ELD Cybersecurity and the NMFTA High Criticality Cybersecurity Considerations
On 21 July 2020, the Federal Bureau of Investigation (FBI) Cyber Division issued a Private Industry Notification (TLP:White Pin# 20200721-001) which warned the transportation industry of security threats from using ELDs from vendors who have not followed the technical requirements set for in the regulations.
Electronic Logging Device Cybersecurity and Best Practices
Summary
Cyber criminals could exploit vulnerabilities in electronic logging devices (ELDs), which became required equipment in most commercial trucking operations as of 16 December 2019 due to a federal regulatory mandate. Although the mandate seeks to provide safety and efficiency benefits, it does not contain cybersecurity requirements for manufacturers or suppliers of ELDs, and there is no requirement for third-party validation or testing prior to the ELD self-certification process. This poses a risk to businesses because ELDs create a bridge between previously unconnected systems critical to trucking operations. Companies choosing an ELD can mitigate their cyber risk by following best practices tailored to ELDs. This includes asking the ELD's supplier specific questions, some of which are identified in this PIN.1
The J. J. Keller® ELD system meets the ELD technical requirements as found in the Federal Motor Carrier Safety Regulations (FMCSRs). Our system also meets each High Criticality Cybersecurity Considerations identified in the National Motor Freight Traffic Association (NMFTA) as noted and suggested within the FBI notification.
NMFTA REF# | REQUIREMENT |
J. J. KELLER ELD COMPLIANT? |
AC-020 | All actions taken by the vendor's telematics system that are capable of supporting access controls shall be configured such that each user account or process/service account are assigned only the minimal privileges required to perform the specific, intended, actions of the user or process/service account. | YES |
AC-030 | The vendor's system shall employ authentication to prevent unauthorized access to telematics systems and data. | YES |
CM-020 | The vendor's devices shall have all services used for troubleshooting disabled or properly protected from unauthorized access and use. | YES |
CM-030 | Vendor ensures that any and all interfaces used for testing or debug are unavailable in production builds of the devices. | YES |
IR-010 | The vendor shall have a documented incident response plan (IRP) in place which provides the carriers with a point of contact for components used within their telematics system. | YES |
M-020 | The vendor shall have procedures in place to test backup restoration processes of their own systems and their own facilities on at least an annual basis. | YES |
M-030 | The vendor must have a disposal of goods policy which covers the management of all computer equipment and storage medial dealing with custom information including but not limitied to PII and customer business operations data. | YES |
P-030 | The vendor shall provide interfaces to their backend using the Open Telematics API --- enabling carriers to have failover to other providers to avoid interruptions due to single point of failure in provider telematics services. | YES |
SAA-010 | The vendor shall have an Information Security Management Plan (ISMP) | YES |
SAA-020 | The vendor shall have penetration testing performed, to an industry accepted best practice, at al industry accepted pace. Penetration testing can be performed by teams internal to the TSP; industry best practice is to have external pen-testing performed periodically also. | YES |
SCP-010 | Communication paths that traverse outside controlled boundaries must protect confidentiality and integrity of data. | YES |
SCP-020 | Measures will be taken by vendors to protect the confidentiality of any information at rest on the devices that could be interpreted as Sensitive and/or Personally Identifiable Information. This sensitive information is defined in SCP-030 where 'at rest' is understood to mean any state where the data is in a non-volatile storage medium, e.g. eMMC not RAM | YES |
SCP-050 | All customer-related data will be logically segmented (e.g. encrypted with segmented keys) such that it is possible to produce all data related to one customer without inadvertently exposing any data of any others. | YES |
SCP-060 | The vendor shall enforce controls integrated into the telematics device to limit the possible commands and data transmitted to the vehicle network. | YES |
SCP-090 |
The vendor's system shall implement protection of communications sessions against attacks including session hijacking and traffic manipulation. Where a session is understood to mean a time-limited authenticated [sic] login with the cloud/back-end [sic].
|
YES |
SCP-110 | The vendor's system shall provide a means to download unstructured customer data in an industry standard format (Open Telematics API). This download will occur over secured communication protocols. | YES |
SII-010 | The vendor shall have a process for remediating flaws in deployed telematics devices and backend systems. In the case of telematics devices, firmware update capabilities are important to be able to remediate all flaws that could be located in the device. | YES |
SII-040 | The vendor shall utilize a boot verification process built with (asymmetric) cryptographic digital signatures and implemented such that the public key used for verification or the hash of the public key used for verification is protected from being tampered on the device. | YES |
SII-070 | The vendor shall utilize an array of code safety features across the entire collection of executables in its devices: ASLR, DEP, CFI, Stack Guards, Fortification, and RELRO. Unless that code safety feature is not applicable on the system architecture, in which case it should be noted. | YES |
SII-100 | The vendor must monitor information systems for attack and unauthorized access including employing automated analysis tools. | YES |
1Private Industry Notification, TLP;White, Federal Bureau of Investigation - Cyber Division, July 21, 2020