In a recent article I wrote for TheTrucker.com, I talked about the importance of including drivers in cybersecurity awareness training. In that article, I also pointed out that the vehicles our drivers operate are essentially rolling networks.
The cab of a modern Class 8 truck contains, arguably, more tech than most small offices did 10 years ago. However, many fleets cannot produce an accurate list of what connected devices exist inside their trucks and trailers.
The modern truck often has an electronic logging device (ELD), an associated telematics gateway, original equipment manufacturer (OEM) telematics connections and infotainment systems.
Many — if not all of these — receive over-the-air updates.
This list doesn’t include any of the aftermarket add-on devices yet, such as dashcams, Wi-Fi hotspots and all the devices (both personal and company-owned) that connect through them.
Trailers have their own connected devices and communication channels as well. Consider tracking devices, connected reefer units and their associated environmental sensors, and Bluetooth or wireless tire pressure monitoring systems.
All too often, fleets cannot produce a detailed inventory of these devices per vehicle configuration.
Why is this important? We cannot protect what we don’t know about.
In the 2026 NMFTA Cybersecurity Transportation Industry Cybersecurity Trends Report, telematics manipulation, GPS spoofing and insecure aftermarket devices were all identified as factors that contribute to cyber-enabled cargo crime.
How is the vehicle itself a potential target?
The diagnostic port doesn’t natively distinguish between a manufacturer’s scan tool and an aftermarket device with sub-par security controls.
These aftermarket devices vary significantly in their security maturity.
Some of them are excellent and have been rigorously tested for vulnerabilities before being released to the market. Others, not so much. Some devices are built to meet a price-point that makes them likely not to include the cybersecurity protections required to safely deploy them in our fleets. Many devices and components are also manufactured in countries of origin that are not considered safe from a cybersecurity perspective.
It’s important to note that the truck doesn’t need a Hollywood-style hack to occur in order to be a threat vector. Blinding the tracking system on a truck or trailer or passively accessing data being transmitted by an insecure aftermarket device could pose a security risk.
Ultimately, the largest risks come from potential manipulation of the signals on the vehicle bus network itself, though this generally requires a higher level of access and sophistication than most attackers possess.
It is helpful to consider the potential risks as three possible attack paths.
The Data Path
Location, load details, customer information and routing data all flow to and from the truck constantly. Many cargo thefts occur through simple manipulation of the shipping details for a load, which could be possible if one of these communications channels were compromised.
The Control Path
This is anything that could change what the truck or trailer is told to do by onboard systems. A manipulated signal to a brake controller, a spoofed fault code or a simple signal overload of the entire system can derate a vehicle.
The Trust Path
The device on the diagnostics port, the tablet connected to the vehicle, the dashcam monitoring the vehicle’s movements — all of these devices’ connections are accepted by the vehicle. Weak security in any of these devices can create an attack path.
Our trucks are a clear example of why a converged approach to security that includes cybersecurity, operational security and cybersecurity is necessary. The paths above require all three of these security disciplines to be involved in the solution.
What can fleets do about the risk?
The answer here is not a 50-item checklist. A small number of actions can dramatically increase the security of any fleet.
Inventory what is connected.
Have maintenance personnel and security or IT personnel walk a truck together and document the connection points. Repeat this for each different configuration in the fleet. It may be surprising how many devices and systems are identified in this exercise.
Vet all aftermarket devices and vendors from a security perspective.
Anything that plugs into a diagnostic port, or pairs with the vehicle is a part of your attack surface. Ask the vendor about their security practices, their update process and how they handle vulnerabilities. If they don’t have answers, then your answer should be clear.
Bring your drivers into the conversation.
The driver will notice when something is acting strangely long before security or even maintenance. Give them a clear and simple reporting path and treat reports seriously; they may be an early warning sign.
Make sure your incident response plan (IRP) recognizes the truck as a potential attack surface.
An incident does not always begin at an enterprise firewall or with a phishing email. It could start with tampering via a diagnostic port, errors in a telematics system, or odd vehicle fault codes reported by a driver. The IRP needs to account for that.
Security starts with visibility
Historically, our equipment and our information technology were two separate worlds. Different teams were responsible for them; they had completely different vendor management requirements; and the teams had totally different vocabularies. That separation is no longer viable. The trucks and trailers must be part of the security program now.
Modern trucks are connected platforms that produce data, receive instructions and interact with other trusted devices constantly. This means that they are part of the cybersecurity risk taxonomy whether the organization acknowledges it or not.
NMFTA has a growing library of free resources to help fleets continue their security journey, including the Road to Resilience series of guidebooks, the Vendor Risk Assessment Framework and the new Freight Fraud Prevention Hub, as well as numerous white papers and research articles focused specifically on the rolling assets that make up the backbone of our operation.
Ben Wilkens, CISSP, CCSP, CISM, is director of cybersecurity at the National Motor Freight Traffic Association Inc. (NMFTA).
In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners and government agencies to advance cybersecurity practices and knowledge.
Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats.
Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices.
With a rare combination of CISSP, CCSP and CISM certifications — alongside an active Class A CDL — Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.
