IoT safety: Logging devices on trucks are not always secure

Devices attached to trucks are for safety, quality control, and efficiency. But many are being left open to hackers.

istock-1007990768.jpg

Image: haveseen, Getty Images/iStockPhoto

Driving without adequate rest is dangerous for everyone. It's even more deadly when large trucks are involved. Laws have been passed to prevent truckers from driving long distances without enough sleep, keeping us all safer on the road.

In 2015, the Federal Motor Carrier Safety Administration (FMCSA) issued requirements for trucking companies to attach electronic logging devices (ELDs) to trucks. The principal concern was driver safety because drivers were logging long hours on the road without taking breaks, and the practice was leading to higher numbers of accidents.

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)

But the ELD regulation did more than usher in safety tracking on truck driver hours. It also triggered a flurry of Internet of Things (IoT) activity as sensors began to be attached to trucks to monitor trucker driving habits, such as braking and idling engines for excessive time. Sales of IoT sensors for the environmental monitoring of sensitive cargo such as foods, medicine, and computer parts also surged. Additionally, logistics companies began using sensors to track the locations of fleet vehicles that were on the road.

All of these were excellent implementations of IoT that addressed nagging business problems and improved results. Unfortunately, they left open the safety and security of the IoT devices that businesses were purchasing and using.

Consequently, it came as no surprise this past July, when the FBI issued a Private Industry Notification (PIN) regarding the security vulnerabilities of electronic logging devices.

"Industry and academic research into a selection of self-certified ELDs found the sample of devices did little to nothing to follow cybersecurity best practices and were vulnerable to compromise," the notification said. "Commands passed into the vehicle network through an ELD could affect functions such as vehicle controls and the accuracy of the console display. Cyber criminals interested in stealing data such as personal information, business and financial records, location history and vehicle tracking, or other proprietary data such as lists of customers and cargo can use vulnerabilities in ELDs as a way in to access trucking companies' enterprise networks and databases."

SEE: 5 Internet of Things (IoT) innovations (free Pdf) (TechRepublic)

"It's critical for companies to button down these security vulnerabilities and apply best practices to their IoT devices and also during the IoT vendor selection process," said Ryan Brander, associate vice president of security at Geotab, a fleet and IoT management SaaS firm.

Brander and others recommend the following security best practices:

1. Evaluate your vendors for their security practices

"There is a list of questions you should prepare for your providers in this regard," Brander said.

For example, the FBI recommends that you thoroughly vet a proposed ELD or IoT vendor on the security of in-vehicle operations, communications links, the user interface and the cloud back-end system. 

The confidentiality and integrity of communications, whether the vendor has had security penetration tests performed on its solutions, and what the vendor's record is concerning regular security updates to devices and software when new security vulnerabilities arise are also important. 

2. Use all the security tools available to you

"One of the easiest things you can do to protect yourself is to encrypt your data," Brander said. "This gives you an extra layer of security protection. You should also have password policies that prevent the creation of easy-to-decipher passwords, and that require multi-factor authentication in addition to the password. Your software should be regularly updated, especially when there are security updates that need to be installed. Finally, anti-virus and malware protections should be used with these solutions on your network. All of this makes your network and devices more difficult for bad actors to penetrate."

SEE: UPS: How VR, IoT, AI, and big data powers the logistics company's digital transformation (TechRepublic)

3. Turn devices off when they aren't in use

By not leaving devices on and "open" when they aren't being used, companies can reduce the ability of malware, viruses, and other types of security breach mechanisms to penetrate devices and networks. 

Stay cybersecure with IoT devices

IoT is expanding exponentially, and ELD devices are just one example. In this active IoT market, there are myriad solution providers. Not all of them are security-sound—and not every company that uses IoT or ELD has sound security practices.

The bad actors out there know this, so the time to act is now. 

Also see