Nearly every one of us has a story of a hacking victim. Perhaps you felt the gut-wrenching effects of a virus that caused you to lose an important midterm paper, maybe your login credentials appeared in the latest security breach, or some of you have likely dealt with the harsh consequences of ransomware.
Merriam-Webster defines hacking as the act of gaining illegal access to a computer network or system. For a fleet, we’ll focus on three types of systems that require cybersecurity attention and resource allocation:
- Business systems
- Shop systems
- Vehicle systems
The Elk Cloner in 1981 is credited as the first computer virus to cause a massive outbreak. As the number of computers across the world grew, so did the “reward” for a successful virus, therefore increasing the occurrences of hacking attempts; simple supply and demand.
As viruses, malware, and hacking became a significant risk to personal and business systems, efforts to thwart these attacks became prevalent. Whether through improved encryption, smarter internal processes, or software such as antivirus, organizations have taken steps to protect their business systems from cybersecurity threats.
There is a myriad of resources to learn how to protect devices like laptops, PCs, tablets, and cellphones from cybersecurity attacks. For that reason, we shift our focus to the two systems that receive less attention but are vulnerable to significant attacks when left unprotected, especially in a growing IoT industry – shop systems and vehicle systems.
For this article, we define shop systems as the electronic tools technicians, service writers, and others within the shop environment use to diagnose and repair vehicles. There is some overlap with business systems, as many of these systems are laptop or tablet-based, but with some special considerations because they communicate with the vehicle.
Due to the similarities, it is recommended to equip shop systems with the same cybersecurity applications as your business systems to combat instances of malware, viruses, and similar attacks. Additionally, shop personnel should receive similar training to follow best practices, such as how to identify potentially malicious files or websites.
Pay special attention to systems that require constant internet connection and activity, such as those at the parts counter. These PCs and tablets are more vulnerable to attacks simply because being constantly connected opens the door for hackers to access the device.
A concern with shop systems is the software used to communicate with trucks. A majority of aftermarket and OE applications are capable of bi-directional communication with the truck, meaning they can read information from the vehicle and give commands back to the truck. Bi-directional controls are a critical part of the repair process, but technicians should only utilize them from trusted applications. For this reason, never purchase pirated software copies or from unauthorized dealers, as you run the risk of compromised applications having access to the truck’s communication channels.
As IoT quickly gains momentum in the industry and shifts focus toward autonomy and advanced driver assistance technology, the need to protect trucks from cybersecurity threats is more significant than ever. Historically, making malicious adjustments to a vehicle required physical access to the truck, but with today’s technology, hackers can potentially modify or disable safety systems from afar.
Whether it is a telematics company, an aftermarket device, or any other third party that will receive access to your vehicle’s data and components, act vigilantly to learn how they will safeguard the access. Ask questions about whom they give access to, how they encrypt the data coming off the vehicle, and what their processes are for ensuring only authorized users can access the data.
Protecting your Organization
Now that we’ve highlighted the risks associated with each type of system within an organization let’s look at the best practices to protect from cybersecurity threats. The first step is simply awareness; understand what threats can affect your company and initiate conversations about which actions are necessary to alleviate those threats.
Recognize that cybersecurity is an ongoing concern and you can’t just create a solution and consider yourself protected. You must develop and implement cybersecurity policies across the organization, train employees on the plans, and routinely audit yourself to ensure those policies are up to date and adhered. Test your employees to ensure they are applying best practices, even if that means staging a fake attack to gauge their response.
Whether the need is driven by new, emerging threats or by technological advancements that better protect the organization, it is critical to keep pace with change to ensure your organization can defend itself.
Protecting your Shop
Once you establish organizational processes, consider special precautions to safeguard your shop systems and the vehicles they connect to.
If your shop systems connect to the internet, they are just as vulnerable as your business systems. For this reason, IT professionals who understand cybersecurity should manage these devices. If this option isn’t feasible in-house, consider outsourcing the management of shop devices to a service like Noregon’s Diagnostic Management Tool service that handles cybersecurity and antivirus efforts in addition to other services like procuring, updating, and troubleshooting software.
Train technicians to be vigilant. If a technician detects an electronic component on the vehicle that looks like it may not belong, he or she should report the issue. All devices and applications that technicians connect to a truck should be verified and approved, and internet access in a service bay should be limited to those devices.
All networks (local or cloud-based) used in the shop should be secure up and down its lifecycle chain. Hardware and software should be purchased from reputable sources to avoid applications that are susceptible to backdoors that serve as an attack vector.
Finally, avoid writing down passwords in clear view. Shop device passwords should only be accessible to those who need the information and should be stored somewhere secure, rather than somewhere that could potentially be in plain sight of others.
The best applications and processes for avoiding cybersecurity threats may change, but the policies of training, educating, and being proactive remain the same. We recommend joining TMC committees and participating in programs such as the American Trucking Association’s Fleet CyWatch. Ensure your security policies are in place, up to date, and regularly audited. If you can’t create a staff of cybersecurity experts, outsource that aspect of your organization.
Always remember that shop and vehicle systems deserve as much attention as business systems. Hire the correct people, provide ample training, and remain educated and proactive on emerging threats to stay ahead of the curve and combat attacks to your systems.
This article was sponsored by Noregon Systems. For more information, please visit our website at www.noregon.com