Jul 11, 2023

Trucking Cybersecurity Enhancement Through Industrial Control System

The average citizen's perception of a semi-truck on the road tends to be limited to its visible features such as the cab, trailer, driver, and the imposing 18 wheels.

Regrettably, the uninitiated mind rarely delves into the intricate wide range of details of the machine's inner workings, which enable it to function effectively.

However, industry experts such as truck drivers, mechanics, and other professionals, are acutely aware of the intricate complexity of the semi-truck.

The engine control unit, telematics devices, vehicle network, cabin controls, and other vital components collectively form the larger system that facilitates the seamless operation of the truck. It is exposed to cyber threats or cyber risks via unauthorized access. It requires a security solution.

To those in the realm of information technology, there is a striking semblance to be found between the subject at hand and what is commonly referred to as an industrial control system (ICS). ICSs are critical infrastructures. 

Do you want to focus more on your daily operations? It is convenient and practical to be part of a Consortium/Third-Party Administrators (C/TPAs) like Labworks USA to manage all, or part, of an employer's DOT drug and alcohol testing program and other DOT or FMCSA compliance needs. THIS WILL YOU A LOT OF TIME AND RESOURCES that you can redirect on any unprecedented additional expenses. We perform tasks as agreed to by the employer to assist in implementing the drug and alcohol testing program and to help keep the employer compliant with the DOT/FMCSA Drug and Alcohol Testing rules and regulations.
We as a DOT Consortium can help you.

This is an overarching term that pertains to the interplay of a variety of control elements, systems, and instrumentation in attaining an objective in industrial automation.

The ICS Framework

Within the ICS framework, there exists a subset known as supervisory control and data acquisition systems (SCADA), which are typically utilized for remote monitoring, particularly for geographically expansive systems encompassing utilities such as water, power, and gas.

In much the same manner, this phenomenon bears a resemblance to the mechanisms employed within a truck, where digital communication is utilized to facilitate contact with a remote source across vast distances.

Chloe Callahan, the IT operations manager at Peninsula Truck Lines Inc., has stated that ICS (Industrial Control Systems) comprises both active and passive components, along with inputs and outputs. She further added that this is also true for their networks.

In the trucking industry, there exist active components that can be automated. To enable automation, a logical framework needs to be established with values serving as triggers for actions.

In the absence of adequate security measures, cybersecurity threats, cybersecurity posture, and cybersecurity risks can penetrate unsecured systems with ease. Without a comprehensive understanding of the systems in place, safeguarding them is an impossibility. That's why there are regulatory requirements by the private sector proposing access control over malicious activities.

Upon gaining knowledge about the ICS/SCADA framework in the trucking industry during her attendance at the National Motor Freight Traffic Association’s (NMFTA’s) Digital Solutions Conference, Callahan became intrigued and sought to delve deeper into the subject matter. 

An extreme level of security to match any possible human error could impact the general national security and economic security of the trucking industry.

Now, she is highly encouraging her fellow IT professionals to explore the applicability of ICS/SCADA concepts in trucking.

Alongside Antwan Banks, the director of cybersecurity at NMFTA, Callahan is actively drawing parallels between ICS and trucking in the monthly cybersecurity webinar series, leading up to the upcoming October Digital Solutions Conference in Houston.

The conference aims to bring together industry professionals from cybersecurity, trucking, and supply chain domains, to discuss emerging cybersecurity threats, cyber-attacks, ransomware attacks, phishing attacks, network segmentation, physical networks, physical security measures, control system configurations, individual systems, operational technology systems, and other cybersecurity activities matching related challenges faced by the transportation and logistics industries.

For sure the energy sector, the Federal Government, and hundreds of thousands of other industrial sectors representatives will be there since this involves National security systems.

Callahan provided a profound perspective on the potential application of ICS/SCADA concepts in the realm of trucking.

From Logistics to Cybersecurity: Uncovering the Surprising Links Between ICS and Trucking

1. The process of threat modeling involves a systematic approach to identifying and prioritizing potential threats to an organization's assets.

A crucial step in defending these assets is to have a clear understanding of what they are, as highlighted by Callahan.

This principle applies to the trucking industry as well. In order to safeguard their systems, meaning having an effective defense, trucking companies need to have a comprehensive understanding of their assets, including both active and passive components, and maintain visibility into their environment.

Direct access to these assets is essential for operational resilience.

2. Unmanned sites and devices that are remotely controlled in an industrial control system present a significant security challenge.

The potential for unwanted input in such scenarios calls for a proactive approach to security.

