Cybersecurity and Big Rigs

Cybersecurity

Concerned about Cybersecurity ?

In the initial years of digital technology and connectivity being infused with automobile, researchers took to show that they could hack a Chevy Impala or a Jeep Cherokee to hijack their steering and disable the vehicles' brakes, the findings were an alarming wakeup call to the consumer in the automobile industry. However, industrial automakers are still in line for for a reminder that they, also are selling susceptible computer networks that are connected to their vehicles, these are moving vehicles with carrying weights of 33,000 pounds and upwards. In recent times, breaches of cyber security and other similar incidents have generated continuing discussions both inside and outside the trucking industry and community.

All of this being a part of a emergent trend about the liabilities posed via internet of things (IoT) devices. Internet of things devices are not only phones and computers, but includes also modern home appliances, vehicles and everything that open connections to the Internet. As the number and kinds of connected devices are increasing in astonishing speeds, so have the associated security risks. This article intends to raise awareness amongst our readers and communities there forth, in regard to the risks that come along with the advancement of technology and the vulnerability of big rigs’ electronic systems.

A recent study shows that U.S. ransomware attacks almost tripled in just the first three months of last year. The relevant incident reports show that in these incidents, the hackers use malware to shut down part, or all, of a fleet’s technology system and then demand money, often large sums, to reopen access to the data. Such events like this impact a small fleet’s bottom line, but also it can severely disrupt its ability to work with larger carriers, 3PLs and shippers. The report noted that hackers are now shifting their focus to small-to-medium-sized businesses – which, usually are owner-operators. Even though small businesses don’t have the resources to pay very large ransoms, it is presumed hackers are more and more targeting them since they believe these smaller firms don’t have the enterprise grade technical resources to detect or defend from these attacks. This lack of IT support and security expertise — combined with the fact that larger carriers, third-party logistics companies and shippers who use owner-operators will continue to demand more stringent security compliance in the years ahead. This creates significant challenges for the trucking industry‘s smallest businesses.

Hacking

In a recent hack simulation study, researchers were able to do everything from changing the readout of the truck’s instrument panel, trigger unintended acceleration, or to even disable one form of the semi-trailer’s brakes.

An FBI public service announcement in October 2019 warned that ransomware actors are actively targeting health care organizations, industrial companies and the transportation sector. These hackers are the epicentre of the new wave of cyberattacks that intend to and can cripple trucking and logistics firms and put the entire transportation infrastructure at risk.

This FBI warning was due to a few notable cyberattacks in recent time on our industry. Last year in summer, hackers attempted and succeeded in an attack on the LTL fleet A. Duie Pyle. The hackers disrupted the company’s capacity to communicate with shippers, and they also shut down the company’s website. Similarly, last year a ransomware attack on Roadrunner Systems ended up costing the company millions of dollars in repair costs and downtime. It is only a matter of time before owner-operators become susceptible to such kind of attacks. Similar to larger firms, Owner-operators would have to face the same wide-ranging set of risks. This usually ranges from phishing attacks or links in email that trigger malware on their networks and devices. Since owner-operators are often integrated into freight brokerage systems and other platforms that have sensitive data and links to larger firms, thus would be used as a gateway and therefore likely to be a target. This therefore essentially creates significant risks for both parties and can be detrimental to long-standing relationships that owner-operators have with shippers, brokers, carriers and all other related parties.

Today, all modern big rigs here in the U.S use the SAE J1939 Standard (J1939) for their internal networks. The reason for the use of J1939 is because of the accesability and control it gives to electronically control drivetrain components of a vehicle, which is one of the key drivers of a rigorous effort to maximize fuel efficiency. Since multiple organizations are involved in the building of heavy vehicles, it required a standard to minimize the engineering effort and the intricacies of integrated systems. An important fact is that the J1939 is not the first standard for heavy vehicles, but instead the successor of the previous standards; the SAE J1587 and SAE J1708 standards. Although standardizing these communications have been proven crucial in enabling various suppliers and manufacturers to synergize and result in significant efficiencies and cost savings.

On the downside it also signifies that the majority of heavy vehicles currently on the road in the US, from semi tractor-trailers to garbage trucks and cement mixers to buses, employ the same communication protocol on their internal networks. Exposing the industry to the vulnerabilities of cybersecurity. A broader view is required as Heavy vehicles play an important role in our nation’s economy.

