The Trucking Industry Must Plan for the Prevention Of – and Recovery From – Cyberattacks

By: Ben Barnes, Chief Information Officer, McLeod Software

The transportation industry has been discovering of late – and in an alarming fashion – just how ill-prepared it is for the threat of cyberattacks. An industry that’s been late on technology and digitization adoption is finding it’s even further behind on methods to protect itself in these areas.

In fairness, a lot of other industries are in the same boat. All of America, and much of the rest of the world, got a jolt on outage preparedness with the recent Crowdstrike ordeal. Perhaps most stunning about all this is that the Crowdstrike incident wasn’t even a breach. It was a mistake. But real attackers are constantly looking for ways to perpetrate this type of mischief and far worse.

Cyber attackers have already inflicted serious damage on companies in the health care, banking, food, and energy industries. And several high-profile trucking companies have also been hit. The costs can climb into the millions, from disrupted operations, compromised data and – in the case of a ransomware attack – money reluctantly paid to the attackers.

The trucking industry is behind the curve when it comes to embracing digital technology. Recent years have seen some catching up. But in some ways that has made trucking even more vulnerable. When you’re scrambling to put digital technology in place but you don’t have a corresponding plan to protect against attacks, the hackers will surely smell an opportunity.

The industry is vulnerable for five primary reasons:

There are few existing regulations to offer protection or ensure good security practices.

The existence of actual security measures and protocols is sparse in the industry.

The trucking industry lacks measured and experienced cybersecurity talent.

While the trucking industry is happy to buy software, it rarely invests much of its IT budget in security measures.

The trucking industry does not face compliance requirements, unlike other industries, such as Payment Card Industry (PCI) or Health Insurance Portability and Accountability Act (HIPAA).

This is all the more problematic because trucking is a high-value target. It may not be a high-profit industry, but there is certainly a lot of money in it. And a hacker’s ability to impact trucking companies and 3PLs – either on the enterprise side or on the asset side – is profound. Consider what will happen to delivery schedules if an attack renders a carrier incapable of paying its drivers. Now think about the impact of an attack on a vehicle’s Electronic Logging Device (ELD) or Engine Control Module (ECM), or on its sensors. 

At Colorado State University, they demonstrated that you can launch such an attack from a drone while the trucks are driving down the road. At a recent trucking conference in Houston, a white-hat attacker used a simple antenna to send a signal to the truck that caused it to chuff its brakes.

Hackers have way too many avenues in. Carriers and brokers who want to protect themselves against cyberattacks need to start with one of the most basic measures – education. In more than 95 percent of cases, human error leads to breaches. Either someone clicks on a link or opens an attachment in a phishing email, or someone enters their log-in credentials on a lookalike load board that turns out to be operated by hackers. Bringing team members up to speed on the nature of the attacks, and how to avoid being victimized by them, is critical.

Another crucial measure is the adoption of a kill-chain plan. This creates a point within your system where the hacker’s access would be forcibly shut down from continuing into your system. And it’s always a good idea to engage a cybersecurity company, preferably on retainer, so they can keep on top of things like patch updates and other measures to shut off potential hacker access.

At the same time, every company should recognize it’s possible they will still get hacked. By having an incident response plan, you stand the best chance of isolating the attack, continuing operations and recovering what you may have lost.

This is where the concept of CPR applies: Communicate, Prioritize, Respond. It’s the best opportunity for a targeted company to get back on its feet. Some of the key points:

Develop your contingency operating plan in advance. Don’t wait until you’re under attack and you’re scrambling both mentally and operationally. Think it through beforehand, write it down, and make sure key people know how the plan works.

Consider how you would operate for a period of time without laptops or other pieces of your IT infrastructure.

Think through the nature and the timing of whom to notify, and how you will do so. A cyberattack is not great for your brand, so you don’t want to announce it with trumpets to the whole world. But you don’t need to. Think through who is critical to keep in the loop, and how you’ll handle the announcement.

Be ready to conduct a forensic investigation to find out what was taken with the hack, and how to close the door through which the attackers entered.

Be sure you have insurance, and read the policy carefully to be sure it actually covers everything you could lose during an attack – such as operational revenue from days you might not be able to make deliveries or pay drivers.

No one in the trucking industry wants this to be true, but it is: We are increasingly vulnerable to digital attacks, and the stakes are high. Cybersecurity is not just an issue for your IT department. It’s an issue for everyone in your company. The sooner you take that seriously, the better your chances of never having to be the victim.