Even at an time where an unprecedented amount of trade is conducted digitally, just in time logistics help keep modern supply chains lean and profitable, and form a critical part of many business operations.
Fleet operators are at the nexus of the digital and physical realms. Whilst more business is done online than ever before, people, products and materials still need to be shipped from A to B.
The transport industry is evolving too. Internet of Things (IoT) technologies are improving vehicle and driver safety, finding more efficient routes, and delivering great customer experiences.
These connections, which will soon benefit from 5G networks, power the modern economy but can also be exploited for unintended purposes.
In cybersecurity an ‘attack surface’ is what you can see and how you might get in. At your home the attack surface a burglar sees are things like your front door, your windows, perhaps a garage.
The attack surface of a modern vehicle has never been larger: infotainment systems; ODB II dongles needed for telematics and insurance; GPS navigation systems; digital key fobs; fleet management systems; dashcams; connections for service information; plus connected apps offering tracking and remote unlock.
In the digital world those doors and windows are the computer code that runs on them. And it is immense. A Ford F-150 truck now has 150 million lines of code under the bonnet. The Airforce’s latest F-35 fighter jet only has 8 million.
29.59% used the key fob to gain access.
26.42% occurred via company servers.
12.71% exploited vehicle mobile apps.
OBDII ports and infotainment systems rounded out the top 5.
82% of them occurred remotely, meaning that the hacker didn't need to physically be inside the vehicle.
In 2019, black hat attacks on auto overtook white hat attacks for the first time.
data: upstream
Q: What positive steps can fleet operators take to understand and manage their cyber risk, then get back to what they do best: keeping the world moving?
A: We believe these 10 steps will help you advance your security posture and prepare your fleet to embrace the future.
Are they considered by your security program?
What came with the vehicle? What aftermarket modifications and additions do we make? Which software and services do we use to communicate with them?
What is the ‘day 1’ impact? How does that impact scale if it were fleet-wide? How does it change over multiple days?
How do we lock-down the systems on our vehicles? How do we change default passwords? Can we disable unused functionality?
What daily vehicle checks do drivers need to take every day? How are vehicle defects reported and handled?
How will you track in fleet management records? Can updates be made as part of an existing servicing regime? How will you handle ‘over the air’ updates?
How do we ensure safety of vehicle occupants? Will we engage specialists? How will we coordinate digital, and physical, recovery? Who will handle communications?
What is covered by our auto policy, business insurance, or dedicated cyber policy?
What capabilities are present? Are they remotely accessible? How can they be secured?
What communities and groups can you join to share with and learn from? Where can we get security advisories from manufacturers and suppliers?
Following these steps will help you build cyber resilience into your fleet operations and, crucially, keep delivering for your customers.
Modern vehicles have come a long way since the days of ‘faster horses,’ opening the world to quick, safe, reliable and efficient travel. They are masterpieces of engineering that can seamlessly give us directions, read out messages and play music, while calculating the right amount of fuel needed by the engine and torque to send to each wheel.