A recent report from Cybersecurity Ventures indicated that the annual economic cost of cybercrimes would likely exceed $9.5 trillion in 2024. The trucking industry knows this all too well, as MarshMcLennan Agency reports the average cost of a breach in trucking exceeds $3.5 million.
In an industry constantly grappling with the challenges of cybersecurity, it’s natural for people to wonder: Is the growing presence of artificial intelligence (AI) a friend or foe when it comes to securing your enterprise and your assets?
The answer is yes. And no. And most definitively: It depends.
As with most things about AI, the world is still learning what to expect and how to understand the phenomenon. The trucking/supply chain/logistics industry has seen some real benefits, such as the ability to help with load forecasting and workforce planning. AI-powered platforms can generate reliable recommendations in a fraction of the time it would take humans to crunch the data and come to the same conclusions.
But we’ve also seen a dangerous side of AI, such as malicious actors penetrating enterprise systems and launching everything from data thefts to ransomware attacks. Malicious AI can be used in the development of malware, deep fakes, and other threats, in addition to its use in a technique called “adversarial machine learning.” The Cybersecurity & Infrastructure Security Agency explains:
Malicious cyber actors target vulnerabilities throughout the AI supply chain to cause certain behavior, unintended by the system owner or operator, in machine learning (ML) systems—referred to as adversarial machine learning. For example, malicious actors may manipulate training data, affect the performance of the ML model’s classification and regression, or exfiltrate sensitive ML model information.
The fact is that AI is a tool. Its impact on cybersecurity will be determined by who uses it and how, and whether those seeking to protect their own operations understand how to respond to it.
Consider some of the ways AI can help those looking to threaten trucking cybersecurity. AI can expand the potential attack surface. AI-powered systems facilitate the emergence of connected vehicles, which are vulnerable through far more potential entry points than traditional vehicles.
Many logistics platforms are driven by AI-generated data, and those same systems can grant hackers the opportunity to manipulate the platforms and let attackers inside.
Consider, as well, how AI is utilized for things like route optimization or predictive maintenance. It’s a breeze letting AI tell you the quickest way to get to a delivery, or when you need to have the vehicle serviced. And the more AI learns about the trends in both, the more complete it can be in guiding the fleet manager.
But if a hacker takes control of the AI-powered platform, the result could be routing chaos and trucks that are not properly maintained.
While anyone can attack a company using AI-driven cyberthreats, AI could be even more dangerous in the hands of an inside saboteur. A malicious actor looking to attack his or her own organization could use his or her familiarity with the company to make AI-generated content even more effective in executing phishing attacks or creating fake domains to capture people’s log-in data.
Clearly, AI in the hands of the wrong people can present serious threats to shippers, carriers, and 3PLs alike. But remember, AI has no agenda. What it does depends on who is using it. So, it can also be useful for the enhancement of a company’s cybersecurity.
In this report from CNBC, Google CEO Sundar Pichai explains that AI can be the first line of defense in identifying suspicious activity:
However, Pichai said AI was also lowering the time needed for defenders to detect attacks and react against them. He said this would reduce what’s known as the defenders’ dilemma, whereby cyber hackers have to be successful just once to attack a system whereas a defender has to be successful every time in order to protect it.
“AI disproportionately helps the people defending because you’re getting a tool which can impact it at scale versus the people who are trying to exploit,” he said.
“So, in some ways, we are winning the race,” he added.
AI’s predictive powers allow it to excel in threat detection, envisioning potential vulnerabilities and recommending preventive measures in advance. And as AI advances, it now has the ability to automate certain security responses. For example, certain activity might indicate the presence of a hacker, and AI can recognize that type of activity and shut down various paths the hacker could take to further penetrate the system.
Consider the potential vulnerabilities of an individual truck’s diagnostic system. The system might be designed to warn the driver if, say, the temperature of the engine exceeds 220 degrees Fahrenheit. A hacker could change that setting so there won’t be a warning until the engine reaches 420 degrees. Obviously by that time the engine will overheat. But AI could detect that unwelcome activity and counteract it.
In order for these efforts to be effective, it’s critical that preventive programs be in place before an attack takes place. That includes establishing baseline behaviors the AI can recognize, so that it can also recognize anomalous behavior that varies from the baseline. If a company performs regular audits, it can use the information gleaned from those audits to define the baseline.
At the same time, the company should create incident-response plans, which include a consideration of how AI would be worked into these plans.
Issues like these are the reason NMFTA issued its 2024 Trucking Cybersecurity Trends Report, which you can download here. The report contains extensive information on the evolution of AI and its potential to impact cybersecurity.
What we know is this: AI is only going to grow in its influence and use, and those who master it have a much better chance of turning it to their advantage. AI is a double-edged sword when it comes to trucking cybersecurity, so it’s incumbent on the industry to learn both the pros and the cons.
That gives us the best opportunity to take advantage of the former while minimizing the impact of the latter.