Even though big rigs are radically different from consumer automobiles in many ways, however they are similar internally in that they are composed of a distributed system of electronic control units (ECUs) that communicate over a CAN based network.

With the moving towards digitization as a civilization, the trend for big rigs is one that moves away from purely mechanical systems towards more electronically controlled ones in the hunt of the promise of fuel efficiency, driver comfort, and safety. Real Applications is that now heavy trucks are mandated in the US to have electronically controlled anti-lock brake, anti-slip regulation, and active rollover protection systems. Furthermore, active lane keep assist, collision avoidance, and adaptive cruise control systems are available, and a couple companies are even touting their autonomous trucking capabilities. These systems bring electronic control to safety critical components which necessitates a focus on robustness, reliability, and security.

As most big rigs are part of a larger fleet of vehicles which essentially monitored over long distances through the use of fleet management systems (FMS). The FMS standard which was developed as early as 2002 is a worldwide standard developed which combines satellite and cellular communication to provide information about vehicle location and status. Some status messages defined by FMS include vehicle and driver identification as well as the state of the electronic engine controller, cruise control module, and fuel levels. The FMS standard enables third party systems to integrate with the API across manufacturers which is an additional benefit for the fleet owners, but as we’ve seen in the consumer segment, third party devices don’t always prioritize security. To validate this, a blog post in March, 2016 exposed over 1,500 third party fleet management systems with connections to the vehicle’s internal network whose Telnet port was wide open. This indicates the possibility of viable long-range attack possibility on big rigs.

ELD

Congress legislature was passed on the Hours of Service and much recently mandated on the so-called ELD Rule with the goal of improving the safety of millions of drivers on the road and reducing crashes. The rule had come into effect in December 2017, ever since fleet operators are using legacy automatic onboard recording devices (AOBRDs). The electronic logging device mandate grabs the lime light when it comes to the potential hacking in trucking as most ELDs open up a connection to the cellular data network, whether directly or through paired smartphones or tablets. As the main functionality being that ELDs automatically keep track of the driver’s hours of service by connecting to the engine, and that most ELDs use a cellular data network connection. Even though many ELD manufacturers have said it’s virtually impossible to hack these devices because they’re designed to only read data, security researchers have continued to prove otherwise. Testing five different ELDs, cybersecurity company IOActive found susceptibilities that possibly will allow hackers to “pivot through the device and into the vehicle,” with ruinous consequences. During the testing it was established that In-vehicle components lack in cybersecurity safety features such as a secure boot, encrypted communications and privilege separation. In addition to this, other concerns that were raised was the inclusion of secure communications, authentication and other basic security features in cloud systems.

A prospective solution to ELD security is a hardware device called CAN (Controller Area Network) Data Diode. In regard to this, Jeremy Daily, Ph.D., associate professor of mechanical engineering at the University of Tulsa, developed the technology with help from students as the director of the university’s CyberTruck Experience program an initiative by NMFTA.

The CAN Data Diode administers the network’s read-only policy, preventing communication from the ELD to a commercial vehicle. Upon this breakthrough proof-of-concept, we believe the device is ready for commercialization, and it was stated that the university is on the verge of signing with commercial partners to commercialize it.

Another important point of concern is at the equipment evaluation stage, where motor carriers should only work with trusted vendors having good credibility. Also it is important to consider onboarding a reputed consultant with experience in the industry. Understandably, carriers should only consider devices registered with the Federal Motor Carrier Safety Administration (FMCSA). Carriers should also give strong contemplation whether the ELD should be allowed any interaction with a driver’s personal device through wired, wireless or Bluetooth connections. Industry experts are naturally united on a no pint of view in this regard, as for the sensitive data the devices contain and the usually poor security procedures users generally employ on their personal devices. In addition, carriers should consult with the manufacturers to better comprehend what risks may be associated with the respective type of vehicle and an ELD.

