Fending Off a Cyberattack
What Does It Actually Look Like and How to Combat It?
[Find the latest in equipment & maintenance: ]
For this new year, there are plenty of concerns fleet managers have about the future of trucking maintenance. However, an emerging problem has been the danger of cyberattacks. Once a method of stealing user and financial information, hacking into a company and organization has evolved into a tool used by criminals to hold entities hostage via the capturing of sensitive information detrimental to a company鈥檚 success and well-being.
Featured in our Transport Topics podcast, RoadSigns, we spoke with Mark Zachos, president of vehicle solutions firm DG Technologies, about what that threat looks like. Here are some of the highlights of our conversation:
鈥楥测产别谤产耻濒濒别迟蝉鈥
Zachos explained that, for most companies, protection is concentrated on the server side 鈥 mainly administrative functions. However, the maintenance area has become a bountiful playground for cyberattacks. On the importance of cybersecurity, Zachos says delicate information is worth its weight in gold for the bad guys.
鈥淚f you鈥檙e running a commercial vehicle and that company that owns the vehicle, the data is theirs. However, that information is still valuable to the threats that are out there, the threats that are coming either from criminals, from people just trying to have fun, or phone-hacking into your equipment.
鈥淭hen there鈥檚 also the overseas threats that are coming from Russia and other countries. It鈥檚 an attack on our country. It鈥檚 an attack on a logistical system or attack on our infrastructure, just like they鈥檙e shooting bullets over in Ukraine. There鈥檚 certainly a threat of these cyberbullets coming from the bad guys and hitting us and knocking down our equipment, knocking down our logistics, making it hard for the country to function. Maybe not necessarily for ransomware. They just state that they want to hurt the United States.鈥
Chaos for Monetary Gain
As the threats from cybercriminals grow more complex, Zachos contended that the intentions usually still remain simple: money.
听
听
More Q1 Calibrate
鈻Technology Helps Technicians Streamline Repairs
鈻How to Combat a Cyberattack
鈻Top 10 Equipment Financing Trends Face Headwinds
鈻Freeze: Ready for the Future
鈻TMC Corner: Brakes, Telematics Focus of TMC 2023
鈥淚t actually brings about financial rewards for those criminals. So, what they鈥檙e trying to do is to give you a hard time. 鈥楿nless you send me Bitcoin, I鈥檓 going to keep doing this.鈥 The typical attack on a fleet goes after their data in their server. It has information about the vehicle and individuals. [They collect personal and business information.]
鈥淭hey take that and lock it up encrypted, and then they ransom it back to you. Now, sometimes you get it back, sometimes you don鈥檛. But I never recommend paying ransom. Sometimes you feel compelled to. Still, the bad guys have your data and what they then do is go out to what is called the darknet and they sell it there. They get a credit card number or Social Security number for $1. They鈥檙e making money and then the next guy comes along, and says, 鈥極h, I鈥檒l buy that off the darknet and I can create another attack.鈥 So very often, there鈥檚 repeated attacks on companies.鈥
How to Detect an Attack
At American Trucking Associations鈥 Technology & Maintenance Council Fall Meeting, cybersecurity was a category in the SuperTech skills competition. It tested technicians鈥 skill in properly recognizing and handling such threats. Zachos, used as a consultant in the skills challenge, noted that trucking companies have experienced such real problems in terms of repair and maintenance of sensors, ECUs and wiring. He received notable feedback from the SuperTech experience.
Zachos听
鈥淚鈥檝e been asked 鈥淗ey Mark, how do you know that was a cyberattack? I鈥檝e seen that condition before that you describe, and it was a bad fuel sensor. I just replace the sensor.鈥 I say, 鈥楴o, it鈥檚 not a bad sensor. I actually injected a cyberfault in there.鈥 So, how do you tell the difference between a conventional fault and a cyberfault, and the honest answer is, it鈥檚 very difficult. What we really want to do is to raise awareness and have people recognize it. There could be some conditions that are kind of curious. Should I report that there鈥檚 something happening on this truck? Or did something happen on the laptop that I use to talk to that truck? The telematics doesn鈥檛 jive with the communications coming off their unit. These are curious markers that there could be a cyberattack.
鈥淭hese attacks that we鈥檙e talking about, these are not invented overnight. These are threats that a lot of times they鈥檙e replayed over and over again. It goes from one group of attackers to the next one. You know, the criminals are all over that. They鈥檙e not very creative. They鈥檙e pretty lazy. The bad guys learn from each other, too.鈥
Filling the Enthusiasm Gap
One point of frustration, Zachos noticed, was the lack of attention for the subject of cybersecurity. With the enthusiasm for electric and autonomous vehicles, there hasn鈥檛 been much spark for this new threat to the industry.
鈥淚t鈥檚 interesting. There鈥檚 not a vibe going around in the room. There鈥檚 not like a, 鈥榊eah! We got to do this cybersecurity.鈥 It鈥檚 important. But how do you catch on? Maybe we need to do some war gaming where we actually get across to the community and show what really can happen and how bad can it get and game it out. Then maybe you can get some of that enthusiasm and get some momentum built. The threats are definitely out there. I just don鈥檛 think we鈥檙e taking it as seriously as we can. We should do everything that we possibly can to train people and to stand up our guard as high as possible.
Host Seth Clevenger speaks with autonomous vehicle pioneer Don Burnette about the pros and cons of driverless cars and trucks.听Hear the program above and at .听
Third of a three-part series on autonomous vehicles. Hear Part I , and听Part II .
鈥淚 would say one thing that people ought to look into is what we did during the 颅SuperTech competition. There were some that were very good and some that didn鈥檛 do good at all. And then there were a lot in between. Do you have that skill in the people that do the maintenance? Your maintenance operation needs to get trained and recognize that threat, and gain the skills that are needed to protect your company or your organization against that threat.鈥
Future Ahead
Zachos said he is currently working toward crafting cybersecurity recommended practices for the TMC Annual Meeting in February.
鈥淚 think it would be useful if we get them reviewed and send them on to the organization for balloting. The contract considerations are one thing. So it鈥檚 an idea that when you鈥檙e buying new equipment, be it a truck, computer, here are the things that you ought to do in the acquisition process to maybe have your vendors be aware of. Because it鈥檚 just not starting within you. There鈥檚 the supply chain all the way down to the computer chip level. It鈥檚 having that control and understanding where you are getting your chips. Sometimes those chips are counterfeit and sometimes, they do have viruses or something implanted. There are legitimate cases of that.
Want more news? Listen to today's daily briefing above or go here for more info
鈥淭his is a supply chain issue. You have to have trust down to the lowest level of vendor. You have to trust that they have good cybersecurity practices. You may recall the Colonial Pipeline hack that occurred recently. There was a breach in one of the computers that was controlling the pipeline and controlling some of their operations. And in terms of how that affected the end customers, the hackers shut the pipeline down. They were not getting fuel and couldn鈥檛 deliver the fuel. There was a big chain there. So, my point there is that the chain of custody just doesn鈥檛 stop in your shop. It has to go all the way through your operations and then to talk to your vendors and to their suppliers as well.鈥
听
