Call for Collaboration

CFC-3

Share your expertise!

The National Motor Freight Traffic Association (NMFTA) has opened its 2023 Call for Collaborators.

We are seeking input from industry professionals on a variety of topics.

Submissions are due: Wednesday, February 15, 2023.

For each topic, NMFTA has proposed an approach but we're eager to hear your thoughts on how you would proceed. We recognize that collaboration can take many forms; in your response, please indicate if you are committing technical resources, funds, or if your time requires compensation.

For all topics, the intended result of the work is publication with shared credit to all collaborators, but NMFTA does recognize that responsible disclosures may need to be completed first. If you would like to propose any other final result of the work, please share in your response.

We are not accepting information sharing roles except for our members: if any members would like to participate by being consulted and/or informed during the project, please indicate this in your response.

Please see the topics below and use each respective button to submit your response for consideration:

Training Videos

NMFTA would like to provide training to our members on the following topics:

  1. Multi Factor Authentication (MFA)
  2. "Basic" Training
  3. Resiliency
  4. Ransomware and Incident Response

We are seeking experts to develop videos for redistribution to our members on the above topics.

Research into FW upgrades on ECMs

Our members would like to have more visibility in firmware updates on the ECMs of their vehicles. Questions such as: How to audit? How to get the specs on each truck? How to inspect the current versions? They seek general answers; in the form of steps for each make and relevant models / model years.

We propose to do this by research trade literature and interviewing maintenance techs with experience. It may be useful to confirm CAN bus service interactions that could be used to automate collection of the versions.

NMFTA is seeking both fleet subjects for interview and also technical collaborators for the analysis and reporting.

Securing Old Maintenance Software

NMFTA members would like to explore solutions that could be used to reduce the IT risks due to the old maintenance software that they must run in many cases.

Examples:

  • Many organizations use proxies for IT security purposes but the maintenance software does not always support proxies.
  • Or risks to trucks via the old maintenance software.

We propose a brief threat model of risks due to the old software and a practical examination of tools and techniques to mitigate them. If possible, extracting a set of security requirements for new maintenance software would be ideal.

NMFTA is seeking both fleet subjects for interview and also technical collaborators for the analysis and reporting.

Overall Fleet Cybersecurity Risk Analysis

NMFTA would like to evaluate risks to an average/typical/archetype fleet and prioritize them.

We propose to do this process using attacker goal based attack trees, but we are interested in hearing other proposals.

NMFTA will interview at least 3 fleets and abstract the results.

NMFTA is seeking both fleet subjects but also technical collaborators for the analysis and reporting.

Connected Forklift Research

NMFTA would like to research connected forklift architectures, technologies, weaknesses, and vulnerabilities.

We propose to research common connected forklift systems, select some components and do some bug hunting.

Ultimate Truck Hacking Platform

NMFTA would like to make a Yocto Linux based distribution that unifies as many truck hacking tools as possible. There are userspace executables to develop that will create compatibility layers, and there is porting for new kernel versions and new platforms.

We are seeking technical contributions in both: userspace and kernel/porting (yocto). Students are encouraged to apply also.

Distribution Center RF survey

NMFTA would like to gain an understanding of the information that leaks from a distribution center in the RF spectrum: WiFi, BLE, etc.

We propose to do wideband survey and specific technology passive scans (e.g. WiFi) but we are interested in hearing other proposals.

NMFTA is seeking technical contributions and fleet contributors to host the passive RF scans of their elected distribution centers.

RF Survey from a Palette Being Shipped

NMFTA is interested in an experiment to see what information leaks in the RF spectrum from the POV of a palette being shipped through a motor freight carrier. This project is similar to the 'distribution center RF survey.'

NMFTA is seeking technical contributions and fleet contributors to ship the experiment through their systems.