Moreover, carriers should think through whether the device should use wi-fi or bluetooth connections beyond the minimum requisite of communication with law enforcement. This is a precise concern for ELD’s using internal wi-fi or bluetooth functionalities to connect to a smartphone, tablet or laptop. Lacking resilient security shielding that wi-fi or bluetooth network, the ELD may be susceptible to outside hackers. Furthermore, some experts do not recommend using bluetooth for an ELD other than to transmit carefully limited information to law enforcement. A wired connection between the input device and the vehicle is generally the most secure. Communication beyond the truck and law enforcement, over unsecured wi-fi should be barred. Since, open wi-fi networks can be especially unsecure and hence, experts only recommend using cell phone carrier data connections for communications apart from the truck’s cab. Practically free public wi-fi is hardly ever well-protected and, what we should be aware is that, such networks may be there to simply to bait unsuspecting users for the purpose of hacking.

Procuring of ELD - When procuring ELD equipment, carriers should prudently review the equipment warranty information to determine if it includes warranties about the ELD software’s security, in addition to day-to-day functionality. Vendors should guarantee their hardware and software should be listed with the FMCSA registry of compliant ELDs for the duration of the device’s life. Carriers should also demand a specific support from the vendor if the ELD is “de-registered”. It is important to remember that the FMCSA rules focus on data integrity and driver privacy, not security. Thus, carriers should not assume that an ELD registration with the FMCSA provides any data security.

Installation of an ELD – Owners/Carriers should ensure that the ELDs be professionally installed. Precise care should be paid to the physical connection between the ELD and truck, as this connection can be easily hacked by anyone with the minimum access to a truck. The connection inbetween the ELD and the truck must be secure and intended to specify whether it has been breached. Moreover, all software used to uphold the connection between the ELD and the truck should be up-to-date and must be regularly updated. Sporadically, in between the ELD’s manufacture date and the vehicle installation date, the ELD vendor will issue numerous software updates that will contain important security updates that will not be patched unless the software is updated.

Upon the initial ELD installation and programming, all remote software access to the ELD should be closed or disabled, as well as access by the manufacturer. It can be unlocked later, if required. Manufacturers give default passwords for users and administrators, this also must be changed. System should be as such that multiple failed logins should force a device lockdown requiring an administrator reauthorization process. However, one should also give thought to that process, as such an event occurs to a driver at 3:00 a.m. the reauthorization process should be able to be completed remotely using appropriate authentication protocols.

ELD Training – Education and training of drivers about the importance of proper security when using their ELD should be provided by the Carrier/Owner. In this training it should mentioned that drivers must memorize their login and password information instead of placing sticky notes on the ELD screen or other unsafe methods commonly used by drivers. Logins must be, by FMCSA rule, unique to each driver. Also, to maximize security, passwords should have a raised level of complexity in length and content by requiring the use of numbers, capital letters, and special characters. Carriers should force password changes periodically and prohibit the re-use of old passwords. Experts suggest using a two-step verification process for login to enhance security. Add another item to a driver’s pre-trip inspection checklist to be sure the ELD and its connections are free from any evidence of tampering. Develop a protocol for the driver to follow if anything about the ELD is out of place or doesn’t “look right”.

Everyday Use - First, keep the software updated. Vendors should provide frequent and easy software and firmware updates without charge. Those updates can protect ELDs from later discovered security concerns as well as offer feature enhancements. Carriers should also develop a process to regularly install software and security updates for all aspects of the ELD’s operation and make vendors demonstrate the secure update process. Be sure that process does not leave administrator level access wide open between updates. Second, keep back office software similarly up to date. Third, strongly consider using professionally managed offsite storage and back up of all ELD data. Like using reliable cell phone networks, well known data storage and hosting services provide increased security and physical separation for stored ELD data.

At the back office, consider whether to connect the ELD network with other business-related computer networks such as finance, operations or customer tracking and etc. Since the ELDs integration into any other in-cab communication capable devices, it may be wise to have no connection between the ELD network and anything else at all. This physical separation may significantly protect the motor carrier’s other networks from hacks coming through the on-road ELDs.

Generally, ELDs demand added security vigilance which must weave with a well-designed scheme most motor carriers already have in place. Nonetheless, if a company’s existing security measures are distressingly insufficient, the installation of ELD’s may be just the motivation required to implement an company wide data security plan.

Counter Measures

Auto makers and their suppliers are aware of the cybersecurity risks of autonomous vehicles and are taking a three-pronged approach to developing vehicle security. The first layer of security deployed by automakers is a series of firewalls that separate subsystems within the vehicle. If one subsystem of the vehicle is compromised, the firewall prevents the hacker from gaining access to other vehicle subsystems. For example, if the hacker cracked the code for the infotainment system, that would not guarantee access to the door locks or ignition.

