a third-party system is more likely and would be a “much more realistic threat than being hacked.”
Fleets that have taken proactive steps need to “understand that cybersecurity isn’t a ‘set it and forget it’ solution,” said Dave Covington, chief technology officer of Noregon System. “As technology advances, be prepared to adapt your policies to keep up with the pace.”
And that includes training technicians to detect an electronic component on the vehicle that does not belong, he said.
Brumer and Kopecki also warned of possible dangers from the increasing pace of integration between technology suppliers across the transportation space. While these partnerships can offer efficiency gains, they could raise further security concerns regarding data security.
Kopecki said fleets shopping for telematics devices and other electronics would be foolish not to inquire about cybersecurity and to expect an immediate answer.
“If you don’t get really good information within 24 hours, they are probably not a good partner,” Kopecki said.
PeopleNet uses encryption and data obfuscation as a way enhance security. These measures transmit data in a binary format and sent separately from the encryption keys. As a result, there is no way to decipher what the data shows, even if it isn’t encrypted, PeopleNet said.
Noregon’s Covington recommended to “hire the right people, provide the correct training, and remain educated and proactive to emerging threats and you will be ahead of the curve in regard to combating cybersecurity attacks.”