Last week, the FBI released a warning to the trucking industry with information about cybersecurity vulnerabilities in electronic logging devices (ELDs). This has caused the trucking industry and the FMCSA both to revisit the ELD Mandate from 2017. The ELD Mandate does not have any requirements for manufacturers to test, prove, or update cybersecurity measures – nor is there a third-party auditor to test the security of ELDs. Cybersecurity has been a concern withing the trucking industry since the ELD Mandate was first brought to light, and in an economy that is going through both a pandemic and an election year, cybersecurity threats are at an all-time high,
The FBI’s Warning on Cybersecurity
The warning issued by the FBI to the trucking industry begins as follows:
Cyber criminals could exploit vulnerabilities in electronic logging devices (ELDs), which became required equipment in most commercial trucking operations as of 16 December 2019 due to a federal regulatory mandate. Although the mandate seeks to provide safety and efficiency benefits, it does not contain cybersecurity requirements for manufacturers or suppliers of ELDs, and there is no requirement for third-party validation or testing prior to the ELD self-certification process. This poses a risk to businesses because ELDs create a bridge between previously unconnected systems critical to trucking operations. Companies choosing an ELD can mitigate their cyber risk by following best practices tailored to ELDs. This includes asking the ELD’s supplier specific questions, some of which are identified in this PIN.
The full text of the FBI warning on cybersecurity and ELDs is available here.
Reducing the Threat of Cybersecurity Attacks
Back in May, the DOT released a list of best practices to help safeguard the trucking industry from cyber threats. While not required, the paper encourages manufacturers to test ELDs for potential exploits and publish known vulnerabilities so that carriers and drivers can take the next steps to protect themselves. In the interest of safety, we encourage everyone to read both linked documents to they can stay a few steps ahead of any potential threats.
Express Freight Finance will post any updated information on ELDs and cybersecurity as the FBI, FMCSA, and DOT make them available.