NEWS & REPORTS

Cybersecurity Best Practices for Aftermarket Electronics and Telematics in Heavy Vehicles

Jul 28, 2020 | Reports

Read the entire report here.

Goal:

To develop a set of best practices and guidelines focused on minimizing cyber risks for aftermarket electronic systems intended for use in the commercial motor vehicle (CMV) industry.

Background:

Heavy vehicle fleet operators routinely integrate a variety of aftermarket electronic systems into the trucks and buses they operate. Such systems include telematics units, navigation, infotainment, vehicle diagnostics, cargo monitoring and vehicle anti-theft systems, as well as a variety of driver monitoring, crash avoidance and other systems that may aid in compliance or operation of the vehicle. Often, these devices and systems are integrated into the vehicle’s electrical architecture including potential linkages with the vehicle’s CAN databus, driver display systems, or other electronic sub-systems on the vehicle.  Further, the aftermarket/telematic devices themselves will often incorporate a wireless or wired connection, (or perhaps a manual input interface) that allows for connecting the device to its intended interface entity. Such interfaces, with their integration into the vehicle’s electronic systems, offer a potential cyber vulnerability or a “point of entry” that may allow “bad actors” to gain access first to the aftermarket system, and then subsequently to the vehicle’s control sub-systems, including driver interface, braking, throttle and or steering systems. Such connections may possibly be “hacked” to allow malicious attacks such as retrieving propriety data stored on the vehicle, or creating congestion on the vehicle networks such that normal and safe operation of the vehicle is compromised.  As telematic and related aftermarket electronic devices and systems continue to proliferate the heavy vehicle marketplace, such cyber threats are of a growing concern to the Federal Motor Carrier Safety Administration (FMCSA), the National Highway Traffic Safety Administration (NHTSA) and the heavy vehicle industry.

Summary:

For this joint project with NHTSA, the contractor will build on existing heavy vehicle cybersecurity research to more narrowly focus on cyber threats and vulnerabilities associated with the integration and use of a variety of aftermarket and telematic systems intended for heavy vehicle application. The output of this research will be a set of best practices and guidelines for both the design and integration of aftermarket electronic systems focused on minimizing cyber risks. To this extent, the output of this work may be used by both the suppliers of such systems as well as by end users.

About the Author

NEWS & REPORTS

THE DISCOVERY FALLACY

Doug Marcello The LEAD: Ignoring your data, fearing discovery in litigation, can be fatal to your company. The data is there. Plaintiffs will get it. You must proactively cumulate and analyze it to promote safety and proactively prepare to defend any potential suit....

Roadcheck is May 16 – Download the Inspection Guide

What can you expect duging any roadside inspectin - but especially during the annual Roadcheck blitz?  The inspectin guidelines are published and consistently used throughout North America. Download the guide here.

Preparing your drivers for deposition

Doug Marcello Your driver is to be deposed. They are to be thrust into a foreign world for which they have neither any experience nor concept. And out the other side of the process comes their “sworn testimony”, written in cement, as to the accident, training,...

Driver Survey Results

by David Hollis For the typical trucker who is in the driver's seat of their truck for most of their waking hours while on the road, having that seat be as comfortable as possible is a big deal. That's just one of the things we found out in our recent survey of what...

All 3G ELDs Do Not Comply with FMCSA Regs by 12/31/2022

Verizon is the last network to shut down their 3G network, the sunset date is December 31, 2022.  The other major networks shut down their 3G earlier this year. If you have an ELD system that relies on 3G to operate, it will no longer be compliant.  The carrier has 8...

CATEGORIES