The second layer of protection is the ability to quickly update software via the cloud. Right now, companies testing pilot programs are at an advantage with autonomous vehicles. Fleet managers can deploy and update cybersecurity patches using cloud-based services to help fortify the automotive software systems. Tesla, for example, uses software updates to fix bugs and vulnerabilities. However, legacy auto makers such as Ford, Honda and Toyota aren’t currently able to upgrade most software systems via the cloud. Ford and General Motors have announced plans in the next four years to have their new vehicles equipped with security systems that can receive cloud-based software updates.

The third layer of vehicle protection uses artificial intelligence to detect deviations in the behavior of the vehicle systems. This enables auto makers to quickly detect cyberattack attempts before they create significant damage.

Auto-ISAC (the industry’s Information Sharing and Analysis Center), in collaboration with two automotive associations, has developed best practices for the larger automobile industry. The practices, which also apply to heavy vehicles, use a risk-based approach. They focus on seven principles:

Security by design
Risk assessment and management
Threat detection and protection
Incident response
Collaboration and engagement with appropriate third parties
Governance
Awareness and training

Managing and acting upon the growing number of security alerts can become very complex, especially for large fleets. For that reason, a robust Security Operations Center (SOC) is needed to ensure all alerts are analyzed and handled properly. Such SOCs are already operating, and as more connected vehicles with greater degrees of connectivity and autonomy come off the assembly lines, more of these SOCs will be built.

Detection of behavioral anomalies that indicate potential intrusion require sophisticated algorithms that, because of technical and cost limitation, cannot reside in most of the vehicles on the road today. So to be fully effective, SOCs will need to deploy the advanced anomaly detection technology to analyze the data coming from vehicles over the network and effectively detect anomalies and intrusions.

Likewise the capability of over-the-air software updates, enabling quick protection against malware and hackers. When you select the IoT device, make sure it was engineered with security in mind.

Security Systems

As automobiles tend to have long product life cycles, there is a possibility that they are exposed to attacks that have evolved compared to attacks that were anticipated at the time of factory shipment. So with the usage of security systems, it becomes possible to collect information of the evolved attacks on the cloud side and detect the evolved attacks by distributing and updating the new rules of the countermeasures to the vehicles. It is done by detecting the intrusion of attacks and viruses to the vehicle system due to cyber-attacks and discarding and disabling them using the prevention system. They will make it easier to comply with future in-vehicle security legislation.

In addition to the widely used CAN, the systems are also compatible with Ethernet, which is expected to spread in the future as an in-vehicle network, and enables comprehensive detections of intrusions to the entire vehicle.

By collecting information from numerous vehicles on the cloud, the systems can detect attacks before they are identified as a true security incident.

Usually systems consists of a vehicle-installed "monitoring module" and a "monitoring cloud" that is linked to the monitoring module. The vehicle-installed monitoring module monitors the entire vehicle based on the monitoring rules. By using the company's newly developed systems, once the attacks that cannot be detected with existing monitoring modules are discovered, the systems can prevent new attacks by updating the monitoring rules from the monitoring cloud. Therefore, it helps to maintain safety even after the vehicle is released on the market.

Also, by covetous signs of attacks before they are identified as true security incidents, they are possible to implement countermeasures in advance so that they can minimize the effects of the attacks.

Technical Features to look for in systems

In-vehicle device-type host intrusion detection technology: This technology detects intrusions from the Internet, which is an early stage of the attacks, and can be installed and used with Internet connected devices (IVI/TCU) In addition to clearly identifying the attacks from the obtainable logs from an OS like Linux and other various security functions, the system can also detect the attacks by combining multiple behavioral information.
In-vehicle device-type CAN intrusion detection technology: This technology detects intrusions to CAN communication systems, which is a second stage of the attacks, and can be installed and used with CAN connected devices (ECU) There are two types of CAN monitoring usages, which consist of (1) CAN filter that filter unauthorized CAN commands received by the installed ECU, and (2) CAN monitoring that detects unauthorized commands by monitoring all CAN bus systems that are connected by the installed ECU. Unauthorized commands are judged by taking into consideration various conditions of the vehicle, so it is possible to reduce the number of false positives under specific conditions. Detection of unauthorized commands can be made for each single command, resulting in real-time prevention after detection.

