This is the warning the FBI gives on a recent bulletin distributed to the transportation industry. The federal law enforcement agency expressed their concern regarding the vulnerability offered by the ELDs, which could benefit cyber criminals.
According to FBI bulletin, the ELD Mandate, doesn’t include any requirements related to cybersecurity for ELDs’ suppliers or manufacturers. Neither a specification for 3rd party testing or validation to the ELD self-certification process.
Fleet companies can put themselves and their trucking operations in risk because of that, the electronic logging devices are able to generate a lot of data, like information regarding driver activities and vehicle’s history.
This kind of data is used by fleet companies to manage billing, payroll, route productivity, maintenance and fuel costs, etc. If a malicious party have access to company’s information through the use of ELD all sensible data, such fleet’s customers, assets’ location, schedules, personal information can be compromised.
The cyber criminals that gather this kind information will try different methods to get benefit from them. The FBI has reported that self-certified ELDs didn’t adopt the best practices in relation to cybersecurity, what makes them vulnerable to cyber-attacks.
This lack of security besides of putting at risk transportation companies’ data can also affect the way the vehicle behaves. Although the purpose of the electronic logging devices is to log the data from vehicle’s engine, some of self-certified ELDs are able to send commands to vehicle’s engine through the ECM’s connection. In consequence of that, ELD’s functions related to the precision of the device display and vehicle’s control can be affected.
It’s advisable for transportation companies to carefully read and follow FMSCA’s best practices guidance regarding cybersecurity and the integration of ELD devices on trucks: https://rosap.ntl.bts.gov/view/dot/49248.