New tech is on the way to help prevent cyberattacks of tractor-trailers.
Ohio-based Bendix Commercial Vehicle Systems obtained a patent in February for a device to detect and block nefarious communication signals that could hijack trucks’ braking systems.
“For the larger trucking industry, technology advances like this one promises more secure operating systems and fewer operational disruptions and added costs,” the National Motor Freight Traffic Association said in a news release earlier this month.
NMFTA Senior Cybersecurity Research Engineer Ben Gardiner and Bendix’s Thomas Hayes are listed as inventors on the patent, which the company applied for in February 2021.
“This ... vulnerability matters because an attacker is able to directly reach both the trailer and tractor brake controllers,” Gardiner wrote in a disclosure last year, noting the industry is moving away from a power line communication standard known as J2497.
He said in an email that a new interface standard will improve the security of new equipment, but older equipment could still have vulnerabilities.
“The remaining weakness for fleets is protecting the older trailers from attack when connected to new tractors,” he wrote to Transport Dive.
Tractor-trailers, especially tankers and road trains, work similarly to radio antenna, and technology for active brake controllers, such as anti-lock braking system technology, is a lot like radio receivers. This means ABS controllers can be manipulated with radio transmitters, he told Transport Dive, provided an attacker and victim equipment are nearby.
That means there can be vulnerabilities, but there’s no known instances of any attacks on neither trailers nor tractors, he said, based on a review of academic research.
“The NMFTA has been working now for many years that that continues to be the case, that these attacks are not going to be successful, whereas you’ve seen a rise in ransomware targeting trucking,” he said.
While the patent lasts for 13 years, according to a Google summary, the NMFTA has identified other solutions to the vulnerability, such as by installing passive components that are relatively cheap and easy to install. Additionally, unlike the passive component solution, active keyhole and jamming solutions have undergone testing, Gardiner noted.