In-vehicle device-type Ethernet intrusion detection technology: This technology detects intrusions to Ethernet communication systems, which is a second stage of the attacks, and can be installed and used with Ethernet connected devices (ECU) There is an Ether filter that filters unauthorized Ether frames that are received or intercepted by the installed ECU (Ethernet Switch ECU, etc.) The system consists of the overlook method, which can lightly determine unauthorized commands by analyzing the frame headers and a detailed method, which has a high-load operation, but can accurately determine unauthorized commands. Flexible detection is possible by combining these methods.
Cloud-type vehicle intrusion detection technology: This system analyzes a large amount of logs collected from in-vehicle devices of multiple vehicles through machine learning and can be used by placing it in the cloud. As for the usage, in-vehicle network model that has conducted prior learning, will automatically narrow down the logs that may become potential security risks. After that, the attack analysts will analyze only the selected logs. By linking with various in-vehicle device-type intrusion detection technologies, it is possible to grasp signs of attacks before they are identified as true security incidents.

Best Practices

Assessing risk and the nature of identified threats and vulnerabilities through a defined process that’s consistent with the overall risk-management strategy
Using threat monitoring to understand current and emerging threats and reduce enterprise risk
Identifying threats and vulnerabilities through routine scanning, testing of the areas with the highest risk and other means
Establishing standardized processes for identifying, measuring and prioritizing cyber security risks
Creating and documenting an incident response plan that includes identification and containment through remediation and recovery
Conducting periodic testing and incident simulations to facilitate the preparedness of the incident response team
Establishing training programs for internal stakeholders, as well as cyber security awareness around vehicle security, IT and mobile devices
Have an incident response plan; consider what would happen if a telematics provider stopped service; assess what impacts on your business operations cyber security incidents in your systems or those of your suppliers could have.

Developments and Outlook in Cybersecurity of Trucks

The International Society of Automotive Engineers, or SAE, has established the Vehicle Electrical System Security Committee to evaluate challenges and technical solutions and draft standards and best practices to help ensure the safety of vehicle electronic control systems and safeguards against cyber-security threats in current and future motor vehicles.

The U.S. Council for Automotive Research (USCAR) formed a Cyber-Physical Systems Task Force in 2007 and participates in National Science Foundation workshops.

Automakers are bench-marking cyber-security initiatives in other industries, including airlines, railways, and medical. The prevention strategies used in these industries include advanced security architecture, patch management, intrusion detection, prevention and cloud security measures, which are in varying stages of adaptation to the private vehicle environment, according to the Auto Alliance group.

The Defense Advanced Research Projects Agency or DARPA (the Pentagon's research arm) is often associated with a competition to develop self-driving cars, but DARPA also funds projects to test auto security. In a 2013 project, researchers needed physical access to a vehicle in order to redirect some electronic functions.

For its first CyberAuto Challenge in August 2012, Battelle invited top-notched high school and college students to the U.S. Army’s Aberdeen Proving Grounds outside Washington, D.C., to work for a week alongside two dozen automotive engineers, IT researchers and government and Department of Defense officials to conduct an auto “hackathon.” The second CyberAuto Challenge took place in July 2013.

Vehicle manufacturers participate in DEFCON conferences, like the August 2013 event in Las Vegas, to contribute knowledge and expertise regarding cyber-security research involving motor vehicles.

Conclusion

It is reasonable to assume that with more time an adversaries could create even more sophisticated attacks, one that could be implemented remotely. With Bluetooth, cellular, and WiFi, modern trucks are becoming much more connected to the outside world, which present new attack paths. Our hope is the heavy vehicle industry begins to include the possibility of an active adversary in the design of their safety features. It’s just about been a century since the invention of the internal combustion engine; the issues that concerned manufacturers, OEMs, and drivers then are far different from the ones that concern them today. In addition, over the next decade, vehicles are likely to change much more than they did in the past century. 2022 in many ways could be seen as a “make or break” year for vehicle cybers ecurity — the year that the vehicle industry finds the solutions needed to ensure the coming connected and autonomous vehicle future.