How secure are your ELDs?
It’s been over two years since the FBI released its bulletin warning motor carriers about cyber security threats related to electronic logging devices (ELDs). Since the guidance, hackers have continued to become more sophisticated, looking for their in-road to corporate networks. For your motor carrier, that path just might be your choice of ELD.
What’s the threat?
Your ELD tracks a lot of data on your vehicle(s) and motor carrier and presents an access point for a cybercriminal to steal your fleet’s critical information. Not only do ELDs contain information about your drivers and trucks, but, depending on what your ELDs are integrated with, hackers could see your customer information, invoices, costs, etc.
An ELD’s wireless connectivity has sparked several security concerns, including:
- Remote access of a vehicle’s components through Wi-Fi or Bluetooth;
- Data breaches including shipment tracking, dispatching, and the company network; and
- Installation of malware, including ransomware.
To further complicate the matter, the Federal Motor Carrier Safety Administration’s ELD mandate doesn’t contain cybersecurity requirements, third-party validation, or testing for quality assurance.
Instead, you need to be your own advocate by:
- Asking your ELD vendor the right questions, and
- Implementing security practices after purchase and implementation.
Initial set-up concerns
When setting up ELDs in your fleet, consider the following security tips:
- Select a trusted vendor.
- Consult with the vehicle manufacturer to better understand your risks.
- Determine whether the ELD will be allowed to interact with your driver’s laptop, tablet, cell phone, or other personal device. Given the lack of security on most personal devices, it is a wise practice to restrict this interaction.
- Decide whether ELD Wi-Fi or Bluetooth connections should be limited to transmitting data to law enforcement personnel. Many Wi-Fi networks are not secure and leave the fleet vulnerable to a cyber-attack.
- When installing an ELD, make sure there is:
- A secure connection between the device and truck, and
- A notification if the connection has been compromised
Questions for your ELD manufacturer
The following security questions should be posed to your ELD manufacturer regarding security measures built into the ELD system:
- Is the manufacturer using 96-bit or 256-bit encryption that changes after each handshake — the procedure by which one device initiates communication with another?
- What steps will the manufacturer take in the event of a cyberattack? As device manufacturers fix problems in one area, hackers are busy trying to find other ways to breach security.
- Is the communication between the engine and the ELD enforced?
- Were technical standards or best practices followed in the device’s development?
- Does the ELD protect confidentiality and integrity of communications?
- Have penetration tests been performed on the ELD?
- Does the ELD have a secure boot?
- Does the device ship with debug mode enabled?
Ongoing security efforts
Your cyber security continues after an ELD is installed, including:
- Updating ELD software regularly, since updates can contain security patches that fix newly-discovered vulnerabilities.
- Making sure to change all default passwords and finding out if the device will shut down automatically after multiple failed log ins.
- Making sure your drivers:
- Are aware of the proper way to use the ELDs, and
- Understand the importance of proper security.
- Instructing drivers to:
- Avoid leaving password information in the cab; and
- Set up complex passwords.
Key to remember: Hackers are continually refining their methods of attack, so your motor carrier needs to make sure its data will not be breached through the company’s ELDs.