Experience Everything Compliance Network Has to Offer
Copyright 2023 J. J. Keller & Associate, Inc. For re-use options please contact copyright@jjkeller.com or call 800-558-5011.
Copyright 2023 J. J. Keller & Associate, Inc. For re-use options please contact copyright@jjkeller.com or call 800-558-5011.
NewsIndustry NewsTransportation SecurityTransportation SecurityElectronic logging device (ELD)Electronic logging device (ELD)Security - Motor CarrierIn-Depth ArticleFleet OperationsFocus AreaEnglishTransportationUSA
How secure are your ELDs?
2022-09-19T05:00:00Z
It’s been over two years since the FBI released its bulletin warning motor carriers about cyber security threats related to electronic logging devices (ELDs). Since the guidance, hackers have continued to become more sophisticated, looking for their in-road to corporate networks. For your motor carrier, that path just might be your choice of ELD.
What’s the threat?
Your ELD tracks a lot of data on your vehicle(s) and motor carrier and presents an access point for a cybercriminal to steal your fleet’s critical information. Not only do ELDs contain information about your drivers and trucks, but, depending on what your ELDs are integrated with, hackers could see your customer information, invoices, costs, etc.
An ELD’s wireless connectivity has sparked several security concerns, including:
- Remote access of a vehicle’s components through Wi-Fi or Bluetooth;
- Data breaches including shipment tracking, dispatching, and the company network; and
- Installation of malware, including ransomware.
To further complicate the matter, the Federal Motor Carrier Safety Administration’s ELD mandate doesn’t contain cybersecurity requirements, third-party validation, or testing for quality assurance.
Instead, you need to be your own advocate by:
- Asking your ELD vendor the right questions, and
- Implementing security practices after purchase and implementation.
Initial set-up concerns
When setting up ELDs in your fleet, consider the following security tips:
- Select a trusted vendor.
- Consult with the vehicle manufacturer to better understand your risks.
- Determine whether the ELD will be allowed to interact with your driver’s laptop, tablet, cell phone, or other personal device. Given the lack of security on most personal devices, it is a wise practice to restrict this interaction.
- Decide whether ELD Wi-Fi or Bluetooth connections should be limited to transmitting data to law enforcement personnel. Many Wi-Fi networks are not secure and leave the fleet vulnerable to a cyber-attack.
- When installing an ELD, make sure there is:
- A secure connection between the device and truck, and
- A notification if the connection has been compromised
Questions for your ELD manufacturer
The following security questions should be posed to your ELD manufacturer regarding security measures built into the ELD system:
- Is the manufacturer using 96-bit or 256-bit encryption that changes after each handshake — the procedure by which one device initiates communication with another?
- What steps will the manufacturer take in the event of a cyberattack? As device manufacturers fix problems in one area, hackers are busy trying to find other ways to breach security.
- Is the communication between the engine and the ELD enforced?
- Were technical standards or best practices followed in the device’s development?
- Does the ELD protect confidentiality and integrity of communications?
- Have penetration tests been performed on the ELD?
- Does the ELD have a secure boot?
- Does the device ship with debug mode enabled?
Ongoing security efforts
Your cyber security continues after an ELD is installed, including:
- Updating ELD software regularly, since updates can contain security patches that fix newly- discovered vulnerabilities.
- Making sure to change all default passwords and finding out if the device will shut down automatically after multiple failed log ins.
- Making sure your drivers:
- Are aware of the proper way to use the ELDs, and
- Understand the importance of proper security.
- Instructing drivers to:
- Avoid leaving password information in the cab; and
- Set up complex passwords.
Key to remember: Hackers are continually refining their methods of attack, so your motor carrier needs to make sure its data will not be breached through the company’s ELDs.
It’s been over two years since the FBI released its bulletin warning motor carriers about cyber security threats related to electronic logging devices (ELDs). Since the guidance, hackers have continued to become more sophisticated, looking for their in-road to corporate networks. For your motor carrier, that path just might be your choice of ELD.
What’s the threat?
Your ELD tracks a lot of data on your vehicle(s) and motor carrier and presents an access point for a cybercriminal to steal your fleet’s critical information. Not only do ELDs contain information about your drivers and trucks, but, depending on what your ELDs are integrated with, hackers could see your customer information, invoices, costs, etc.
An ELD’s wireless connectivity has sparked several security concerns, including:
- Remote access of a vehicle’s components through Wi-Fi or Bluetooth;
- Data breaches including shipment tracking, dispatching, and the company network; and
- Installation of malware, including ransomware.
