From October 22-25, NMFTA hosted its annual Digital Solutions Conference on Cybersecurity in Houston, TX. The presentations contained powerful information for any company in the trucking industry that’s concerned about cybersecurity for its enterprise and/or assets. Of course, that needs to be the entire industry. This is part of a series of blogs that summarize the information presented for those who could not be there.
TOPIC: New Fleet Security Features from OEM Vendors
Presenter: Ivan Granero, Bosch
Many of the cyber vulnerabilities facing trucks in service today stem from the fact that, when they were first built, there was little understanding of the cybersecurity issues that would present themselves in the future.
In other words, today.
Truck original equipment manufacturers (OEMs) did not build cybersecurity features into vehicles back then because there was no reason to do so. Cyberhackers were not really a thing at all. That’s why so many trucking companies are scrambling to add new security features to their assets—such as shoring up protection of things like sensors and diagnostic systems.
In the modern age though, OEMs understand the importance of cybersecurity and are starting to build protections into their trucks.
Ivan Granero, an embedded security engineer at Bosch, shared some of what’s happening at his company in this regard at this session. Bosch typically applies security measures in five layers, he explained.
The first layer is security hardware, which consists of ECU software and measures for the protection of data integrity.
The second layer is security communication, which provides protection against critical in-vehicle messages being compromised.
The third layer is security architecture, which protects and separates domains via E/E architecture and gateways.
The fourth layer is security firewalls – a measure of security standards designed to protect against an external breach.
The fifth layer is security detection, an advanced firewall mechanism that serves as an effective first defense strategy.
These measures are accompanied by security processes, partnerships, practices, and testing to ensure that vehicles are as safe as possible from cyberattacks.
Granero offered a real-life example of external software that allows a driver to open the door from his or her cell phone.
“Systems like that must have security,” he said. One approach could be to require a digital key that changes every so often, especially for trucks that sometimes rotate between different drivers.
The system can also require IDs for tractors and trailers to match, so it’s not possible for a tractor to hit the road hauling a trailer it is not supposed to be hauling.
Security measures for functions like door unlocking or remote ignition can use various technologies, including near-field communication (NFC), Bluetooth low energy (BLE) and ultra-wide band (UWB).
A truck’s diagnostic system is often a tempting target for hackers.
“If we connect the car itself or the truck itself with the diagnostics, now we can have even more features, but before we do that it’s important to know the potential attack surfaces,” Granero said.
A secure central gateway is critical to Bosch’s vehicle security efforts.
It includes:
- A secure gatekeeper and router for truck communication.
- ECU-focused security features such as secure boot and runtime manipulation detection.
- Network intrusion detection systems, including J1939 and firewall.
- Intrusion detection and prevention systems tailored to each vehicle system.
- An ISO/SAE 21434-certified cybersecurity management system.
The layered approach offers security for the power train, body, chassis, and infotainment systems.
It’s important for OEMs to hear from trucking companies about their security priorities. It’s the best way to ensure that measures like these continue to be added to trucks before they roll off the factory floor.
To view photos from the conference, access our event photo album.
