A warning last week from federal law enforcement on the cybersecurity risks associated with electronic logging devices (ELDs) has raised awareness in the trucking industry on the potential costs of getting hacked.
The Federal Bureau of Investigation (FBI) would not comment on whether the notice it sent to private companies involved in the trucking industry was based on recent ELD cyber threat activity. “There are no current ELD hacks that we are aware of,” Sharon Reynolds, Chief Information Security Officer at Omnitracs, a major ELD maker, told FreightWaves.
Reynolds, who confirmed that Omnitracs was one of the companies that received the FBI notice, pointed out that it was intended as “a proactive exercise in order to create a better security posture and avoid potential future hacks.”
It also created an opportunity for the trucking industry – which has known about ELD security risks since they were required in 2015 by the Federal Motor Carrier Safety Administration (FMCSA) to log driver work hours – to take a fresh look at the risks.
“From a cost perspective, the effect on smaller guys will be bigger just because they don’t have the money or overhead to install protections on their own,” Lewie Pugh, executive vice president of the Owner-Operator Independent Drivers Association told FreightWaves. Pugh pointed out that roughly 75% of OOIDA’s 160,000 members own a truck equipped with an ELD (with remaining membership able to claim an exemption to the mandate).
“On the other hand, if you’re a major truckload carrier with a large fleet, there’s more risk of doing bigger damage within one company. It all depends on how hackers choose to go after their targets.”
Thom Albrecht, CFO and Chief Revenue Officer at insurance company Reliance Partners, noted that “cyber thieves are relentless in finding new devices to hack,” whether it be laptops, cell phones or ELDs.
“With 97% of the industry having 20 or fewer trucks, the trucking industry is more vulnerable than most large industries simply because of its incredible fragmentation,” Albrecht told FreightWaves. He agreed with Pugh that small fleets often lack the resources to provide proper cyber protection, “thus highlighting the need for cyber insurance protection more than ever.”
Brenda Wiser, Reliance Partners’ Chief Marketing Officer, said that smaller carriers, as is the case with large trucking companies, can have their reputation damaged if they don’t properly mitigate ELD cyber risks. “A small guy can contract with a large shipper, and if a hacked ELD causes operational problems they can lose their reputation as a reliable carrier that delivers freight on time and in good condition.”
ELD providers may also have to up their game if hackers begin paying more attention to the devices as a way to disrupt carriers.
In responding to industry concerns about data security when it was formulating the ELD rule, the FMCSA believed at the time that the security standards “have appropriately balanced industry standards, privacy, the need for accurate HOS monitoring, and the cost of security measures,” the agency stated in the final rule. “FMCSA notes that it has only established minimally compliant standards in this rule, and there could be a market for more security features on an ELD.”
To that point, Omnitracs asserted that it has engaged with third-party security firms to conduct “penetration testing” in addition to partnering experts with our engineering teams to build ELDs with a “security-first” approach. “As with any company’s security posture, the work will never finish. However, Omnitracs is vigilant and aggressively looks for opportunities to advance in this area.”