To further complicate the matter, the Federal Motor Carrier Safety Administration’s ELD mandate doesn’t contain cybersecurity requirements, third-party validation, or testing for quality assurance.
Instead, you need to be your own advocate by:
- Asking your ELD vendor the right questions, and
- Implementing security practices after purchase and implementation.
Initial set-up concerns
When setting up ELDs in your fleet, consider the following security tips:
- Select a trusted vendor.
- Consult with the vehicle manufacturer to better understand your risks.
- Determine whether the ELD will be allowed to interact with your driver’s laptop, tablet, cell phone, or other personal device. Given the lack of security on most personal devices, it is a wise practice to restrict this interaction.
- Decide whether ELD Wi-Fi or Bluetooth connections should be limited to transmitting data to law enforcement personnel. Many Wi-Fi networks are not secure and leave the fleet vulnerable to a cyber-attack.
- When installing an ELD, make sure there is:
- A secure connection between the device and truck, and
- A notification if the connection has been compromised
Questions for your ELD manufacturer
The following security questions should be posed to your ELD manufacturer regarding security measures built into the ELD system:
- Is the manufacturer using 96-bit or 256-bit encryption that changes after each handshake — the procedure by which one device initiates communication with another?
- What steps will the manufacturer take in the event of a cyberattack? As device manufacturers fix problems in one area, hackers are busy trying to find other ways to breach security.
- Is the communication between the engine and the ELD enforced?
- Were technical standards or best practices followed in the device’s development?
- Does the ELD protect confidentiality and integrity of communications?
- Have penetration tests been performed on the ELD?
- Does the ELD have a secure boot?
- Does the device ship with debug mode enabled?
Ongoing security efforts
Your cyber security continues after an ELD is installed, including:
- Updating ELD software regularly, since updates can contain security patches that fix newly- discovered vulnerabilities.
- Making sure to change all default passwords and finding out if the device will shut down automatically after multiple failed log ins.
- Making sure your drivers:
- Are aware of the proper way to use the ELDs, and
- Understand the importance of proper security.
- Instructing drivers to:
- Avoid leaving password information in the cab; and
- Set up complex passwords.
Key to remember: Hackers are continually refining their methods of attack, so your motor carrier needs to make sure its data will not be breached through the company’s ELDs.
Recent Industry highlights
Professional ServicesWarehousingWholesale DistributionEntertainmentPublic AdministrationManufacturing (32/Non-Durable)HealthcarePersonal ServicesRepair ServicesMiningReal EstateConstructionManufacturing (33/Durable)RetailManufacturing (31/Food/Textiles)TransportationUtilitiesWaste ManagementSolvent Contaminated WipesMunicipal Solid WasteCRTsPharmaceutical WasteCharacteristic WasteShop RagsIndustrial FurnacesRecyclingWaste BurningTrashPrecious MetalsRCRAResource Conservation and RecoveryGarbageOily RagsCAAListed WasteSolvent WasteAcute WasteConditionally Excluded WasteCathode Ray TubesNon-Acute WasteUsed BatteriesHazardous Secondary MaterialsBoilersClean Air ActHazWasteLandfillingWaste BurnersSMS TrialSMS PremiumSMS AdvancedSMS Trial EnterpriseSMS Essentialr40CFR266.104r40CFR60AppendixA-7r40CFR63.849r40CFR60.2690r40CFR60.2125r40CFR63.1208r40CFR63.1625r40CFR60.17r40CFR63SubpartAAAAAAA40 CFR 266.10440 CFR 60 Appendix A-740 CFR 63.84940 CFR 60.269040 CFR 60.212540 CFR 63.120840 CFR 63.162540 CFR 60.1740 CFR 63 Subpart AAAAAAA40 CFR 266.104 Standards to control organic emissions.40 CFR 60 Appendix A-7 Appendix A-7 to Part 60 - Test Methods 19 through 25E40 CFR 63.849 Test methods and procedures.40 CFR 60.2690 How do I conduct the initial and annual performance test?40 CFR 60.2125 How do I conduct the initial and annual performance test?40 CFR 63.1208 What are the test methods?40 CFR 63.1625 What are the performance test and compliance requirements for new, reconstructed, and existing facilities?40 CFR 60.17 Incorporations by reference.
