Connected Transport industry comes together to eliminate a weak entry point for hackers
The National Motor Freight Traffic Association, Inc. brings together industry leaders in vehicle cybersecurity to enhance protection for Electronic Logging Devices
ALEXANDRIA, VA – 21 May 2018 – A consortium of industry leaders in vehicle cybersecurity have come together to develop the CAN Data Diode, a creative development from the University of Tulsa’s Student CyberTruck Experience (CyTeX) program under the direction of Dr. Jeremy Daily. The National Motor Freight Traffic Association, Inc. (NMFTA), the University of Tulsa, Irdeto, Geotab, DG Technologies and other industry experts are collaborating to identify and validate possible commercial applications such as securing Electronic Logging Devices (ELDs). The CAN Data Diode is a hardware device that prevents communication from the ELD to a commercial vehicle, virtually eliminating the connected ELD device as a remote cyberattack surface. It is essentially a hardware firewall for connected vehicles.
ELDs are now mandatory for most carriers operating in the US and will soon be required in Canada. With more countries adopting this technology, it is critical to protect it from tampering and attacks from hackers who will look for weak entry points in today’s connected vehicles. Mandatory, connected ELDs could be a common target for cyberattacks as many typically do not include even basic cybersecurity. The CAN Data Diode is designed exactly for this type of ELD-specific device installation. It eliminates all possible communication to the vehicle network from the ELD device and restricts data from the vehicle to only devices that meet the ELD mandate.
The CAN Data Diode project ensures that commercial vehicle operators who do not have sophisticated fleet management applications can keep their vehicles secure from mandated ELDs connecting into the vehicle’s diagnostic port. This low-cost, network-isolation solution is aimed at carriers who do not have or need sophisticated fleet management applications or the ability to comply with the mandatory ELD regulations. It also protects onboard vehicle data networks from the risks that ELDs would pose when connected directly to the vehicle.
“Unfortunately, not all ELDs are created equal,” said Urban Jonson, Chief Technology Officer, NMFTA. “Some ELDs have been found to contain significant cybersecurity vulnerabilities and more security flaws are expected to be discovered as these devices become more widely adopted. In these cases, deploying isolation solutions to keep the connected systems separated from the vehicle network is critical. By bringing together experts in the vehicle cybersecurity industry, we are ensuring that commercial vehicle operators are able to meet ELD requirements while preserving safety and security.”
With ELD requirements now in place and more coming in the future, hackers will evolve their attack strategies to target these devices. As is the case with any connected device in a vehicle environment, it must be protected from tampering and attacks in order to operate as intended. Without cybersecurity in place, hackers can easily exploit ELDs and use them as an entry point to access a vehicle’s controller area network or IT systems.
“The more fleet and heavy vehicle operators rely on connectivity, the more vulnerable they become to cyberattacks,” said Niels Haverkorn, General Manager, Connected Transport, Irdeto. “This connectivity makes it imperative to inherently protect the software that runs in vehicle fleets, not just securing the perimeter. Fleet and heavy vehicle operators need to keep cybersecurity top-of-mind to ensure that their drivers, vehicles and systems are safe from cyberattacks by securing ELDs, telematics systems and other in-vehicle software from tampering.”
The CAN Data Diode project is also being followed by the SAE International technical standards committee members who are working on vehicle diagnostic data link security standards.
“It’s kinda like the Wild West right now,” said Mark Zachos, President of DG Technologies and chairman of the SAE International committee. “Some ELDs work fine, some don’t and the ones that don’t can potentially corrupt the vehicle communications or could be vulnerable to hacking attacks.”
About the National Motor Freight Traffic Association, Inc.
The National Motor Freight Traffic Association, Inc. (NMFTA) is a nonprofit membership organization headquartered in Alexandria, Virginia. Its membership is comprised of for-hire motor carriers of property operating in interstate, intrastate and foreign commerce. NMFTA publishes the National Motor Freight Classification® (NMFC®), a standard that provides a comparison of commodities moving in commerce. NMFTA also produces ClassIT®, the online version of the NMFC.
NMFTA assigns the Standard Carrier Alpha Code (SCAC®), a unique two-to-four-letter code used to identify transportation companies, and publishes the Directory of SCACs. NMFTA also produces SCAC Online allowing a user to search and have access to the most up-to-date alpha code information from anywhere you have an internet connection.
NMFTA also assigns the Standard Point Location Code® (SPLC), a numeric coding system designed to identify points in North America that originate and receive transportation with their geographic locations. Additionally, NMFTA produces SPLC Online, an internet-based system for retrieval of SPLC data. Please visit NMFTA at www.nmfta.org.
About The University of Tulsa
A top 100 research university, The University of Tulsa provides academically vigorous programs in the colleges of arts & sciences, engineering & natural sciences, business, health sciences and law. The University of Tulsa is a forward-thinking, private university where dedication, excellence, commitment, and integrity are central to our mission. TU’s vibrant residential campus complements an academically vigorous experience that transforms both its students and the world. To learn more visit utulsa.edu.
Geotab is advancing security, connecting commercial vehicles to the internet and providing web-based analytics to help customers better manage their fleets. Geotab’s open platform and Marketplace, offering hundreds of third-party solution options, allows both small and large businesses to automate operations by integrating vehicle data with their other data assets. As an IoT hub, the in-vehicle device provides additional functionality through IOX Add-Ons. Processing billions of data points a day, Geotab leverages data analytics and machine learning to help customers improve productivity, optimize fleets through the reduction of fuel consumption, enhance driver safety, and achieve strong compliance to regulatory changes. Geotab’s products are represented and sold worldwide through Authorized Geotab Resellers. To learn more, please visit www.geotab.com and follow us @GEOTAB and on LinkedIn.
About DG Technologies
DG Technologies is a leading provider of in-vehicle network/CANbus engineering tools, vehicle diagnostics testers and consulting services. Our hardware and software products are used by OEMs and Component Suppliers for new vehicle engineering development and testing. DG Technologies also supplies vehicle service equipment to the U.S. Military as well as to vehicle dealerships and aftermarket repair shops for diagnostics and reprogramming of heavy-duty truck, automotive, and off-road equipment. Please visit www.dgtech.com for more information.
Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, games, connected transport and IoT connected industries. Irdeto’s solutions and services enable customers to protect their revenue, create new offerings and fight cybercrime. With 50 years of expertise in security, Irdeto’s software security technology and cyberservices protect over 5 billion devices and applications for some of the world’s best-known brands. With a unique heritage in security innovation, Irdeto is the well-established and reliable partner to build a more secure future where people can embrace connectivity without fear. Please visit Irdeto at www.irdeto.com.