Fleet Management News & Business Info | Commercial Carrier Journal
Issue link: http://read.dmtmag.com/i/846064
36 commercial carrier journal | july 2017 Cyberspace protection Data security, privacy add to list of ELD considerations BY AARON HUFF C onsidering the abundance of industry news involving elec- tronic logging devices, cyberse- curity seldom gets mentioned. As of Dec. 18, most drivers who cur- rently maintain records-of-duty status — about 3 million, according to the Federal Motor Carrier Safety Administration — will be using electronic logs or risk out-of-service violations. Most fleets will be using devices that come with a monthly service plan, most oen associated with a connection to the cellular data network. at connectivity means ELDs are Internet of ings devic- es — which raises cybersecurity concerns. In 2016, AT&T reported a 3,198 percent increase over the previous three years in the number of attackers scanning for vulnerabilities in IoT devices. AT&T also conducted a survey last year of busi- nesses to gauge their potential security threats; 58 percent of respondents were not confident in the security of their IoT devices. Cybersecurity was hardly a concern for fleets that started using mobile commu- nications systems more than 25 years ago to connect to their drivers and vehicles through satellite networks. With millions of ELD devices coming online, could this become a gateway for hackers or even computer novices to access sensitive vehicle controls and information? Tapping into trucks e University of Michigan made news in 2016 when researchers presented at an August conference results from their experiments involving the vulnerability of big rigs' electronic systems. Researchers plugged into a 2006 tractor's diagnostics port, and this was the result: By sending digital signals within the internal network of a big rig truck, the researchers were able to do everything from change the readout of the truck's instru- ment panel, trigger unintended acceler- ation or to even disable one form of the semi-trailer's brakes. Since the late 1990s, fleets have been using various telematics devices to remotely plug into the controller area network of trucks to capture data from engines and other electrical-mechani- cal systems. Incidents of hacking into the electronic control modules of engine and braking systems through telematics units haven't happened or been publicized. Some telematics providers have "black box" units installed in hundreds of thou- sands of trucks. e companies regularly send updates to the soware on these platforms over the air. In a worst-case sce- nario, a cyberattack could be coordinated around a scheduled soware update to an ELD or other application on the devices. However, spokespeople from ELD suppliers say the probability of hacking into electronic logs — either the current automatic onboard recording device standard (395.15) or the new ELD stan- dard (395.16) — to access the CAN bus of vehicles is virtually impossible. at's because ELDs are provisioned only to read data. "We don't give (our application) rights to be able to write or make requests — all we do is read," said Marco Encinas, a marketing and product manager of global platforms for Teletrac Navman, which offers the Director ELD. "ere is no protocol in the system that allows us to engage, change code for or manipulate the ECM computer on the vehicle." As an extra layer of precaution, Peo- pleNet has embedded chips in its ELD devices to authenticate the connection between the device in the vehicle and its cloud management system. "Our latest devices will all ship with an encryption chip built in to authenticate the device to the cloud in addition to standard authentication of the driver's credentials upon login," said Eric Witty, vice president of product for PeopleNet. "at way, we have assurance that both the device and the SPECIAL REPORT: ELECTRONIC LOGGING DEVICES