Fleets Must Be Hyper Vigilant About Securing Telematics
The broad deployment of telematics has driven unprecedented efficiencies in fleets by providing greater visibility into the location, movement, status, and behavior of every mobile asset. This level of connectivity and communication between assets has alleviated many of the pain points associated with day-to-day fleet management operations, on the road, and back at the office.
But, with any connected technology comes vulnerability.
Much of the industry discussion thus far has centered around concerns of hacking or reprogramming of systems, carried out by a malicious actor over the airwaves. Although such an occurrence would be detrimental to a fleet’s operations, the more pressing risk is a malicious actor accessing those billions of data points generated through telematics.
Most telematics systems connect directly to a corporate network, where the intellectual property—the livelihood—of a business is stored.
And consider the competitive advantage another carrier would have if details of your customer shipments fell into the wrong hands. A competitor would know exactly where your vehicles have been, the locations they traveled to and how many times that route was taken.
For government fleets, the assembly of telematics data could help a malicious actor aggregate non-classified asset data into a view of mission that actually should be classified. There are certain government applications wherein a federal employee may be able to turn off vehicle tracking altogether, but commercial fleets do not necessarily have that option. Especially when the data is essential to providing customer service or preventing loss.
Currently, no industry-wide standard or legislation has been enacted to ensure the utmost security in trucking telematics systems. As organizations continue to embrace this transformational technology, both manufacturers and fleets need to take accountability.
Manufacturers must, first and foremost, design products with the core intention of privacy. In March 2016, the FBI and the National Highway Traffic Safety Administration issued a public bulletin that warned manufacturers of vehicles, vehicle components, and aftermarket devices to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.
From there, fleets are responsible for thoroughly assessing products before implementing, in addition to creating a culture of security within their operations. That means, being wide eyed about the information collected and where it is housed, and ensuring that drivers are aware of these guidelines.
The National Association of Fleet Administrators (NAFA) has released recommendations for fleet administrators and their employers to develop transparent policies around the collection and analysis of driver/vehicle data. These policies, per NAFA, must “specify the types of information that will be collected, how such information will be used and stored and under what circumstances the information can be retrieved.”
Our industry stands at a critical juncture, and we can go one of two directions: Manufacturers and fleets can come together now—before the worst occurs—to make data secure from the top down. Or, we can leave the door open for more risk. It’s as simple as that.