Home / Cybersecurity / Ongoing focus, training are keys to plugging cybersecurity gaps in trucks – Truck News

Ongoing focus, training are keys to plugging cybersecurity gaps in trucks – Truck News

ALEXANDRIA,
Va. – Trucks are becoming evermore connected, with tools like telematics systems
tracking every move.

The challenge
is that potential vulnerabilities continue to grow with the capabilities. The “air
gaps” around vehicle systems are increasingly being penetrated by the internet
and wireless connections, said Jeremy Daily, associate professor of systems
engineering at Colorado State University.

The last CyberTruck Challenge was held in 2019, but the 2020 event was sidelined because of Covid-19. (Photo: CyberTruck Challenge)

Electronic logging
devices (ELDs) offer just one example, and they’re actually mandated by the government.

When it
comes protecting vehicle systems, any strategies should consider
confidentiality, integrity and availability, Daily explained, in a
broad-ranging presentation for the Truckload Carriers Association’s virtual
safety and security meeting.

Hackers
have a distinct advantage when it comes to cybersecurity, he adds. They only
need to record a single victory. Those in charge of the systems need to defend
everything.

“Vehicles in
transportation have relied on security through obscurity in the past,” he says.
But just about anything can be hacked. The goal is to make the hacking process
economically unfeasible, so the steps can’t be easily scaled.

Rather than
adopting “check-box security” measures, Daily stresses the importance of looking
at security as an ongoing practice. The work never actually ends.

“There was
a lot more work done on automotive cybersecurity,” he says. “There’s still the
same types of challenges and vulnerabilities when it comes to heavy trucks.”

One of the
challenges to advancing such cybersecurity measures, however, is that few skilled
students are exposed to heavy vehicles.

But there are initiatives looking to change that dynamic, such as the Student Cybertruck Experience hosted at Colorado State University. Through that, student researchers have demonstrated ways to tap into telematics devices and expose wifi passwords, proving that such data should not be stored in plain text. They were also able to impersonate a truck’s electronic control unit using an open-source tool called a Beagle Bone.

“We were
less than $70 as far as hardware goes,” he said.

Students participating in the challenges have been able to turn off a running truck’s engine using computers connected to a Controller Area Network. They were also able to keep the engine running when the key was removed, and spoof random values on the dashboard.

“We try to
bring in four very separate entities – academia, industry, government, and the
hackers themselves,” Daily says of the Cybertruck Experience. The event that
began in 2017 had expanded to six trucks and a trailer in 2019. This year’s
event was sidelined due to Covid-19, but there are plans to renew things for
2021.


Source link

About

Check Also

Will the COVID Induced Digital Boom Inflate Cybersecurity Budget Across BFSI Industry? – Elets

🔊 Listen to this Article Covid-19 pandemic has necessitated the need to go digital a …