Protecting Fleet Data from Security Threats

Big data is revolutionizing fleet management — specifically in the form of telematics. From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard in every vehicle. Telematics is an operational goldmine. Whether it is with a fleet management services provider or an internal fleet management team, businesses can easily gather measurable, actionable data that can help control operating expenses, improve driver safety, and communicate with drivers in real time. But with great power comes great responsibility. Whenever new technology is introduced, vulnerabilities are exposed, and hacking threats become real. No business is immune.

The Risks

At the 2017 National Governors Association, Tesla and Space X CEO Elon Musk expressed his number one priority: preventing fleet-wide hacks. “It is my top concern from a security standpoint — that Tesla is making sure that a fleet-wide hack or any vehicle-specific hack can't occur,” said Musk. Musk has valid reasons to be concerned. Upstream.auto reports that there has been a 94% year-over-year increase in cybersecurity attacks on vehicles since 2016. And the smarter our vehicles get, the smarter malevolent hackers become. Andy Greenberg of Wired experienced this first-hand when hackers were able to remotely kill his Jeep on the highway while he was driving. Greenberg was a willing test subject, but that doesn’t diminish the chaos the professional hackers were able to create. Through wireless access to the Jeep’s software, the hackers were able to disable the brakes, take control of the steering wheel, blast the radio and air conditioning and cut the accelerator. This wireless carjacking was merely a test to see what level of hacking was possible — but it was a successful test. Vulnerabilities in the vehicle’s telematics were easily exposed, which means fleet managers and drivers need to ensure that their vehicles are following security best practices to avoid these threats.

How You Can Protect Your Fleet Data

The benefits of telematics far outweigh the risks, and there are plenty of measures that can be put in place to mitigate hacking risks.

Be Selective

Before you install any telematics software or hardware, it is crucial to thoroughly vet the products you will be using whether it is directly with a vendor or through a fleet management company. Check online reviews and the product websites to find as much information possible. It also helps to know:

• what the encryption policies are,
• how their security is validated, and
• what type of infrastructure they maintain.

It is advised that you enlist help from professionals within the fleet telematics field to set up and install these systems in your vehicles. This will not only ensure that the job is done right; it will also bring peace of mind to your organization.

Review Internal Policies

Educating your teams on the proper use of vehicles equipped with telematics can help prevent security threats. This should include employees across your organization — drivers, IT, administrators, and beyond. If everyone understands the consequences involved with vehicle misuse or neglect, they will ideally be more proactive about mitigating any risks. Every organization should have a detailed policy regarding the operation of their fleet. This should include information on:

• Data Point Capture Fleet Telematics
• Communication Processes
• Instructions on Proper Usage of Vehicles
• Guidelines for Using Data and Updating Systems

Internal security policies should be reviewed often, as changes happen with your organization and as technology evolves.

Restrict Access

First and foremost, your fleet should be located in a controlled environment — one that has its own security system for round-the-clock monitoring. Aftermarket telematics devices should also be securely installed in order to avoid tampering. Then, gaining access to a vehicle should be just as secure as gaining access to the products being transported. Who is authorized to use the vehicles? This should be a very short list, ideally only consisting of the driver on duty and any necessary higher-ups. Off-duty employees and those in unrelated departments should not be granted access. Finally, who will be looking at your fleet data? Restricted access is just as important for the data as it is for the vehicles. If you have an internal team monitoring the data, ensure that your infrastructure is built for security and that the employees are following the security best practices as outlined in your policies.

Maintain Up-to-Date Systems

Software updates often include patches and features that are intended to enhance the security of your fleet. If you skip an update, your fleet could be vulnerable to an attack. Fortunately, many telematics systems today automatically push out software updates. While you are vetting your options, you can ask vendors about the frequency and extent of their updates to get a better idea of how regularly they are updating and improving their systems.

Always Have an Eye on the Road — No Matter Where You Are

Even though it can expose fleets to certain risks if not managed properly, telematics is also improving the way we secure our data and assets. Connected vehicles make it easier to detect suspicious activities or even just things that may be a bit off from normal procedures. For example, if a large purchase is made on a fuel card when the vehicle’s GPS shows that it is nowhere near a gas station, your internal team can receive a real-time alert and act fast to prevent fraudulence. When it comes to securing your fleet data, being proactive is always your best bet. If this article did not convince you, maybe General Motors CEO Mary Barra will: “A cyber incident is a problem for every automaker in the world. It is a matter of public safety.” ___ About the Author:

Image

Emily Candib serves as Director of Products and services for Merchants Fleet, overseeing the products and services team focused on the operational setup and execution of the fuel, telematics, accident management, roadside assistance, and compliance products.  She leads vendor management and the overall execution and delivery of these products. Emily received her bachelor’s degree in advertising with a minor in marketing, as well as her master’s in business administration with a concentration in social media from Southern New Hampshire University. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.