Staff Reporter
FBI Says EVs Raise Risk of Cyberattacks
[Stay on top of transportation news: Get TTNews in your inbox.]
Trucking companies that are considering electrifying their fleets must be on their guard for the heightened opportunities such decisions offer cybercriminals, according to the FBI, which is keen to help minimize the chaos such attacks can cause.
Electric vehicles have enhanced attack surfaces for cybercriminals to latch on to, FBI Supervisory Special Agent David Smith told American Trucking Associations’ Technology & Maintenance Council’s 2023 Summer Conference & Fleet/Utility Forum on June 21.
Smith, transportation program manager within the federal agency’s cyber division, said the transport sector can be targeted by hacktivists, criminals, insiders, spies, terrorists and countries engaged in warfare.
There’s always vulnerabilities and back doors, and they are growing, said fellow panelist Mark Zachos, TMC Cyber Security Task Force chairman. Zachos, president of Farmington Hills, Mich.-based DG Technologies and a cybersecurity and vehicle communications specialist, added: “Everything is evolving, and hacks are evolving too.”
As the trucking industry and the U.S. government get better at countering cybersecurity, the players on the opposing team will be substituted, with spies and combatants employed by foreign nations with greater resources and skills entering the fray to replace mere opportunists, Smith said.
Edison Electric Institute Senior Vice President of Security and Preparedness Scott Aaronson warned the audience for the same conference session that cybersecurity vigilance needs to be on three fronts — software, hardware and meatware (or the people within an organization).
EEI is the trade association for investor-owned utilities, some of the largest providers of the power that widespread electrification of the trucking industry will require.
The power industry has mandated standards for outages and for cybersecurity that are enforced with stiff penalties, said Aaronson, who warned that the power industry had found collaboration and preparedness key to combating cyberattacks.
Standards are a good foundation, Aaronson said. That said, standards are sometimes insufficient, he said, noting that if you have a 10-foot fence as a result of standards, cybercriminals will bring a 12-foot ladder.
However, the U.S. automotive industry does not have regulations making sure products meet standards, with certification by the International Organization for Standardization as there is in the European automotive industry, Zachos said, although he admitted that the appetite was weak for such enforcement.
Enforcement and protection are roles the FBI takes seriously, said Smith. However, “we don’t know everything, no matter what it looks like on TV,” he said, appealing to his audience not to go it alone when facing down a cyberattack.
“We cannot tell you … whether to pay out or not, we just suggest you call us in,” Smith said, adding: “We’ve got to know about it to do something about it.”
One new trend to watch out for is the use of artificial intelligence to develop polymorphic hacks with ransomware, Smith warned the trucking industry. Polymorphic code such as that in malware or ransomware uses an encryption key to change its shape and signature, according to Mimecast, a cyberdefense specialist.
A couple of ways to avoid becoming the victim of a cybersecurity attack, and especially ransomware, is for companies to keep their IT systems up to date on patches from software providers and to partner with federal agencies early on, he said.
Guy Broderick of Kriska shares how he successfully combined data reports and a simple understanding of human nature to become one of the best driver coaches in North America. Tune in above or by going to RoadSigns.ttnews.com.
Meantime, the U.S. government is focused on devising new methods of penalizing criminals in the cybersecurity realm, Smith said. In 2022, U.S. victims of ransomware paid out 10 times as much as they did in 2021, he said.
Before a situation develops, though, in an effort to help protect critical infrastructure, Smith said the federal government is offering companies in key sectors tools. The FBI’s Chief Information Security Officer (CISO) Academy brings private sector CISOs together to engage in dialogue about how to address cyberthreats.
Smith issued an open invitation to the CISO Academy to the audience of TMC transportation and utility executives seeking to protect their companies from cybersecurity malfeasance. The executives were also there to hear about how to work more productively on electrification of fleets.
In addition, TMC’s Cyber Security Task Force is developing recommended practices. After all, as Aaronson pointed out: “This nation is electrifying everything.”
As a result, the trucking industry must remember it is not the only ballgame in town when it comes to electricity, unlike with diesel, and that will be a new experience for the sector, TMC Technical Director Jack Legler told conference attendees on June 20.
Carriers looking to move to electric vehicles must be prepared for unexpected delays, Keith Brandis, Volvo Group vice president of product planning, said during the same panel discussion.
Want more news? Listen to today's daily briefing above or go here for more info
In addition, trucking companies must be aware that the equipment cycle in the electricity industry is different from what they are used to, said Brandis, with a 24-month or more order requirement cycle.
As a result, portable charging may be critical to early fleet electrification deployments, Kenneth Marko, US Foods’ fleet sustainability manager, said during a different June 20 panel. US Foods’ first two choices for permanent charging stations at a pilot project in California did not match the approved product lists of the utility it was working with, said Marko, and he had to acquire portable alternatives.
US Foods ranks No. 2 on the Transport Topics list of top food service carriers.