White House Adviser Addresses Fleets’ Need for Cybersecurity
[Stay on top of transportation news: Get TTNews in your inbox.]
CLEVELAND — White House official Stephen Viña stressed the importance of trucking cybersecurity Oct. 28 even as carriers adapt to an unknown technological future.
Viña, the assistant national cyber director for policy development at the Office of the National Cyber Director, discussed trucking companies’ predicament at the National Motor Freight Traffic Association Cybersecurity Conference 2024.
“I, and my colleagues at the White House, appreciate the critical importance of the transportation sector and specifically the work that you do in the trucking industry,” Viña said. “But with that great responsibility comes a lot of expectations. Perhaps expectations that might not be fair.”
Viña highlighted how carriers are expected to have complete reliability and near-perfect predictability despite the inherent uncertainty in the market. But to meet that demand, carriers have deployed numerous technologies, such as telematics, Internet of Things sensors, electronic logging devices, 5G connectivity and artificial intelligence. This also means many vulnerabilities.
“We know that in this digital world, that type of certainty, that type of predictability, that reliability is just not a given,” Viña said. “The world we live in, where information technology is embedded in and integral to pretty much everything we do and everything that we touch and use, systems and operations that we never thought would be connected are now interconnected, and everything is digital. So this is a challenge that I know you know very well.”
ONCD released a first-of-its-kind report earlier this year that examined the cybersecurity posture of the U.S. The report outlined several concerning trends while concluding its goal of reaching a defensible, resilient and values-aligned digital ecosystem requires a fundamental shift in how roles, responsibilities and resources are allocated.
“Our strategy provides two fundamental shifts in how we approach cybersecurity,” Viña said. “First, we rebalance the responsibility for defending cybersecurity. ... The second shift is about realigning our incentives to favor long-term solutions. That means striking a balance between defending ourselves from the urgent threats of today as well as thinking down the road.”
Viña pointed out that in recent years, the bad actors have expanded their target set. He has seen that attacks — from adversaries like China — have evolved to target critical infrastructure with no espionage value. Volt Typhoon is a Chinese state-sponsored hacker group that is believed to be behind this operation.
“The only reason they are there is to pre-position themselves for future and potential disruptive attacks,” Viña said. “Volt Typhoon conducted cyber operations focused not on financial gain, not on espionage, or state secrets, but on developing deep access to our critical infrastructure.
“This included the energy sector, transportation systems, among many others. A prolonged interruption to these critical services could disrupt our ability to mobilize in the event of a national emergency or conflict.”
Viña noted that these state-sponsored hackers are actively attacking the economic security of the U.S. every day and that China isn’t alone, as attacks also are coming from Russia, Iran and North Korea.
“Then there’s transnational organized criminals,” Viña said. “Fraudulent transactions, cyber fraud, cyber theft from phishing emails and from social engineering — it’s a huge threat to this sector and many others, particularly as the threat actors use AI to better disguise their schemes.”
Viña also highlighted ransomware as a major threat to national security and the transportation space. He warned that the way criminals attack the supply chain is by spoofing a particular function, such as a vendor, supplier, bank or even a carrier owner. This allows them to then inject themselves somewhere in the supply chain to then trick legitimate players.
Want more news? Listen to today's daily briefing above or go here for more info
“Now the strategy says that we need to improve cybersecurity requirements across all sectors,” Viña said. “But we also need to be smart about it. We know that you spend a lot of time on compliance, and we need to spend more time on security. And so there’s a lot of focus right now at [ONCD] to harmonize cybersecurity requirements and regulations.”
Viña hopes this plan will have a significant impact on cybersecurity outcomes because then carriers can focus more on security rather than just compliance. He added that another key objective is to advance the public and private collaboration on the subject.
“This is absolutely necessary because the critical infrastructure is owned and operated largely by you, the private sector,” Viña said. “Here we’re talking about true operational collaboration, where we’re sharing actual intelligence in real time. In some cases, this may mean sitting side by side with someone in the government for exercises, planning and defensive operations.”