NewsErgonomicsIn-Depth ArticleHeat and Cold ExposureSafety & HealthInjury and Illness Recordkeeping FormsInfectious DiseasesCOVID-19Injury and Illness RecordkeepingSanitationEnglishErgonomicsIndustry NewsConstruction SafetyGeneral Industry SafetyAgriculture SafetyMaritime SafetyRestroomsFocus AreaUSA
2023-03-20T05:00:00Z
Bill to restore ergonomics column to Form 300 and offer safeguards for meat packers
Popular Industry highlights
NewsIndustry NewsEnglishHAZWOPER Emergency ResponseSafety & HealthInjury and Illness RecordkeepingGeneral Industry SafetyMaritime SafetyOil Spill PreventionHAZWOPEREnvironmentalIn-Depth ArticleWater QualityUSAOil SpillsFocus AreaInjury and Illness Recordkeeping
2023-03-15T05:00:00Z
Will OSHA require records for flu-like illness in oil-spill workers?
RELATED NEWS
01/27/2023
NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Electronic logging device (ELD)Risk Management TransportationRisk Management - Motor CarrierVehicle TechnologyIn-Depth ArticleFleet OperationsVehicle TechnologyEnglishFocus AreaTransportationUSA
Get consent before collecting biometric data with ELDs and dash cams
01/03/2023
NewsTransport CanadaIndustry NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Electronic logging device (ELD)Hours of ServiceHours of service - CanadaFocus AreaFleet OperationsEnglishTransportationUSA
Canada begins issuing ELD citations
TransportationOilfield Exception14-Hour On-Duty Rule100-Air-Mile Exception10-Hour Off-Duty Rule11-Hour Daily Driving Limit100-Air-Mile Radius Driver34-Hour Restart ProvisionMandatory Break Provision60-Hour/7-Day Limit16-Hour Short Haul ExceptionSleeper-Berth ProvisionSplit-Sleeper OptionAdverse Driving Conditions70-Hour/8-Day LimitRecord of Duty Status150-Air-Mile Non-CDL ProvisionHOSSMS EssentialSMS Trial EnterpriseEncompass EssentialSMS TrialEncompass PremiumSMS AdvancedEncompass AdvancedSMS Premium
12/20/2022
NewsIndustry NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Federal Motor Carrier Safety Administration (FMCSA), DOTElectronic logging device (ELD)Compliance, Safety, Accountability CSACompliance, Safety, Accountability CSAFocus AreaEnglishTransportationUSA
A new violation is coming to a CSA screen near you!
TransportationSleeper-Berth Provision150-Air-Mile Non-CDL ProvisionOilfield ExceptionELDs100-Air-Mile ExceptionMandatory Break Provision11-Hour Daily Driving Limit16-Hour Short Haul ExceptionAdverse Driving Conditions10-Hour Off-Duty RuleHOS60-Hour/7-Day LimitRecord of Duty StatusSplit-Sleeper Option100-Air-Mile Radius Driver70-Hour/8-Day Limit34-Hour Restart Provision14-Hour On-Duty RuleSMS PremiumEncompass PremiumSMS AdvancedSMS Trial EnterpriseEncompass AdvancedEncompass EssentialSMS TrialSMS Essentialr49CFR395.24r49CFR395.849 CFR 395.2449 CFR 395.849 CFR 395.24 Driver responsibilitiesIn general.49 CFR 395.8 Drivers record of duty status.
12/19/2022
NewsIndustry NewsEnglishFleet SafetyElectronic logging device (ELD)Electronic logging device (ELD)Compliance, Safety, Accountability CSACompliance, Safety, Accountability CSAFocus AreaIn-Depth ArticleEnforcement - DOTRoadside InspectionsTransportationUSA
ELD transfer violations now affecting CSA scores
12/15/2022
NewsIndustry NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Federal Motor Carrier Safety Administration (FMCSA), DOTHours of ServiceElectronic logging device (ELD)Hours of ServiceDriver's record of duty statusFocus AreaEnglishTransportationUSA
Is your ELD in danger of dying along with 3G?
