Cyber Security - Overview

NMFTA member motor carriers perform a vital service to our nation's economy by delivering the goods necessary to keep commerce flowing. NMFTA represents over 500 carriers who collectively operate close to 200,000 power units generating approximately $100 billion in freight revenue. To do so, they operate a diverse fleet of vehicles, including commercial transportations.

Carrier vehicles tend to be homogenized on a fleet basis and are typically more connected than passenger automobiles. Commercial tranportations are designed and built with both OEM factory equipped as well as aftermarket telematics units. Using common communication interoperability standard SAE J1939, OEMs are able to offer vehicles in different configurations using parts such as brakes, transmissions and engines outsourced from 3rd parties which increases supply chain cyber security risk. Additionally, the extensive impact of transportation disruptions create particular concern regarding potential outages. These characteristics make the commercial transportation security risk profile substantially different then passenger automobiles.

CTSRP Workshops

As a key stake holder in commercial transportation security and research program, NMFTA works to educate the transportation industry on potential cyber threats to connected vehicle fleets. NMFTA hosts industry workshops exploring cyber security issues such as incident response, risk mitigation, data anomaly detection, and many others. These forums are attended by representatives from motor carriers, academic experts, government agencies, commercial transportation vehicle manufacturers and suppliers, telematics providers, cyber security firms, as well as other industry groups or associations. Presentations on various topics of interest are included and the workshops provide a platform for attendees to engage in the material and deliberate possible solutions.

CTSRP Portal

For more information on the workshops as well as to access and receive other important updates and notices, please apply at https://ctsrp.nmfta.org for access to the CTSRP Portal. Please note that this service is restricted and only open to stake holders in the commercial transportation security domain.

CTSRP Documents

NMFTA has developed the following white papers, reference documents, and bulletins in conjunction with our partners for the benefit of the industry:

A comprehensive review of cyber security for heavy vehicles for the NMFTA membership.
09/21/2015
1.0.3.6
Summary of main survey document
11/18/2015
1.0
A comprehensive review of cyber security for electric medium and heavy duty vehicles, charging stations and the electric grid. This document provides a reference baseline for the various stakeholders in heavy duty electric vehicle charging.
05/30/2018
1.2.1
A short executive summary of findings of the main baseline reference document.
05/30/2018
1.2
A vehicle cyber security awareness bulletin for motor freight fleet operators.
09/08/2016
1.5
A cyber security awareness bulletin regarding FMCSA Electronic Logging Device (ELD) mandate
08/28/2017
1.1
A paper by Dr. Jeremy Daily, Dr. Rose Gamble, and Urban Jonson on how to generate talent for vehicle cyber security presented at ESCAR USA 2017.
06/21/2017
1.0
A whitepaper on best practices for provisioning automotive control systems (i.e. ECUs) at scale. Jointly published by NMFTA and NCC Group
11/21/2019
1.0
A customizable incident response plan template.
11/8/2019
1.4
A customizable handbook for tabletop exercise facilitators.
01/17/2020
2.0
A customizable handbook for tabletop exercise participants.
01/17/2020
2.0
NMFTA Bulletin: Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems into Heavy Vehicles by the FMCSA.
05/13/2020
1.0
Slides for our presentation on Power Line Truck Hacking of J2497/PLC4TRUCKS. Tools for read-write are introduced as is ICSA-20-219-01.
08/08/2020
1.0
NMFTA’s Letter to CARB regarding proposed requirements in the CARB draft HD/IM Regulatory document for Remote On-board Diagnostics (ROBD).
02/23/2021
1.0
NMFTA’s Cybersecurity Requirements for Telematics Systems delivers a comprehensive list of cybersecurity requirements that should be met by all components of a telematics device, fleet management information system (FMIS) and/or electronic logging device (ELD). Public agency and private company fleet managers can utilize this report to evaluate telematics solutions cybersecurity posture.
03/02/2022
1.5
Slides for our presentation on Truck Hacking and how it fits into the larger field of commercial transportation. Includes: truck vehicle networks, public instances of truck hacking, truck hacking tools and how to get involved.
09/22/2021
v7
We worked together with Assured Information Security, Inc. (AIS) to investigate cyber security weaknesses in trailer Power Line Communications (PLC): J2497 aka PLC4TRUCKS. In the interest of responsible disclosure, we are writing to you to share a follow-up confirmation of results from our investigation previously disclosed in November 2019.
01/13/2022
v4
Mitigations to J2947 aka PLC4TRUCKS attacks, especially RF induced attacks. Developed and shared privately at the same time as the disclosure (January 13th 2022) and released into the public domain without modification here.
03/03/2022
v9
A PLC writing tool for the Truck Duck beaglebone based heavy vehicle diagnostic and debugging tool
Ongoing
N/A
A J1708 sigrok protocol decoder (PD), UART stacked
Ongoing
N/A
Python interfaces to TruckDuck network interfaces
Ongoing
N/A

CTSRP Research and Engagement

NMFTA conducts and sponsors research to increase our understanding of security threats to commercial transportation and to find novel approaches to identify, mitigate and reduce risks to our members and the transportation sector in general. NMFTA participates in and sponsors industry events such as the CyberTruck Challenge, DefCon Car Hacking Village and others to help develop the human resource talents needed to address this issue in the long term and help build a community of interest. NMFTA also partners with other entities including various government agencies and private sector companies to help create best practices, educate, and build awareness of commercial transportation security issues.

CTSRP Scholarship

NMFTA offers a tuition scholarship for U.S. or Canadian citizens pursing their Master’s or Bachelor’s degree in Computer Science or a relevant Engineering degree at an accredited and reputable college or university in the United States. Support for a Bachelor’s degree is limited to years three and four of a four-year program. Each applicant must submit a completed application, an essay describing intended contributions to the transportation industry upon completion of their graduate studies, and two letters of academic reference.

This is a two year scholarship whereby NMFTA will pay US $5,000 per year for two academic years towards qualified educational expenses (tuition, books, or fees) for full time students obtaining the degree declared on their scholarship application. Second year payments are contingent upon the awardee maintaining at least a 3.0 out of 4.0 or equivalent grade point average (GPA) and the continuation of full time studies as declared on their scholarship application. Payments will be made directly to the school’s bursar’s office on behalf of the selected student(s) prior to the commencement of each fall semester.

Applications must be received by July 15, 2021. Scholarship applicants will receive notification of their status by August 15, 2021. A copy of the application can be downloaded here.

CTSRP Contact

For additional information, please contact Angela Cooper, Program Administrator at Angela.Cooper@nmfta.org.