Skip to main content
J. J. Keller Support Center

ELD Cybersecurity and the NMFTA High Criticality Cybersecurity Considerations

On 21 July 2020, the Federal Bureau of Investigation (FBI) Cyber Division issued a Private Industry Notification (TLP:White Pin# 20200721-001) which warned the transportation industry of security threats from using ELDs from vendors who have not followed the technical requirements set for in the regulations.

 

Electronic Logging Device Cybersecurity and Best Practices

Summary

Cyber criminals could exploit vulnerabilities in electronic logging devices (ELDs), which became required equipment in most commercial trucking operations as of 16 December 2019 due to a federal regulatory mandate. Although the mandate seeks to provide safety and efficiency benefits, it does not contain cybersecurity requirements for manufacturers or suppliers of ELDs, and there is no requirement for third-party validation or testing prior to the ELD self-certification process.  This poses a risk to businesses because ELDs create a bridge between previously unconnected systems critical to trucking operations. Companies choosing an ELD can mitigate their cyber risk by following best practices tailored to ELDs. This includes asking the ELD's supplier specific questions, some of which are identified in this PIN.1

 

The J. J. Keller® ELD system meets the ELD technical requirements as found in the Federal Motor Carrier Safety Regulations (FMCSRs). Our system also meets each High Criticality Cybersecurity Considerations identified in the National Motor Freight Traffic Association (NMFTA) as noted and suggested within the FBI notification.

 

NMFTA REF# REQUIREMENT

J. J. KELLER ELD COMPLIANT?

AC-020 All actions taken by the vendor's telematics system that are capable of supporting access controls shall be configured such that each user account or process/service account are assigned only the minimal privileges required to perform the specific, intended, actions of the user or process/service account. YES
AC-030 The vendor's system shall employ authentication to prevent unauthorized access to telematics systems and data. YES
CM-020 The vendor's devices shall have all services used for troubleshooting disabled or properly protected from unauthorized access and use. YES
CM-030 Vendor ensures that any and all interfaces used for testing or debug are unavailable in production builds of the devices. YES
IR-010 The vendor shall have a documented incident response plan (IRP) in place which provides the carriers with a point of contact for components used within their telematics system. YES
M-020 The vendor shall have procedures in place to test backup restoration processes of their own systems and their own facilities on at least an annual basis. YES
M-030 The vendor must have a disposal of goods policy which covers the management of all computer equipment and storage medial dealing with custom information including but not limitied to PII and customer business operations data. YES
P-030 The vendor shall provide interfaces to their backend using the Open Telematics API --- enabling carriers to have failover to other providers to avoid interruptions due to single point of failure in provider telematics services. YES
SAA-010 The vendor shall have an Information Security Management Plan (ISMP) YES
SAA-020 The vendor shall have penetration testing performed, to an industry accepted best practice, at al industry accepted pace. Penetration testing can be performed by teams internal to the TSP; industry best practice is to have external pen-testing performed periodically also. YES
SCP-010 Communication paths that traverse outside controlled boundaries must protect confidentiality and integrity of data. YES
SCP-020 Measures will be taken by vendors to protect the confidentiality of any information at rest on the devices that could be interpreted as Sensitive and/or Personally Identifiable Information. This sensitive information is defined in SCP-030 where 'at rest' is understood to mean any state where the data is in a non-volatile storage medium, e.g. eMMC not RAM YES
SCP-050 All customer-related data will be logically segmented (e.g. encrypted with segmented keys) such that it is possible to produce all data related to one customer without inadvertently exposing any data of any others. YES
SCP-060 The vendor shall enforce controls integrated into the telematics device to limit the possible commands and data transmitted to the vehicle network. YES
SCP-090

The vendor's system shall implement protection of communications sessions against attacks including session hijacking and traffic manipulation. Where a session is understood to mean a time-limited authenticated [sic] login with the cloud/back-end [sic].

  • Sessions shall be invalidated at logout
  • Sessions must be randomized and uniquely identified
  • Protections must be implemented to restrict certificate authorities to a short (maximum 3) list of those expected by the vendor, i.e. secure communications must implement certifcate pinning to a short whitelist of certificate authorities.
  • Certificate pinning shall be implemented on all telematics device to server communications (e.g. telematics gateways or IVGs). Administrative 'backend' systems may be exempt from this requirement to allow for stream inspection by enterprise intrusion detection systems.

YES

SCP-110 The vendor's system shall provide a means to download unstructured customer data in an industry standard format (Open Telematics API). This download will occur over secured communication protocols. YES
SII-010 The vendor shall have a process for remediating flaws in deployed telematics devices and backend systems. In the case of telematics devices, firmware update capabilities are important to be able to remediate all flaws that could be located in the device. YES
SII-040 The vendor shall utilize a boot verification process built with (asymmetric) cryptographic digital signatures and implemented such that the public key used for verification or the hash of the public key used for verification is protected from being tampered on the device. YES
SII-070 The vendor shall utilize an array of code safety features across the entire collection of executables in its devices: ASLR, DEP, CFI, Stack Guards, Fortification, and RELRO. Unless that code safety feature is not applicable on the system architecture, in which case it should be noted. YES
SII-100 The vendor must monitor information systems for attack and unauthorized access including employing automated analysis tools. YES

1Private Industry Notification, TLP;White, Federal Bureau of Investigation - Cyber Division, July 21, 2020

  • Was this article helpful?