This year’s NMFTA Digital Solutions Conference, which was held in November in Alexandria, Virginia, broke new ground.
NMFTA has long maintained a mission focus on cybersecurity, which culminates each year with this industry-leading conference. The 2022 edition was the first time we opened it up to professionals across the entire industry, including carriers. We did that because the issues surrounding cybersecurity are so critical to the industry at this time, and they require a perspective from people who know the transport industry as well as the tech issues.
Those who attended were certainly not disappointed, although some came away a bit gob smacked at the reality of the cybersecurity threats facing the industry.
Most were not up to speed on threats like brake attacks or sim jacking until they heard from Dr. Yongdae Kim of the Korea Advanced Institute of Science and Technology, who gave a rare public presentation because the security of our industry is so critical. Most were not aware of the security issues connected to artificial intelligence, and their implications for autonomous vehicles, until Dr. Ryan Gerdes of Virginia Tech University laid it out for them.
Dr. Kim also shared some eye-opening information about 5G broadband. While many assume that 5G connections are inherently more secure, Dr. Kim explained that most 5G deployments are just operating on co-resident 4G networks. That means they aren’t actually getting the 5G security benefits at all.
Attendees heard that and got the message – it is not safe to assume you’re secure because you’re using 5G, and they need to take their own steps to ensure the security of their data.
One of the most memorable presentations came from Dr. Chase Cunningham of Ericom Software, who explained how hackers are using small trucking companies to access the larger ones and cause even more damage to the industry.
Dr. Cunningham made the point by holding up a QR code and telling the audience they could scan it to get a free book. When people did, they found it was actually leading them to a phishing site.
His point? The reason cybersecurity is such a big problem isn’t really the technology at all. It’s people, and their willingness to click things and basically trust what they see, hear, and read. But he strongly advocated technology as the solution – controls that help protect against breaches, just as people rely on seatbelts to protect them against unsafe driving (whether their own or others’).
Ironically, Dr. Cunningham said the transportation sector has suffered few cybersecurity breaches compared to many other industries, but that’s only because it’s been slow to adopt digital technology. As that changes – and it’s changing rapidly now – the industry’s vulnerability will grow.
To truly protect themselves, Dr. Cunningham said trucking companies should start with the basics, like phishing training – much of which is simply learning common sense ways of thinking about what people see on their screens.
Learning to hover and not click, for example, or not assuming the name in the sender line is trustworthy just because it appears familiar – steps like these would eliminate many of the security problems that afflict trucking companies.
Dr. Cunningham also warned attendees to be careful about their social media presence, where it’s relatively easy for hackers to obtain critical information. The really sophisticated hackers can even use an entry point like this to gain access to things like office printers and in-office cameras.
Segmentation, he said, can protect companies there – because hackers can’t gain access to your entire digital infrastructure through one entry point.
These issues are mission critical for NMFTA right now. That’s why we had Ben Gardiner, our senior cybersecurity research engineer, share his experience developing a remote attack on the pneumatic braking system of a tractor-trailer using off-the-shelf electronics.
Ben did what?
That’s right. Ben is a “white hat hacker.” He looks for vulnerabilities in systems and helps companies come up with solutions so they can defend themselves against the hackers who aren’t so nice. He said it’s crucial for the transportation industry to understand emerging vulnerabilities.
Ben’s efforts are designed to show companies their vulnerabilities, which makes them an excellent complement to Dr. Kim’s message about the risks associated with 5G.
“New 5G security can be bypassed by forcing telematics modems to downgrade to previous versions,” Ben explains. “With the knowledge that a lot of cellular providers are lax in dealing with implementation flaws, if I were a large fleet, I would put it in my RFP that I want a telematics provider who satisfies certain cellular network requirements that Dr. Kim has outlined in his research.”
The consequences of not doing so can be crushing.
“The routing information and routing decisions that an LTL carrier in particular takes is the business’s secret sauce,” Ben said. “How they plan their routes, whether congestion changes those routes, it’s so competitive. If someone can do cellular attacks that compromise their confidentiality, they could get access to that routing data.”
These are the cybersecurity issues the industry simply must address, which is why NMFTA opened up this year’s conference to such a wider audience.
Going forward, NMFTA is setting the stage to address cybersecurity from an enterprise perspective as well as from the truck perspective. We will be making moves in the coming year to reflect that end-to-end commitment, which will also reflect our emphasis at the next cyber conference.
If you missed this year’s conference, keep watching this space for the next opportunity. You can’t afford not to know what was shared in Alexandria in November.