WWW.NOREGON.COM | 336.615.8555®

CYBERSECURITYPROTECTING

YOUR VEHICLES

INTRODUCTION

Before we discuss best practices for managing cybersecurity within your organization, keep the following in mind:

1

1

Commercial vehicles are increasingly reliant

on technology.

Cybersecurity threats are not a recent concern. In fact, the first computer worm is credited to Ray Tomlinson, the man who invented email. Unlike Tomlinson’s worm, which made a harmless message self-replicate and spread across networks, modern cybersecurity threats have the ability to wipe out entire networks, steal confidential information, or even jeopardize systems responsible for a person’s safety.

As technology advances, so does our need to implement cybersecurity practices and procedures. Currently, many fleets focus on securing their business systems but fail to dedicate the proper resources to protect the systems in their vehicles and shops.

Remote diagnostic capabilities continue to advance and offer users many options

for managing a vehicle remotely.

The industry is eyeing a shift to advanced driver assistance systems

and autonomy.

32

The first step to alleviating cybersecurity threats is to simply be aware of existing or potential threats and maintain an ongoing conversation within the organization about those threats. Be aware cybersecurity policies are not a “set it and forget it” solution – you must implement these policies across the organization with ongoing training for employees and regular audits to ensure policies remain relevant and followed by employees.

GENERAL PREPARATION

2

In addition to audits, conduct routine security tests and drills to verify employees are following the organization’s recommended practices.

For example, train employees how to detect a phishing email and which actions to take, then send employees a mock phishing email and track how each team member handles the situation.

These policies help protect your organization from cybersecurity threats across the three main systems (business, vehicle, shop), but we will examine specific approaches to managing the latter two.

3

SHOP SYSTEMS

For vehicle owners who perform maintenance in-house, keep in mind how easily a threat vector can be introduced via the shop system, even without the user’s knowledge. If a shop system becomes compromised, the user may think he or she is using a certain application on the vehicle, when in reality it is a harmful clone of the intended application.

To combat these issues, have highly knowledgeable IT professionals manage your shop systems. If employing these professionals is not feasible, consider outsourcing the management of your devices using a service like Noregon’s Diagnostic Tool Management (DTM) services. If your IT team does detect a cybersecurity threat, have them report it to the ATA Fleet CyWatch program.

Ensure that every network (local or cloud-based), PC, or device that connects to a truck is secure up and down its lifecycle chain. Never let an unsecured device connect to the truck and strongly consider limiting internet access only to trusted devices. Many fleets and service centers require devices remain in the bay at all times to alleviate the concern of compromising the device on a less secure home network.

4

Purchase your in-shop software from reputable sources. A bundle of software from an online auction leaves your organization susceptible to backdoors that act as an attack vector that is not present when you purchase directly from the developers or trustworthy distributors.

Organizations who perform their own maintenance should be particularly careful due to the number of threat vectors they create by owning and using a collection of software applications.

Only download software updates from a verified source and be wary of targeted emails offering download links that can send users to malicious files.

When it comes time to replace an electronic device, ensure the hard drive is properly secured or destroyed and recycle the rest of the device. By leaving your electronic devices in the shop’s trash or recycling bin, it can potentially end up in the hands of someone with malicious intent.

VEHICLE SYSTEMSWhether you outsource your maintenance or keep it in-house, it is essential you only allow software/applications/tools that you trust to connect to your vehicles. If you perform your maintenance in-house, train your technicians to be vigilant and routinely test their training with security drills. If one of your technicians detects an electronic component on a vehicle that doesn’t seem to belong, train him or her to err on the side of caution and always report this to a shop foreman or manager.

5

If you outsource your maintenance, hold your maintenance providers to the same strict standards you require of those within your organization. Ask about their cybersecurity policies and their methods to ensure their employees follow those policies and standards.

In-shop diagnostic solutions are not the only tool that will connect to your vehicle, so ensure all others are from trusted, verified sources as well. For example, if you have a telematics device on your vehicles, ask your telematics service provider for their cybersecurity policies and discuss how your vehicles will remain protected from potential threats.

Also, be sure the electronic components on your vehicle are up-to-date with the latest firmware. JPRO’s roll call feature, which automatically identifies all vehicle components, displays the firmware version of each component on the vehicle. Verify these are the latest editions or work with the OEM to upgrade as the latest firmware will be best equipped to handle known threats. (Figure 1)

(Figure 1 - JPRO Professional’s Vehicle Roll Call)

WRAP UPWith all of the above in mind, let’s revisit the first statements in this article. We stated that vehicles are more reliant on technology than ever, face increasing capabilities with remote diagnostics, and one day will likely become autonomous.

To learn more about how Noregon can help keep you protected from cybersecurity threats within your fleet or organization, visit: www.noregon.com/dtm or call (855) 889- JPRO 6

Based on what we discussed earlier, these three assertions should illustrate the importance of placing the same time and resources necessary to protect your shop and vehicle systems as you do business systems. Vehicles have more potential openings to vector threats than ever before, with a longer list of potential vehicle controls available remotely, while trending toward an in-cab human having less control of the vehicle. Simply stated, an unauthorized user gaining control of your vehicle presents a larger threat than ever and should be treated with the stringent precautions.

Following our advice will keep you ahead of potential threats and help you correctly address any dangers that do arise.

• Be aware of potential threats

• Create policies and processes to alleviate threats and train all necessary employees on the processes

• Regularly audit your processes to ensure best practices are followed and implement security drills to test employees.

• Only connect trustworthy tools to vehicles

• Purchase these tools from reputable dealers and only download updates from verified sources

• Train your technicians to be vigilant, or work with third-party service providers who follow processes similar to your own

• Ensure highly knowledgeable IT professionals manage your shop systems

• Only allow shop systems to connect to your secure network

• Destroy or secure hard drives when replacing shop devices

To summarize, take the below steps and you will be well on the way to securing your organization’s systems and assets:

Noregon is the industry recognized vehicle data expert. Through advanced commercial vehicle diagnostic, repair, and monitoring applications, Noregon helps businesses maximize vehicle uptime. Since 1993, Noregon has been creating products that increase the efficiency of in-shop technicians and help companies make better decisions when it comes to the health and safety of their vehicles. Today’s top fleets, OE dealers, independent repair facilities, municipalities and the military all rely on Noregon to keep their vehicles rolling.

www.noregon.com | (855) 889-JPRO (5776)

©2018 Noregon. All rights reserved. JPRO is a registered trademark of Noregon. | WP-CS-- 01- 090618

®