Jun 23, 2023

Vehicles and Trucks Are at Risk of Cyberattacks Says FBI

The FBI has issued a cautionary note to trucking companies contemplating the electrification of their fleets, urging them to be vigilant against the increased potential for cyber attacks or ransomware attacks.

The bureau is eager to collaborate with these organizations to mitigate the risks of such incidents, which have the potential to cause significant disruptions.

Do you want to focus more on your daily operations and not stress out yourself and your fleet? It is convenient and practical to be part of a Consortium/Third-Party Administrators (C/TPAs) like Labworks USA to manage all, or part, of an employer's DOT drug and alcohol testing program and other DOT or FMCSA compliance needs. THIS WILL YOU A LOT OF TIME AND RESOURCES that you can redirect on any unprecedented additional expenses. We perform tasks as agreed to by the employer to assist in implementing the drug and alcohol testing program and to help keep the employer compliant with the DOT/FMCSA Drug and Alcohol Testing rules and regulations.
We as a DOT Consortium can help you.

During the American Trucking Associations’ Technology & Maintenance Council’s 2023 Summer Conference & Fleet/Utility Forum, FBI Supervisory Special Agent David Smith emphasized that electric vehicles present an increased risk for cybercriminals to exploit. To be exact, electric fleets are at risk.

Smith, who serves as a transportation program manager within the agency’s cyber division, noted that the transport sector can be targeted by various types of threat actors, including hacktivists, criminals, insiders, spies, terrorists, and warring nations. Government agencies and even private companies are making sure this can be handled.

Cybersecurity is Evolving

Highlighting the ever-evolving nature of the cybersecurity landscape, TMC Cyber Security Task Force Chairman Mark Zachos echoed Smith's concerns, emphasizing that vulnerabilities and back doors are growing and that hacks are constantly evolving. Here's an example of a ransomware or malware attacks chart:


According to Smith, as the trucking industry and the U.S. government continue to enhance their cybersecurity measures, the opposition will likely shift from opportunistic individuals to foreign spies and combatants who possess superior resources and skills in such online activity.

This highlights the urgent need for sustained vigilance across three key areas - software, hardware, and personnel - as emphasized by Scott Aaronson, Senior Vice President of Security and Preparedness at Edison Electric Institute.

The institute, which represents investor-owned utilities responsible for powering the trucking industry, has successfully implemented mandated standards for both outages and cybersecurity, utilizing collaboration and preparedness to effectively combat cyberattacks.

According to Aaronson, standards serve as a solid footing for cybersecurity measures. Nonetheless, he cautioned that standards may fall short on occasion, citing an instance where cybercriminals could overcome a 10-foot fence erected as a result of standards by utilizing a 12-foot ladder.

In the United States, the automotive industry lacks regulations that ensure compliance with established standards and certification from the International Organization for Standardization, unlike its European counterpart where every electric vehicle maker assures safety on cybersecurity.

While acknowledging this, Zachos noted that the interest in implementing such measures is minimal. Protection and enforcement are significant responsibilities that the FBI prioritizes, as stated by Smith, who cautioned against facing cyberattacks alone and emphasized the importance of seeking assistance.

Despite their expertise, the FBI cannot make decisions regarding payments in such situations and encourages individuals to report incidents promptly.

Smith, a cybersecurity expert, has highlighted the emergence of a new trend that warrants attention- the use of artificial intelligence for the development of polymorphic hacks involving ransomware in the trucking industry. According to Mimecast, encryption keys are implemented in polymorphic codes, commonly found in malware or ransomware, to alter their signature and morphology.

How to Avoid Cybersecurity Attacks on Electric Vehicles and Electric Trucks?

To avoid cybersecurity attacks, particularly ransomware, companies must ensure that their IT systems are updated with software providers' patches and collaborate with federal agencies at the earliest possible stage, advised Smith.

Moreover, the U.S. government is focused on developing new approaches to penalize cybercriminals, according to Smith. In 2022, victims of ransomware in the United States paid out ten times more than they did the previous year, he added.

Preempting any potential crises, the federal government is taking proactive steps to safeguard critical infrastructure. To this end, key sectors are being provided with tools by the government. The CISO Academy, spearheaded by the FBI, serves as a distinguished forum for accomplished private-sector Chief Information Security Officers to engage in a collaborative discourse surrounding the mitigation of cyber vulnerabilities.

At the TMC conference, Smith cordially welcomed transportation and utility executives to join the esteemed CISO Academy, which provides comprehensive training and resources for safeguarding their organizations against cyber threats and malicious activities. This exclusive invitation underscores the critical importance of cybersecurity in today's rapidly evolving digital landscape and serves as a testament to Smith's commitment to promoting best practices and fostering collaboration within the industry. The executives also attended the conference to learn about strategies for efficient electrification of fleets.

Moreover, TMC's Cyber Security Task Force is creating best practice guidelines. Given that the entire nation is moving toward electrification, as pointed out by Aaronson, adopting proactive measures is imperative.

Quick Tip: Speaking of safety, Here's a list of DOT Consortium services we offer at Labworks USA with respective rates that can be your reference to have better safety and compliance expense projections.

In Conclusion

Consequently, the freight transportation sector must acknowledge that electricity is not an exclusive option, unlike diesel, and adapt accordingly, as highlighted by TMC Technical Director Jack Legler during a conference on June 20. Energy facilities are also a concern but that's another topic.

Volvo Group Vice President of Product Planning, Keith Brandis, emphasized that carriers seeking to transition to electric vehicles must anticipate unanticipated setbacks during the same panel discussion.

Furthermore, trucking firms must recognize that the equipment procurement cycle in the electricity industry varies from their accustomed practices, with a minimum order lead time of 24 months, according to Brandis.

During a panel discussion on June 20th, Kenneth Marko, Fleet Sustainability Manager at US Foods, emphasized the potential value of movable charging systems in the context of initial fleet electrification initiatives. Marko shared that US Foods encountered challenges in California when selecting permanent charging stations for their pilot project, as their initial choices did not align with the approved product lists of their utility partner. Consequently, Marko opted for portable alternatives to ensure seamless operations.

In line with this trend in the advancement of technology in the trucking industry, we want to make sure that you stay compliant with any DOT and FMCSA compliance.It should never be taken for granted too. Feel free to reach out to us at Labworks USA. 

Our DOT Consortium's friendly team will be more than happy to discuss any concerns you may have and work with you to ensure you are always fully compliant, especially with random DOT drug and alcohol testing and pre-employment testing. Moreover, if you need help with FMCSA Clearinghouse registration, we can further support you.