The RisksAt the 2017 National Governors Association, Tesla and Space X CEO Elon Musk expressed his number one priority: preventing fleet-wide hacks. “It is my top concern from a security standpoint — that Tesla is making sure that a fleet-wide hack or any vehicle-specific hack can't occur,” said Musk. Musk has valid reasons to be concerned. Upstream.auto reports that there has been a 94% year-over-year increase in cybersecurity attacks on vehicles since 2016. And the smarter our vehicles get, the smarter malevolent hackers become. Andy Greenberg of Wired experienced this first-hand when hackers were able to remotely kill his Jeep on the highway while he was driving. Greenberg was a willing test subject, but that doesn’t diminish the chaos the professional hackers were able to create. Through wireless access to the Jeep’s software, the hackers were able to disable the brakes, take control of the steering wheel, blast the radio and air conditioning and cut the accelerator. This wireless carjacking was merely a test to see what level of hacking was possible — but it was a successful test. Vulnerabilities in the vehicle’s telematics were easily exposed, which means fleet managers and drivers need to ensure that their vehicles are following security best practices to avoid these threats.
How You Can Protect Your Fleet DataThe benefits of telematics far outweigh the risks, and there are plenty of measures that can be put in place to mitigate hacking risks.
Be SelectiveBefore you install any telematics software or hardware, it is crucial to thoroughly vet the products you will be using whether it is directly with a vendor or through a fleet management company. Check online reviews and the product websites to find as much information possible. It also helps to know:
- what the encryption policies are,
- how their security is validated, and
- what type of infrastructure they maintain.
Review Internal PoliciesEducating your teams on the proper use of vehicles equipped with telematics can help prevent security threats. This should include employees across your organization — drivers, IT, administrators, and beyond. If everyone understands the consequences involved with vehicle misuse or neglect, they will ideally be more proactive about mitigating any risks. Every organization should have a detailed policy regarding the operation of their fleet. This should include information on:
- Data Point Capture Fleet Telematics
- Communication Processes
- Instructions on Proper Usage of Vehicles
- Guidelines for Using Data and Updating Systems
Restrict AccessFirst and foremost, your fleet should be located in a controlled environment — one that has its own security system for round-the-clock monitoring. Aftermarket telematics devices should also be securely installed in order to avoid tampering. Then, gaining access to a vehicle should be just as secure as gaining access to the products being transported. Who is authorized to use the vehicles? This should be a very short list, ideally only consisting of the driver on duty and any necessary higher-ups. Off-duty employees and those in unrelated departments should not be granted access. Finally, who will be looking at your fleet data? Restricted access is just as important for the data as it is for the vehicles. If you have an internal team monitoring the data, ensure that your infrastructure is built for security and that the employees are following the security best practices as outlined in your policies.
Maintain Up-to-Date SystemsSoftware updates often include patches and features that are intended to enhance the security of your fleet. If you skip an update, your fleet could be vulnerable to an attack. Fortunately, many telematics systems today automatically push out software updates. While you are vetting your options, you can ask vendors about the frequency and extent of their updates to get a better idea of how regularly they are updating and improving their systems.
Always Have an Eye on the Road — No Matter Where You AreEven though it can expose fleets to certain risks if not managed properly, telematics is also improving the way we secure our data and assets. Connected vehicles make it easier to detect suspicious activities or even just things that may be a bit off from normal procedures. For example, if a large purchase is made on a fuel card when the vehicle’s GPS shows that it is nowhere near a gas station, your internal team can receive a real-time alert and act fast to prevent fraudulence. When it comes to securing your fleet data, being proactive is always your best bet. If this article did not convince you, maybe General Motors CEO Mary Barra will: “A cyber incident is a problem for every automaker in the world. It is a matter of public safety.” ___ About the Author: