Keeping Commercial Vehicles Rolling Amidst Climbing Cyber Threats

RAFI SPIEWAK

Content Marketing Manager

May 9, 2022

Today’s rising cybersecurity threats are not enough to break the will of the most advanced fleets- but they are enough to impact logistics.

The last few years have seen an alarming spike in cybersecurity attacks, up 344% in the last 5 years alone. This trend is well noticed across all vehicle types, but when it comes to commercial vehicles, our analyst dove into vulnerabilities that can impact downtime, threaten uptime, hurt revenue, and inject a helping of uncertainty into an already hurting supply chain.

Connected fleets as a target

The rise in attacks and greater strain on today’s supply chains raise a critical question- Are connected vehicles inherently weaker?

When considering the bounty from an attack, commercial vehicles may offer more than a sophisticated IT ransomware attack. Trucks hold goods, are the backbone of a business, and due to the J-1939 protocol, may reveal vulnerabilities that can be replayed against other businesses into the near future until they mitigate against such an attack, which will take time.

Direct expenses for a business will be related to detection, remediation, and mitigation of an attack. Indirectly, they will find their operations hindered for months, resulting in extended vehicle downtime and a blow to their reputation. In addition, if employee data was leaked during the breach, it will have an impact on morale as their locations, habits, and popular routes are exposed.

Should a fleet operator fail to display their best efforts to detect and thwart future attacks, they may even lose their ability to operate in certain regions if it is found that they do not comply with the J1939-91 and other cybersecurity standards and regulations.

Cloud-based cybersecurity as a catalyst for uptime and compliance

With many cybersecurity platforms on the market, ranging from in-vehicle IDPS, to in house solutions based on a SIEM data aggregator, only a cloud-based system can provide rapid up time without needing to install any hardware or software into the vehicle itself.

Yet, some operators choose to take a multi-layered approach, combining what comes pre-installed in their vehicles with the modern capabilities of cloud-enabled full-fleet visibility.

In-vehicle detection and prevention agents

In-vehicle data collection can either be built into a vehicle or via an Intrusion Detection Prevention Systems (IDPS). Both require designing integrated hardware and software that has high-level access to sensitive in-vehicle information.

For example, IDPS is purpose-built security controls that are placed throughout a vehicle. These agents rely on algorithms to monitor designated zones of the vehicle, looking for suspicious or anomalous behaviors. While these rule-based systems are constantly running in the background, an attacker with knowledge of the vehicle’s infrastructure can spoof or bypass the IDPS. This means that a hacker can penetrate a system and operate for a prolonged time without being detected.

After-market solutions rely on the OBD port, which has become a common attack vector accounting for 5.4% of all cybersecurity attacks from 2010 to 2021. Once penetrating this high-access gateway, a hacker can inject messages into the vehicle, gain remote access, reprogram new keys, and more.

Furthermore, in-vehicle agents need to be installed during or after production, which can be costly and at times are not backward compatible with existing vehicles.

In-house custom SIEM solutions

Developing an in-house solution allows OEMs and major fleet operators to pick and choose which capabilities matter most to them. Whether for cybersecurity or non-cyber use cases, these DIY solutions require venturing away from core capabilities into deep cybersecurity and data management technologies. Some of the hurdles include recruiting large dedicated and skilled teams, application management, ongoing roadmap development, and continuous updating according to the latest threat intelligence.

Unlike out of the box capabilities offered IT solutions, companies will need to self-identify use cases, pinpoint correct data sources, ensure 24/7 uptime, and prepare for unforeseen circumstances. OEMs and fleet operators quickly realize how these solutions fall short and struggle to maintain the high standard of security needed as the threat landscape evolves over time.

To build out cybersecurity capabilities, automotive-specific threat intelligence data collection, and ongoing monitoring, OEMs will need to master tools that are outside their core business.

Agentless and cloud-based capabilities

The cloud-based agentless approach of monitoring vehicles has multiple advantages surrounding cost, efficiency, visibility, and time to market.

Faster time to security is a benefit of a cloud-based solution. By not relying on in-vehicle hardware or software, onboarding is seamless and allows data and cyber teams to gain access and protect connected vehicles that are already on the road, as well as a wide range of data sources feeding directly into a single detection platform. This also saves the time of engineering teams who would need to develop, implement, and monitor an in-vehicle component to ensure proper operation.

Agentless approaches are also better suited for operations within a Vehicle Security Operations Center (VSOC), allowing for specialized monitoring across. These automotive-specific SOCs can implement vehicle digital twins and gain a bird’s eye view of multiple vehicles simultaneously, allowing them to recognize anomalies in a vehicle, across a fleet, or even throughout a region.

Uptime and revenue rely on true cybersecurity data

The data collected and analyzed for any fleet, whether for the purpose of global cybersecurity or regulatory compliance holds insights that can help modernize and monetize today’s vehicles.t, whether for the purpose of cybersecurity or regulatory compliance holds insights that can help modernize and monetize today’s vehicles.

This can be made most efficient using two of Upstream’s offerings.

The first is The Upstream Platform- a cybersecurity and data management platform for connected vehicles, purpose-built to help mobility stakeholders utilize the latent value found in data to secure, optimize, enhance, and further monetize their connected vehicles, fleets, and services.

The second is the Vehicle SOC (VSOC), which allows for companies to protect their fleets 24/7, regardless of if their vehicles are in a facility or on the road. This data can then be analyzed for non-cybersecurity use cases, such as preventing fraud, deterring property theft, securing OTA updates, and even thwarting AdBlue tampering.

Focused on using reliable data to ensure uptime? Dive deeper with our Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats to see how.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

The GenAI Arms Race is Here

Listen to this blog Your browser does not support the audio element. The Automotive and Smart Mobility Ecosystem is entering a new era of GenAI,…

Read more

Upstream Participates in TISAX, Accelerating Customer Onboarding & Ensuring Data Protection

Listen to this blog Your browser does not support the audio element. In the fast-evolving landscape of the automotive industry, ensuring robust information security practices…

Read more

Revving Up Safety: UN Regulation R155 Now Covers Motorcycles

Listen to this blog Your browser does not support the audio element. On Jan. 26, the UNECE decided to include motorcycles, scooters, and electric bicycles…

Read more

NIS2 Directive’s Impact on the Smart Mobility Ecosystem

Listen to this blog Your browser does not support the audio element. The NIS2 Directive, expected to become mandatory in October 2024, aims to significantly…

Read more