Although trucks are manned by drivers, they lack control over vehicle networks. To mitigate security risks, Callahan suggests considering the various components of a truck's system, including sensors, actuators, electronic control units, ELDs, aftermarket additions, gateways, OEM segments, ports, and HMIs, as potential targets for malicious

This current stage is manageable with proper security directives.

3. The realm of communication standards or protocols

This plays a crucial role in facilitating seamless interactions between various systems.

However, in the context of ICS protocols, the absence of crucial security features such as authentication, authorization, and encryption renders them inherently vulnerable. There will be fundamental security challenges. This can be attributed to the non-standardized software development life cycle and prolonged technology lifespan.

Similar challenges are faced in the realm of trucks, where average life spans of 10 to 15 years are not uncommon.

To address this, IT professionals are encouraged to gain a thorough understanding of prevalent truck protocols such as SAE J1708 and 1587, which are relatively antiquated, J1939 which has since superseded them, Controller Area Network, and SAE 2497 - a bidirectional, serial communication protocol on Powerline Controller.

By equipping themselves with such knowledge, IT professionals can take proactive steps to mitigate potential security risks and ensure optimal functionality across all systems from any attack scenarios.

4. ICS Systems' Unique Hardware and Maintenance Concerns

The hardware components of Industrial Control Systems (ICS) are distinct, proprietary, and often outdated, according to industry expert Callahan. Compromised devices and less functional protection devices.

Given the longevity of their assets, trucking companies rely on ICS equipment that may not have the latest firmware or security updates. This is a critical software requirement.

While advisories for ICS vulnerabilities exist, trucking companies must stay vigilant and informed about the hardware comprising their fleets.

Quick Tip: Here's a list of DOT Consortium services we offer at Labworks USA with respective rates that can be your reference to have better expense projections.

5. Standards and Guidance for ICS Security

The National Institute of Standards and Technology (NIST) offers comprehensive security guidelines for various scenarios, including the NIST 800-82 Guide to Industrial Control Systems Security which specifically addresses ICS. Moreover, NIST also provides a cybersecurity framework for IT security. To bolster overall security, Callahan advises individuals to familiarize themselves with both NIST resources.

Callahan emphasized the importance of avoiding unnecessary innovation and overthinking. Rather, he advised returning to the fundamentals of threat modeling. It is essential to acknowledge that attack vectors remain varied, ranging from simple social engineering techniques to more sophisticated strategies.

6. The paramount concern in both ICS and trucking is the safety of human beings.

According to Callahan, safety is the primary objective of both operational technology and ICS. The Safety Instrumented System is a redundant system that is dedicated to preventing failures and ensuring safety.

Callahan raises a pertinent question regarding the operation of heavy vehicles on roadways and the safety of drivers and passengers in the cab. The need for redundant systems and instrumentation is crucial in ensuring the safety of all concerned parties.

The NMFTA cybersecurity webinar delves further into the notion of cross-training ICS in fleet management. It offers a comprehensive understanding of the Purdue Model and resources to gain further insights.

Conclusion: Ensuring a Secure Future for the Trucking Industry

In conclusion, it is of utmost importance to prioritize and implement robust cybersecurity measures in the trucking industry to ensure a secure future. As technology advancements continue to transform the industry, there is an increasing need for protecting the critical infrastructure and systems that power trucks and their operations. The concept of Industrial Control System (ICS) security plays a vital role in enhancing cybersecurity in this sector.

By focusing on trucking cybersecurity enhancement through ICS, organizations can effectively safeguard against potential cyber threats such as hacking attempts, data breaches, or system malfunctions. Implementing comprehensive security measures such as encrypted communication channels, regular vulnerability assessments, real-time threat monitoring, and strong access controls can significantly mitigate risks and protect sensitive information.

Furthermore, collaboration between stakeholders including government bodies, truck manufacturers, software developers, and fleet operators is imperative for establishing industry-wide standards and best practices. With joint efforts towards enhancing cybersecurity education and training programs for employees across the trucking ecosystem, we can build a resilient future where technological advancements go hand-in-hand with robust security measures. This will not only protect the integrity of critical systems but also inspire trust among customers and ensure sustained growth in the trucking industry for years to come.

Do you want to learn more? Check out our deep-dive article about trucking security here.

Moreover, If you need further support with any DOT and FMCSA Compliance, feel free to reach out to us at Labworks USA.

If you are looking for more information about drug and alcohol testing as a truck driver, visit LabWorks USA. Our DOT Consortium's friendly team will be more than happy to discuss any concerns you may have and work with you to ensure you are always fully compliant specially with random DOT drug and alcohol testing pre-employment testing. Moreover, if you need help with FMCSA Clearinghouse registration, we can further support you.