FMCSA Acting Administrator’s New Comments About ELD Hacking Raise Some Concerns
Washington D.C. – The current acting administrator of the Federal Motor Carrier Safety Administration (FMCSA) is responding to the recent warning by the Federal Bureau of Investigation (FBI) about the “vulnerabilities” of electronic logging devices (ELDs).
In an interview on September 23 with Landline Now, Wiley Deck, FMCSA’s acting administrator, addressed concerns recently issued by the FBI in a Private Industry Notification (PIN) that “Cyber criminals could exploit vulnerabilities in ELDs.”
“Although the [ELD] mandate seeks to provide safety and efficiency benefits, it does not contain cybersecurity requirements for manufacturers or suppliers of ELDs, and there is no requirement for third-party validation or testing prior to the ELD self-certification process,” the PIN states. “This poses a risk to businesses because ELDs create a bridge between previously unconnected systems critical to trucking operations.”
Among myriad of potential risks, the FBI’s PIN specifically warns that once a cyber criminal gains access, he can install malware, such as ransomware, to prevent the ELD, the vehicle, or connected telematics services (such as dispatching or shipment tracking) from operating until the ransom is paid.
Acting Administrator Deck told Landline Now the Agency is unaware of any such successful hacking attempt thus far.
“We have not had any reports of any of these issues affecting any of our vendors, nor any drivers or motor carriers,” he said. “I would welcome that if somebody has heard instances of this being an issue to please let us know, because we will be very active in investigating that.”
Further, Deck sought to reassure truckers and motor carriers operating ELDs that the required devices are more secure than your smartphone or computer.
“Your iPhone can be hacked and tracked,” he asserted. “Your Android device, your laptop. There are many other electronic devices that present cyber issues that don’t meet the same requirements that the electronic logging devices have.”
While it’s true cyber criminals could do significant damage by hacking your personal mobile device or laptop, analogizing such an act with gaining access to the controls of an 80,000 lb. big rig have some critics of the ELD mandate concerned.
Is the Agency taking this issue seriously enough?
Groups such as the Owner Operator Independent Driver’s Association (OOIDA) and the Small Business in Transportation Coalition (SBTC) have been warning about the cyber security vulnerabilities of ELDs for years leading up to and after the adoption of the mandate.
However, those concerns have been largely dismissed by lawmakers and the FMCSA and some critics are now pointing to the acting administrator’s most recent comments as evidence to that reality.
Additionally, critics contend policy makers have yet to offer a comprehensive strategy to repel such potentially dangerous and destructive attacks.
In a statement to Transportation Nation Network (TNN) shortly following the release of the FBI’s most recent warning, James Lamb, president of the SBTC and long-time opponent of the ELD mandate, argued the FMCSA failed to adhere to the Moving Ahead for Progress in the 21st Century Act (MAP-21) which authorized the mandate.
“We have long held that the FMCSA did not properly implement the ELD mandate because the agency ignored Congress’ directive to develop a bona fide certification program for ELD products and opted to go with ‘self-certification,'” Lamb said.
The SBTC has requested the United States Department of Transportation Inspector General’s office audit the FMCSA’s implementation of the ELD mandate with “special attention to the issue of the self certification short cut.”
TNN will continue to monitor the issue closely.