The National Motor Freight Traffic Association, Inc. brings together industry leaders in vehicle cybersecurity to enhance protection for Electronic Logging Devices
A consortium of industry leaders in vehicle cybersecurity have come together to develop the CAN Data Diode, a creative development from the University of Tulsa’s Student CyberTruck Experience (CyTeX) program under the direction of Dr. Jeremy Daily. The National Motor Freight Traffic Association, Inc. (NMFTA), the University of Tulsa, Irdeto, Geotab, DG Technologies and other industry experts are collaborating to identify and validate possible commercial applications such as securing Electronic Logging Devices (ELDs). The CAN Data Diode is a hardware device that prevents communication from the ELD to a commercial vehicle, virtually eliminating the connected ELD device as a remote cyber attack surface. It is essentially a hardware firewall for connected vehicles.
ELDs are now mandatory for most carriers operating in the US and will soon be required in Canada. With more countries adopting this technology, it is critical to protect it from tampering and attacks from hackers who will look for weak entry points in today’s connected vehicles. Mandatory, connected ELDs could be a common target for cyberattacks as many typically do not include even basic cybersecurity. The CAN Data Diode is designed exactly for this type of ELD-specific device installation. It eliminates all possible communication to the vehicle network from the ELD device and restricts data from the vehicle to only devices that meet the ELD mandate.
The CAN Data Diode project ensures that commercial vehicle operators who do not have sophisticated fleet management applications can keep their vehicles secure from mandated ELDs connecting into the vehicle’s diagnostic port. This low-cost, network-isolation solution is aimed at carriers who do not have or need sophisticated fleet management applications or the ability to comply with the mandatory ELD regulations. It also protects onboard vehicle data networks from the risks that ELDs would pose when connected directly to the vehicle.
“Unfortunately, not all ELDs are created equal,” said Urban Jonson, Chief Technology Officer, NMFTA. “Some ELDs have been found to contain significant cybersecurity vulnerabilities and more security flaws are expected to be discovered as these devices become more widely adopted. In these cases, deploying isolation solutions to keep the connected systems separated from the vehicle network is critical. By bringing together experts in the vehicle cybersecurity industry, we are ensuring that commercial vehicle operators are able to meet ELD requirements while preserving safety and security.”
With ELD requirements now in place and more coming in the future, hackers will evolve their attack strategies to target these devices. As is the case with any connected device in a vehicle environment, it must be protected from tampering and attacks in order to operate as intended. Without cybersecurity in place, hackers can easily exploit ELDs and use them as an entry point to access a vehicle’s controller area network or IT systems.
“The more fleet and heavy vehicle operators rely on connectivity, the more vulnerable they become to cyberattacks,” saidNiels Haverkorn, General Manager, Connected Transport, Irdeto. “This connectivity makes it imperative to inherently protect the software that runs in vehicle fleets, not just securing the perimeter. Fleet and heavy vehicle operators need to keep cybersecurity top-of-mind to ensure that their drivers, vehicles and systems are safe from cyberattacks by securing ELDs, telematics systems and other in-vehicle software from tampering.”
The CAN Data Diode project is also being followed by the SAE International technical standards committee members who are working on vehicle diagnostic data link security standards.
“It’s kinda like the Wild West right now,” said Mark Zachos, President of DG Technologies and chairman of the SAE International committee. “Some ELDs work fine, some don’t and the ones that don’t can potentially corrupt the vehicle communications or could be vulnerable to hacking attacks.”
