NMFTA has developed the following white papers, reference documents, and bulletins in conjunction with our partners for the benefit of the industry.
Ransomware as a Service
Ransomware remains one of the most relevant cyber threats to commercial enterprises. Within the ransomware ecosystem, threat actors continue to evolve and form new structures to develop malware, identify targets, and carry out attacks. The following white paper highlights one such structure, the Ransomware-as-a-Service (RaaS) operation, and dives deep into the unique threats it poses, particularly for the transportation sector.
Download
NMFTA Cybersecurity Best Practices Guidebook – Mid-Size Fleet
We have combined recommendations from across the cybersecurity industry, as well as insights gained from direct experience on the front lines of trucking and supply chain cybersecurity to produce a concise, yet comprehensive roadmap. This guidebook, intended for mid-sized fleets of 50-3,000 assets, will help take your operation from where you are today, to become resilient in the new reality of our digital landscape.
Download
Blind Wireless Seed Key Unlock
This white paper provides an in-depth analysis of the vulnerability, including the background of J2497 technology, seed-key exchange protocols, and prior wireless vulnerabilities such as CVE-2020-14514 and CVE-2022-26131. Learn how the latest exploit, a “reset attack” capable of reducing secure seed-key exchanges to replay attacks, was uncovered through detailed benchtop and field testing methods.
Download
NMFTA Cybersecurity Best Practices Guidebook – Owner Operator and Small Fleet
As an independent owner operator, your truck isn’t just a vehicle—it’s your business. With cyberthreats growing every day, staying secure has never been more critical. The NMFTA Cybersecurity Best Practices Guidebook is your roadmap to safeguarding your operations, data, and livelihood in 2025 and beyond.
Download
Navigating the Impact of Chinese Infrastructure on U.S. Ports and Supply Chains
Navigating the Impact of Chinese Infrastructure on U.S. Ports and Supply Chains, examines the risks posed by Chinese technologies integrated into critical U.S. infrastructure, with a focus on ports and the supply chain. It highlights concerns about ZPMC cranes, communication device discoveries, and cyber espionage campaigns like those linked to the Volt Typhoon group. The report explores China's economic and political strategies, emphasizing risks to trucking, IT systems, and supply chain operations. Key mitigation strategies include employee training, advanced technological defenses, and compliance protocols. Ideal for professionals in trucking, logistics, and cybersecurity, this report delivers actionable insights to safeguard critical infrastructure from foreign threats
Download
2025 Supply Chain Cybersecurity Trends
The trucking industry is at a pivotal crossroads. As we move into 2025, new cybersecurity threats—from AI-enhanced phishing to cyber-enabled cargo theft—are reshaping the landscape. Threat actors are becoming increasingly sophisticated, targeting fleets with precision, and leveraging AI tools that make traditional defense mechanisms obsolete.
In our comprehensive whitepaper, "Cybersecurity Trends for Trucking in 2025," we explore the critical developments you need to understand to stay ahead.
Download
AI for Transportation Whitepaper
Analysis of the Benefits and Risks for the Transportation Sector, breaks down the key benefits AI offers: Route optimization, predictive maintenance, and autonomous driving—But what are the risks and challenges?
Download
Unlocking the Potential of Seed-Key Exchange Guide
As cyberthreats evolve, securing the systems keeping your fleet moving is no longer just an option—it’s a necessity. Download our free guide to discover how to protect your operations using the power of seed-key exchange.
Download
Solutions for Securing Legacy Maintenance Software: New Research Unlocked
Outdated fleet maintenance systems pose a serious security risk. Download the free research whitepaper to learn proven strategies for securing legacy systems.
Download
S.1 Position Paper – Next Generation Tractor/Trailer Electrical Interface Task Force – TMC
A position paper was issued that recommends updated criteria for the next-generation tractor/trailer electrical interface.
Download
VCRWG Truck Matrix Update 2022
A status report and list of next steps for the NMFTA Vehicle Cybersecurity Requirements Working Group's (VCRWG) Truck Matrix.
Download
Commercial Transportation: Truck Hacking Slides
Slides for our presentation on Truck Hacking and how it fits into the larger field of commercial transportation. Includes: truck vehicle networks, public instances of truck hacking, truck hacking tools and how to get involved.
Download
NMFTA Position on WiFi SSID and Password Reuse in Telematics Devices
Curtailing the practice of reuse of WiFi passwords on telematics devices installed in the class 7 & 8 vehicles of our fleet members.
Download
Mitigations Options to J2497 Attacks
Mitigations to J2947 aka PLC4TRUCKS attacks, especially RF induced attacks. Developed and shared privately at the same time as the disclosure (January 13th 2022) and released into the public domain without modification here.
Download
NMFTA Cybersecurity Requirements for Telematics Systems
NMFTA’s Cybersecurity Requirements for Telematics Systems delivers a comprehensive list of cybersecurity requirements that should be met by all components of a telematics device, FMIS, and/or ELD.
Download
Heavy Vehicle Networking Using SAE J1939
Heavy vehicle networking using SAE J1939 presentation, prepared by Dr. Jeremy Daily, Colorado State University.
Download
Disclosure of Confirmed Remote Write to J2497 aka PLC4TRUCKS
In the interest of responsible disclosure, we are writing to you to share a follow-up confirmation of results from our investigation previously disclosed in November 2019.
Download
NMFTA Letter to CARB regarding ROBD Draft Regulatory Concepts
NMFTA’s Letter to CARB regarding proposed requirements in the CARB draft HD/IM Regulatory document for Remote On-board Diagnostics (ROBD).
Download
Power Line Truck Hacking: 2TOOLS4PLC4TRUCKS
Slides for our presentation on Power Line Truck Hacking of J2497/PLC4TRUCKS. Tools for read-write are introduced as is ICSA-20-219-01.
Download
Response to FMCSA Cybersecurity Best Practices
NMFTA Bulletin: Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems into Heavy Vehicles by the FMCSA.
Download
Secure Device Provisioning Best Practices: Heavy Truck Edition
Sponsored by and drafted in collaboration with NCC Group, NMFTA, and heavy vehicle industry partners.
Download
Medium and Heavy Duty Electric Vehicle and Charging Infrastructure Cyber Security Baseline Reference Document
A comprehensive review of cyber security for electric medium and heavy duty vehicles, charging stations and the electric grid. This document provides a reference baseline for the various stakeholders in heavy duty electric vehicle charging.
Download
Executive Summary of Medium and Heavy Duty Electric Vehicle and Charging Infrastructure Cyber Security Baseline Reference Document
Medium and heavy duty electric vehicle and charging infrastructure cybersecurity executive summary.
Download
ELD Bulletin
A cyber security awareness bulletin regarding FMCSA Electronic Logging Device (ELD) mandate
Download
Talent Generation for Vehicle Cyber Security
A paper by Dr. Jeremy Daily, Dr. Rose Gamble, and Urban Jonson on how to generate talent for vehicle cyber security presented at ESCAR USA 2017.
Download
Executive Summary of A Survey of Heavy Vehicle Cyber Security
Summary of main survey document
Download
A Survey of Heavy Vehicle Cyber Security
A comprehensive review of cyber security for heavy vehicles for the NMFTA membership.
Download
Tool: PLC4TrucksDuck
A PLC writing tool for the Truck Duck beaglebone based heavy vehicle diagnostic and debugging tool
Download
