Even at an time where an unprecedented amount of trade is conducted digitally, just in time logistics help keep modern supply chains lean and profitable, and form a critical part of many business operations.
Fleet operators are at the nexus of the digital and physical realms. Whilst more business is done online than ever before, people, products and materials still need to be shipped from A to B.
The transport industry is evolving too. Internet of Things (IoT) technologies are improving vehicle and driver safety, finding more efficient routes, and delivering great customer experiences.
These connections, which will soon benefit from 5G networks, power the modern economy but can also be exploited for unintended purposes.
In cybersecurity an ‘attack surface’ is what you can see and how you might get in. At your home the attack surface a burglar sees are things like your front door, your windows, perhaps a garage.
The attack surface of a modern vehicle has never been larger: infotainment systems; ODB II dongles needed for telematics and insurance; GPS navigation systems; digital key fobs; fleet management systems; dashcams; connections for service information; plus connected apps offering tracking and remote unlock.
In the digital world those doors and windows are the computer code that runs on them. And it is immense. A Ford F-150 truck now has 150 million lines of code under the bonnet. The Airforce’s latest F-35 fighter jet only has 8 million.
29.59% used the key fob to gain access.
26.42% occurred via company servers.
12.71% exploited vehicle mobile apps.
OBDII ports and infotainment systems rounded out the top 5.
82% of them occurred remotely, meaning that the hacker didn't need to physically be inside the vehicle.
In 2019, black hat attacks on auto overtook white hat attacks for the first time.
Q: What positive steps can fleet operators take to understand and manage their cyber risk, then get back to what they do best: keeping the world moving?
A: We believe these 10 steps will help you advance your security posture and prepare your fleet to embrace the future.
Are they considered by your security program?
What came with the vehicle? What aftermarket modifications and additions do we make? Which software and services do we use to communicate with them?
What is the ‘day 1’ impact? How does that impact scale if it were fleet-wide? How does it change over multiple days?
How do we lock-down the systems on our vehicles? How do we change default passwords? Can we disable unused functionality?
What daily vehicle checks do drivers need to take every day? How are vehicle defects reported and handled?
How will you track in fleet management records? Can updates be made as part of an existing servicing regime? How will you handle ‘over the air’ updates?
How do we ensure safety of vehicle occupants? Will we engage specialists? How will we coordinate digital, and physical, recovery? Who will handle communications?
What is covered by our auto policy, business insurance, or dedicated cyber policy?
What capabilities are present? Are they remotely accessible? How can they be secured?
What communities and groups can you join to share with and learn from? Where can we get security advisories from manufacturers and suppliers?
Following these steps will help you build cyber resilience into your fleet operations and, crucially, keep delivering for your customers.
Modern vehicles have come a long way since the days of ‘faster horses,’ opening the world to quick, safe, reliable and efficient travel. They are masterpieces of engineering that can seamlessly give us directions, read out messages and play music, while calculating the right amount of fuel needed by the engine and torque to send to each wheel.
Our team of fleet cyber experts are here for you in the event of an attack. We'll work with your business continuity team and your existing partners to remediate an incident.
In the event that you need support - you will have access to our extensive network of approved vendors to ensure you return to business as usual as quickly as possible.
ShieldsUp Cyber Readiness AssessmentDeep-dive Onboarding Call with a Cyber ExpertBespoke Cyber Business Continuity Plan
24/7 HotlineIncident response manager Fleet-specific Incident Response Playbooks
Fleet-specific Vehicle, Hardware, & Software remediation servicesCyber forensics and remediation servicesLegal support