With millions of commercial vehicles now running electronic logging devices (ELD), concerns have been raised about cyber attacks. While manufacturers insist their devices are safe from intruders, primarily because they only read data, ELDs are just the latest technology-enabled device to become an integral part of a commercial vehicle. In recent years, truck manufacturers have tapped into the power of “over-the-air” programming, allowing them to send critical updates to diagnostics systems – even tuning engines – over WiFi or cellular networks instead of requiring drivers to spent hours at dealer shops waiting for the updates to downloaded.
But what happens if a hacker is able to get into one these trucks, either through the ELD, however unlikely, or through another onboard computer system? For vehicles with many electronically controlled safety systems, an attack can be crippling and even deadly.
A 2016 University of Michigan study found that commercial vehicles are extremely vulnerable to hacking through the J1939 standard. “The openness of J1939 allows anyone who can make a payment to receive technical details about standard PGNs, allowing a potential adversary to easily gain the knowledge necessary to attack safety critical components,” the paper noted.
The authors pointed out that once an attacker has access to a vehicle’s internal network, “vehicle status or external events can be monitored to trigger various behaviors, and the software can avoid forensic analysis by erasing itself.”
In the study, researchers were able to manipulate data on the instrument clusters as well as powertrain. “We were able to override the driver’s input to the accelerator pedal and simultaneously cause either direct acceleration or remove the ability to provide torque to the wheels while the truck was in motion,” they wrote.
The engine brake could also be disabled, they found.
Certainly, hacking a vehicle provides a real safety threat, but there are other threats to carriers, and they come in the form of the back office. With all the data carriers are now compiling, including critical customer information, how safe are back office systems? It only takes one mistake by a single employee clicking a link they shouldn’t to unleash a torrent of evil on their internal systems.
The growing concern over a cyber attack is one of the reasons that insurance brokers have reported an 81% increase in demand for some type of cyber coverage, according to the Council of Insurance Agents & Brokers’ Commercial Property/Casualty Market Index Q3 2017.
According to CSO, the cost of a data breach in North America is $1.3 million for enterprise businesses and $117,000 for small and medium-sized businesses (SMB).
According to the article, which quoted a Kaspersky Labs study (the U.S. Department of Homeland Security has since advised against using Kaspersky Lab software because of its alleged connections to the Russian government), enterprise businesses suffer a number of ills from a cyber attack, including:
- Physical loss of devices or media containing data ($2.8 million)
- Incidents affecting IT infrastructure hosted by a third party ($2.2 million)
- Electronic leakage of data ($1.9 million)
- Inappropriate IT resource use by employees ($1.1 million)
- Viruses and malware ($519,000)
SMBs are not immune either:
- Targeted attacks ($188,000)
- Incidents involving non-computing connected devices ($152,000)
- Physical loss of devices or media containing data ($83,000)
- Inappropriate IT resource use by employees ($79,000)
- Viruses and malware ($68,000)
Because of this rising concern and cost, more firms are turning to cyber insurance. Cyber insurance can help cover a business for costs associated with a cyber attack. Depending on the specific policy, it might cover financial loss, credit monitoring for employees or customers, and costs associated with notifying customers, forensics to identify the intrusion, business interruption, crisis management expenses and cyber extortion.
Reliance Partners is now offering cyber insurance alongside its other business insurance plans, which include commercial property coverage, general liability, business owner’s policy, workers’ compensation and more.
According to Reliance, there are more than 400 new threats every minute in the world. The company recommends working with a specialist that can help mitigate any attack, but also consider training employees on cyber security and safe network use.
Reliance says that cyber liability insurance usually covers errors and omissions, but also “media damage.”
“The internet is a cesspool of information, and bad news travels quickly. A business might have to deal with advertisement damage, libel, slander, or even trademark infringement, which might occur during a data breach,” Reliance said. “Cyber liability insurance should be able to cover some of these costs. Keep in mind that any loss suffered after the breach is usually not covered, such as a failed re-branding of your business. However, expenses incurred for public relations, which will help your image are covered.”
Any cyber insurance should also cover network security issues as well as a forensic audit to identify the problem. Legal advice is also often covered, as there are certain steps legally you must take if you identify a breech.
Whether it’s your truck or your office computer network, simply hooking up to the internet comes with risk, and smart companies are now beginning to protect themselves with cyber insurance.
Stay up-to-date with the latest commentary and insights on FreightTech and the impact to the markets by subscribing.