Cybersecurity Research

NMFTA has developed the following white papers, reference documents, and bulletins in conjunction with our partners for the benefit of the industry.

Solutions for Securing Legacy Maintenance Software: New Research Unlocked

Outdated fleet maintenance systems pose a serious security risk. Download the free research whitepaper to learn proven strategies for securing legacy systems.
Download

S.1 Position Paper – Next Generation Tractor/Trailer Electrical Interface Task Force – TMC

A position paper was issued that recommends updated criteria for the next-generation tractor/trailer electrical interface.
Download

VCRWG Truck Matrix Update 2022

A status report and list of next steps for the NMFTA Vehicle Cybersecurity Requirements Working Group's (VCRWG) Truck Matrix.
Download

Commercial Transportation: Truck Hacking Slides

Slides for our presentation on Truck Hacking and how it fits into the larger field of commercial transportation. Includes: truck vehicle networks, public instances of truck hacking, truck hacking tools and how to get involved.
Download

NMFTA Position on WiFi SSID and Password Reuse in Telematics Devices

Curtailing the practice of reuse of WiFi passwords on telematics devices installed in the class 7 & 8 vehicles of our fleet members.
Download

Mitigations Options to J2497 Attacks

Mitigations to J2947 aka PLC4TRUCKS attacks, especially RF induced attacks. Developed and shared privately at the same time as the disclosure (January 13th 2022) and released into the public domain without modification here.
Download

NMFTA Cybersecurity Requirements for Telematics Systems

NMFTA’s Cybersecurity Requirements for Telematics Systems delivers a comprehensive list of cybersecurity requirements that should be met by all components of a telematics device, FMIS, and/or ELD.
Download

Heavy Vehicle Networking Using SAE J1939

Heavy vehicle networking using SAE J1939 presentation, prepared by Dr. Jeremy Daily, Colorado State University.
Download

Disclosure of Confirmed Remote Write to J2497 aka PLC4TRUCKS

In the interest of responsible disclosure, we are writing to you to share a follow-up confirmation of results from our investigation previously disclosed in November 2019.
Download

NMFTA Letter to CARB regarding ROBD Draft Regulatory Concepts

NMFTA’s Letter to CARB regarding proposed requirements in the CARB draft HD/IM Regulatory document for Remote On-board Diagnostics (ROBD).
Download

Power Line Truck Hacking: 2TOOLS4PLC4TRUCKS

Slides for our presentation on Power Line Truck Hacking of J2497/PLC4TRUCKS. Tools for read-write are introduced as is ICSA-20-219-01.
Download

Response to FMCSA Cybersecurity Best Practices

NMFTA Bulletin: Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems into Heavy Vehicles by the FMCSA.
Download

Participant’s Handbook

A customizable handbook for tabletop exercise participants.
Download

Facilitator’s Handbook

A customizable handbook for tabletop exercise facilitators.
Download

Secure Device Provisioning Best Practices: Heavy Truck Edition

Sponsored by and drafted in collaboration with NCC Group, NMFTA, and heavy vehicle industry partners.
Download

Ransomware Playbook

A customizable incident response plan template.
Download

Medium and Heavy Duty Electric Vehicle and Charging Infrastructure Cyber Security Baseline Reference Document

A comprehensive review of cyber security for electric medium and heavy duty vehicles, charging stations and the electric grid. This document provides a reference baseline for the various stakeholders in heavy duty electric vehicle charging.
Download

Executive Summary of Medium and Heavy Duty Electric Vehicle and Charging Infrastructure Cyber Security Baseline Reference Document

Medium and heavy duty electric vehicle and charging infrastructure cybersecurity executive summary.
Download

ELD Bulletin

A cyber security awareness bulletin regarding FMCSA Electronic Logging Device (ELD) mandate
Download

Talent Generation for Vehicle Cyber Security

A paper by Dr. Jeremy Daily, Dr. Rose Gamble, and Urban Jonson on how to generate talent for vehicle cyber security presented at ESCAR USA 2017.
Download

HVCS Bulletin

HVCS Bulletin
Download

Executive Summary of A Survey of Heavy Vehicle Cyber Security

Summary of main survey document
Download

A Survey of Heavy Vehicle Cyber Security

A comprehensive review of cyber security for heavy vehicles for the NMFTA membership.
Download

Tool: J1708 Decoder

A J1708 sigrok protocol decoder (PD), UART stacked
Download

Tool: Python Interface to TruckDuck

Python interfaces to TruckDuck network interfaces
Download

Tool: PLC4TrucksDuck

A PLC writing tool for the Truck Duck beaglebone based heavy vehicle diagnostic and debugging tool
Download