The trucking industry and its supply chain rank fifth among all businesses at risk of cybersecurity attacks as the number of possible threats against the transportation sector has grown 100-fold in just four years.
Preparing for an attack is as important as mitigating the damage when it happens, said Sharon Reynolds, chief information security officer for Omnitracs.
“The transportation sector was the second-most targeted industry in 2018,” she said during a panel discussion at the American Trucking Association’s Management Conference & Exhibition on October 6. The number of potentially suspicious events swelled from 800,000 in 2015 to 800 million in 2018.
Preparation, identification and assessment of vulnerabilities are the most important steps a company can take. Containing an attack needs to happen in minutes, not hours or days.
Birmingham, Alabama-based J&M Tank Lines learned that lesson the hard way – twice.
In April this year, the company’s computer system was hacked, leaving the carrier unable to process invoices or accurately pay its drivers. It refused a ransomware demand for $250,000 in Bitcoin and labored for four days until it regained control of its data.
“It was really a storm.” CEO Harold Sumerford said. “It blew us out of the water.”
J&M hired a host of consultants, including Crowdstrike, to recover what was hacked. Along the way, it learned the importance of having relationships with forensic data experts and other experts that specialize in dealing with cyber attacks.
“You don’t want to cold call the FBI,” Reynolds said. “Build those relationships before you need them.”
Sumerford said a second attack came in June. The company was better prepared and resumed normal operations in seven hours.
The same month, less-than-truckload carrier A. Duie Pyle was attacked. It, too, refused the extortion attempt.
Laying in wait
Financially motivated criminal attacks likely are planned months before they are executed, said panelist Joseph Saunders, founder and CEO of RunSafe Security.
“Ransomware is very often the last piece,” Reynolds said. “Many times, they will crawl through your financial system to see how much you can afford.”
One of the J&M servers had security issues months before the April ransom demand, Sumerford recalled. Hackers monitored mannerisms of Sumerford’s emails and created phony requests for a $125,000 check to a supplier. The hackers mistakenly forwarded the emails to a secretary whose suspicions foiled the plot.
“You would have sworn up and down that I had written that email,” Sumerford said.
Some dormant software is introduced 180 to 270 days before an attack occurs,” Saunders said. “The criminal side is out to make profits. The economics are to find a vulnerability and repeat it. It is as sophisticated as any other business.”
Disrupting hacker economics is difficult in the mobility age, Saunders said.
“Even the best developers introduce weaknesses in software code,” he said. “Code weaknesses persist while attack surfaces increase in a connected world.”
Connected systems grow
The Volvo Group alone has surpassed 1 million connected systems in its trucks worldwide, Volvo Trucks North America president Peter Voohoeve said.
The number of connected devices across society is expected to soar from 25 billion in 2019 to 75 billion in 2025, according to McKinsey & Co.
Less than a third of U.S. companies in a 2018 cybersecurity survey by research and consultancy firm Ovum said their insurance covered all risks. About one in four companies said they had no cybersecurity insurance.
Reacting to the number of potential threats requires a security information event management solution, or SIEM, because data sets are too voluminous for humans to process, Reynolds said.
“The trick with security is to define what is normal and just look for what’s abnormal,” she said. “There’s a big play in there from an artificial intelligence (AI) standpoint.”
Divide and conquer
Multi-modal data analytics, navigation and mobility solutions supplier Trimble Inc. watches for cyber intrusion because its systems interact directly with trucks.
“We have a development operations team that continually works on all of our products to do rigorous testing to make sure that it can’t be broken into,” said Trimble vice president Jim Angel. “If somebody gets into a device of ours, they can’t get out of it and into the truck.”
One of the simplest approaches to thwarting cybercriminals is practicing good hygiene – changing passwords, requiring two-step verification and storing critical data on a separate device untethered from the information technology infrastructure.
“It’s like washing your hands,” Saunders said. “It’s learning good hygiene.”