10 steps to securing your connected vehicle fleet.
Even at an time where an unprecedented amount of trade is conducted digitally, just in time logistics help keep modern supply chains lean and profitable, and form a critical part of many business operations.
Fleet operators are at the nexus of the digital and physical realms. Whilst more business is done online than ever before, people, products and materials still need to be shipped from A to B.
The transport industry is evolving too. Internet of Things (IoT) technologies are improving vehicle and driver safety, finding more efficient routes, and delivering great customer experiences.
These connections, which will soon benefit from 5G networks, power the modern economy but can also be exploited for unintended purposes.
In cybersecurity an ‘attack surface’ is what you can see and how you might get in. At your home the attack surface a burglar sees are things like your front door, your windows, perhaps a garage.
The attack surface of a modern vehicle has never been larger: infotainment systems; ODB II dongles needed for telematics and insurance; GPS navigation systems; digital key fobs; fleet management systems; dashcams; connections for service information; plus connected apps offering tracking and remote unlock.
In the digital world those doors and windows are the computer code that runs on them. And it is immense. A Ford F-150 truck now has 150 million lines of code under the bonnet. The Airforce’s latest F-35 fighter jet only has 8 million.
2019 Auto cyber attacks:
29.59% used the key fob to gain access.
26.42% occurred via company servers.
12.71% exploited vehicle mobile apps.
OBDII ports and infotainment systems rounded out the top 5.
82% of them occurred remotely, meaning that the hacker didn't need to physically be inside the vehicle.
In 2019, black hat attacks on auto overtook white hat attacks for the first time.
data: upstream
Q: What positive steps can fleet operators take to understand and manage their cyber risk, then get back to what they do best: keeping the world moving?
A: We believe these 10 steps will help you advance your security posture and prepare your fleet to embrace the future.
Steps you can take now:
1. Recognise that your vehicles are increasingly part of your network.
Are they considered by your security program?
2. Identify the systems that are required to operate your fleet.
What came with the vehicle? What aftermarket modifications and additions do we make? Which software and services do we use to communicate with them?
3. Risk assess the impact of these systems being breached, manipulated or unavailable.
What is the ‘day 1’ impact? How does that impact scale if it were fleet-wide? How does it change over multiple days?
4. Build cyber security into your vehicle commissioning process.
How do we lock-down the systems on our vehicles? How do we change default passwords? Can we disable unused functionality?
5. Update driver handbooks and training to include security considerations.
What daily vehicle checks do drivers need to take every day? How are vehicle defects reported and handled?
6. Plan for how you will maintain security through the lifetime of the vehicle.
How will you track in fleet management records? Can updates be made as part of an existing servicing regime? How will you handle ‘over the air’ updates?
7. Discuss and agree how you would respond in the event of a fleet-wide cyber-attack.
How do we ensure safety of vehicle occupants? Will we engage specialists? How will we coordinate digital, and physical, recovery? Who will handle communications?
8. Check insurance cover to handle the costs of response, recovery and disruption of a cyber-attack on your fleet.
What is covered by our auto policy, business insurance, or dedicated cyber policy?
9. Ensure security is a discussion with dealerships and aftermarket installers when making purchase decisions.
What capabilities are present? Are they remotely accessible? How can they be secured?
10. Commit to learning and iterating your practices to become more secure over time.
What communities and groups can you join to share with and learn from? Where can we get security advisories from manufacturers and suppliers?
Following these steps will help you build cyber resilience into your fleet operations and, crucially, keep delivering for your customers.
Modern vehicles have come a long way since the days of ‘faster horses,’ opening the world to quick, safe, reliable and efficient travel. They are masterpieces of engineering that can seamlessly give us directions, read out messages and play music, while calculating the right amount of fuel needed by the engine and torque to send to each wheel.
ShieldsUp is taking applications for a FREE cyber attack simulation workshop in November 2020.
Click here to apply now!
