From October 22-25, NMFTA hosted its annual Digital Solutions Conference on Cybersecurity in Houston, TX. The presentations contained powerful information for any company in the trucking industry that’s concerned about cybersecurity for its enterprise and/or assets. Of course, that needs to be the entire industry. This is part of a series of blogs that summarize the information presented for those who could not be there.
If you missed this year’s NMFTA Digital Solutions Conference on Cybersecurity in Houston, TX you’re part of a dwindling group. With this year’s attendance double that of the 2022 conference, it’s fair to say fewer and fewer people miss this conference every year.
But we want you to know what happened, for several reasons. The first is consistent with the mission of the conference, which is to fully prepare and fortify the trucking industry against all cyber threats. That’s why we expanded the conference to the entire industry, and that’s also why we made registration for the conference complimentary.
The second reason is that we’d like you to join us when we do this again next year! The networking and connections we all made will stay with us for a long time, and you’re going to have to show up to enjoy that benefit.
This year’s conference was jam-packed with two days of information and one thing in mind: Giving the trucking industry the upper hand over cyberattackers.
We started by showing a video that laid out the stakes for just how much our nation depends on the trucking industry, and what kinds of calamities we would all face if the industry were ever to be crippled by a mass attack. Imagine running out of food, gas, and hospital supplies in three days. Imagine losing your power within a week. Imagine no trash pickup for weeks on end. And this is just the start.
Those are the stakes.
Then came the presenters:
During her keynote speech Nada Sanders, Ph.D. pointed to two recent events that served as such disruptive forces that the focus of the supply chain industry – and indeed, the world – is still defined by reaction to them. She urged supply chain leaders to invest in people and in new skills, and to be careful about pouring billions into AI just because it seems like everyone else is doing so.
Attendees had the opportunity to see an eye-opening demonstration at the end of the event’s first day – of just what can happen to a truck when hackers take control of it. Luckily the hacker in question was one of the good guys, Ben Gardiner, our own senior cybersecurity research engineer.
With a tractor/trailer on loan from United Petroleum Transports, he put together a simple, low-budget antenna consisting of two wires while the rest of the conference attendees bused over from the main conference site to witness the hacking.
In another presentation, Gardiner considered whether the trucking industry can learn from industrial control systems to help enhance the cybersecurity of individual trucks. Trucking tends to lack some protections that are common in ICS, including telematics firewalls, authentication of remote commands, backup telematics, and logging remote controls. Trucking also tends to lack a data historian, which keeps a history of things like performance, trends, and maintenance on the vehicle. The presentation considered the possibility of an overlay that might see trucking adopt and adapt some of the better practices in ICS.
Staying on the question of cybersecurity for individual trucks, Ivan Granero of Bosch shared some of what’s happening at his company in this regard during this session. Bosch typically applies security measures in five layers, Granero explained, to offer security for the power train, body, chassis, and infotainment systems.
Mike Alvarez of the United States Secret Service shared insight on the latest trends in cybercrime, as well as a look at prominent cyber assets that have relevance for the trucking industry.
Other presenters represented the Federal Bureau of Investigations (FBI), Transportation Security Administration (TSA), and Cybersecurity and Infrastructure Security Agency (CISA). All emphasized the importance of strong passwords, multi-factor authentication (MFA), and extensive training so people don’t help the hackers by clicking links or open attachments that start a malware download.
As an example, one presenter noted that hackers can figure out an eight-character password that consists of only numbers in seven seconds. By contrast, with an 18-character password that consists of numbers, letters (both upper and lower case) and multiple symbols, it takes trillions of years to crack it (see graphic below).
Ryan Gerdes, Ph.D. of Virginia Tech presented to the group on sensor cybersecurity. Sensors allow the truck to see the world, including signs and objects. So as we move toward autonomous vehicles, a compromised sensor might fail to stop for a stop sign or an object. But sensors do other critical things as well, such as providing information on engine coolant levels and temperatures, or the RPM speed of the engine.
Johanson Transportation Services’ Steve Hankel shared his experience developing business continuity plans for various companies, and explained the critical steps that are necessary to make such a plan successful.
A team of presenters also explained the critical issues regarding API security, and urged trucking companies to adopt a no-trust environment when it comes to both enterprise and assets, meaning neither people nor other applications should be able to access an application without going through multi-factor authentication (MFA).
At the conclusion of the conference, a panel was asked a series of questions about their expectations for 2024. Here are some common themes from that session:
It was a lot of valuable information. And those who attended were grateful for the opportunity.
“As a new startup, it was fantastic to meet carriers and understand their pain points,” said Hillary Drake, CEO and co-founder of the Minneapolis-based Liminal Network—a company that helps to simplify logistics APIs. “It was great to be with people who are out in the field facing these problems, and to understand what they’re thinking about. That helps me tailor my products to their problems.”
That’s the whole idea. Everyone who touches the trucking industry needs to understand these issues, and the Digital Solutions Conference on Cybersecurity is the only one in North America that focuses exclusively on cybersecurity for the trucking industry.
We hope this summary has been helpful. And we look forward to seeing you in person next year!
To view photos from the conference and the live truck hacking demonstration, access our event photo album.