Transportation14-Hour On-Duty RuleELDs60-Hour/7-Day LimitSleeper-Berth ProvisionSplit-Sleeper Option11-Hour Daily Driving LimitRecord of Duty StatusAdverse Driving ConditionsHOS150-Air-Mile Non-CDL Provision70-Hour/8-Day Limit100-Air-Mile Exception100-Air-Mile Radius Driver16-Hour Short Haul Exception34-Hour Restart ProvisionMandatory Break ProvisionOilfield Exception10-Hour Off-Duty RuleSMS TrialSMS AdvancedEncompass EssentialSMS Trial EnterpriseEncompass PremiumSMS PremiumSMS EssentialEncompass Advancedr49CFR395.3449 CFR 395.3449 CFR 395.34 ELD malfunctions and data diagnostic events.
09/23/2022
NewsIndustry NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Federal Motor Carrier Safety Administration (FMCSA), DOTElectronic logging device (ELD)Focus AreaEnglishTransportationUSA
FMCSA seeks feedback on ELDs
TransportationRecord of Duty Status10-Hour Off-Duty Rule70-Hour/8-Day LimitOilfield Exception60-Hour/7-Day Limit14-Hour On-Duty RuleMandatory Break ProvisionAdverse Driving ConditionsELDsHOS11-Hour Daily Driving LimitSleeper-Berth Provision100-Air-Mile Radius Driver16-Hour Short Haul ExceptionSplit-Sleeper Option100-Air-Mile Exception150-Air-Mile Non-CDL Provision34-Hour Restart ProvisionSMS EssentialSMS PremiumSMS TrialEncompass AdvancedSMS AdvancedEncompass EssentialSMS Trial EnterpriseEncompass Premiumr49CFR395SubpartB49 CFR 395 Subpart B49 CFR 395 Subpart B Electronic Logging Devices (ELDs)
09/22/2022
NewsIndustry NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Federal Motor Carrier Safety Administration (FMCSA), DOTElectronic logging device (ELD)Focus AreaEnglishTransportationUSA
FMCSA provisionally renews short-term rental truck ELD exemption
Transportation100-Air-Mile Exception10-Hour Off-Duty Rule60-Hour/7-Day LimitRecord of Duty Status100-Air-Mile Radius Driver16-Hour Short Haul Exception70-Hour/8-Day LimitSleeper-Berth ProvisionAdverse Driving Conditions14-Hour On-Duty RuleMandatory Break ProvisionOilfield Exception34-Hour Restart ProvisionELDs11-Hour Daily Driving Limit150-Air-Mile Non-CDL ProvisionSplit-Sleeper OptionHOSSMS EssentialSMS PremiumSMS TrialEncompass AdvancedSMS AdvancedEncompass EssentialSMS Trial EnterpriseEncompass Premiumr49CFR395.3449 CFR 395.3449 CFR 395.34 ELD malfunctions and data diagnostic events.
09/08/2022
NewsIndustry NewsFleet SafetyElectronic logging device (ELD)Electronic logging device (ELD)Hours of ServiceLog summary sheet - Motor CarrierDriver's record of duty statusFocus AreaIn-Depth ArticleUSAEnglishTransportationCMV Inspections
Are your drivers ready to show their records of duty during an inspection?
09/08/2022
NewsBorder crossing - Motor CarrierIn-Depth ArticleOperating authority - CanadaOperating AuthorityFleet TaxesInternational Fuel Tax Agreement (IFTA)TransportationRegistration and Permits - Motor CarrierUSARegistrationEnglishIndustry NewsFleet SafetyTransportation SecurityTransportation SecurityInternational Registration Plan (IRP)Focus AreaCanadian border service agency (CBSA)
1What U.S. carriers need to know when operating in Canada
RELATED TOPICS
['Transportation Security']
Introduction
['Security endorsement background checks - Hazmat']
Introduction
['Electronic logging device (ELD)']
Introduction
['Customs and border protection (CBP)']
Introduction
['Cargo security']
Introduction
['Border crossing - Motor Carrier']
Introduction
['Canadian border service agency (CBSA)']
Introduction
['Customs-trade partnership against terror (C-TPAT)']
Introduction
['Free and Secure Trade (FAST)']
Introduction
['Electronic logging device ELD/Unassigned driving time']
Introduction
['Transportation worker identification credential (TWIC)']
Introduction
['Security - Motor Carrier']
Introduction
['Facility security - Motor Carrier']
Introduction
['Electronic logging device (ELD)']
Introduction
J. J. Keller is the trusted source for DOT / Transportation, OSHA / Workplace Safety, Human Resources, Construction Safety and Hazmat / Hazardous Materials regulation compliance products and services. J. J. Keller helps you increase safety awareness, reduce risk, follow best practices, improve safety training, and stay current with changing regulations.