When it comes to cybersecurity, the assumption has often been that smaller fleets could somehow fly under the radar of bad actors — that they were too small to be targets of criminal activity.
We have seen clearly that this is not the case.
Small and midsize fleets are regularly targeted by bad actors looking to score a payday through ransomware and extortion. These bad actors know that a small target likely does not have dedicated cybersecurity resources, and so they represent a softer target.
Small fleets are also less prepared to prevent large operational interruptions in the event of a cyberattack — and so are likely to be under increased pressure to pay ransoms in order to keep operations running.
How, then, do these fleets prepare for these types of attacks?
First, the core cybersecurity defenses must be put in place:
- Strong password policies;
- Multi-factor authentication (MFA); and
- Regular patching of software and operating systems, etc.
These are not unfamiliar to most professionals at this point.
Threat intelligence is vital.
One thing that is often overlooked in this equation is the value of threat intelligence. Good threat intelligence is structured information that’s timely, specific and actionable:
- What are the bad actors doing right now? This is timely information.
- How are they doing it? Dig for the specifics.
- What can you do to defend against it? Find actionable solutions.
Often threat intelligence comes in the form of a paid feed, designed to integrate into a Security Information and Event Management (SIEM) platform that covers a broad range of bad actors, targeted sectors and common vulnerabilities and exposures (CVE) information.
If this sounds overly complicated for a small fleet, that’s because it is.
Such feeds produce a “firehose” of information that many smaller operations are not prepared to filter for applicability, triage for criticality, or incorporate into their security posture or operational processes in a timely manner.
What’s the solution for smaller fleets?
What small and midsized fleets — and even large enterprises in the transportation sector — really need is tailored, industry-specific intelligence that cuts right to the heart of what the bad actors are doing to fleets in the industry, in real time:
- How are they targeting?
- What techniques are they using to compromise operations? and
- What detection or prevention methods have been effective in catching and stopping these attacks?
How do we find this kind of threat intelligence?
We share it with one another in the industry.
If one fleet stops an attempted ransomware attack, they share how they detected the attack, how they stopped it, and what they learned about the bad actor in the process.
If another fleet is impacted by a successful cyberattack, they share what happened and any known Tactics, Techniques and Procedures (TTPs) the bad actor employed.
Why? Because the more we can help to harden our peers, the more difficult of a target the entire transportation sector becomes. This information is only helpful to those it reaches, so this begs the question:
How do we share it with the entire industry? And how do we share it anonymously? (Because, let’s face it, no one wants to publish every cyber incident that they experience or every near miss and how they detected them publicly).
The National Motor Freight Traffic Association Inc. (NMFTA) works to address this gap in collaboration with a number of fleets ranging in size from small operations up to large enterprises.
NMFTA recently launched a transportation Threat Report Portal to provide for exactly this type of intelligence sharing. This provides a centralized location where fleets can report these types of cyberattacks, both attempted and successful, anonymously and in real time to other fleets across the industry.
Cyber threat intelligence is only half of the picture for our industry.
We have all seen the numbers: Cyber-enabled cargo crime is responsible for unsustainable losses for the entire sector. These crimes are committed by specific bad actors, using specific tactics and techniques.
This is valuable intelligence.
Solid threat intelligence in the transportation industry requires a combination of cyber threat intelligence AND cargo crime threat intelligence to fully encompass the threats facing our industry. In addition, this intelligence must be shared widely enough to provide an early warning system to the industry as a whole.
This means we all need to stand up and say:
Enough! We’re tired of being targeted and we’re tired of being caught by surprise.
As we so often have done in the past in this industry, we will need to work together to face this latest challenge. The greater the number of fleets that agree to share the intelligence that they are gathering through their experience with their peers, the more valuable this trove of information becomes to the entire industry.
Where do we find threat intelligence?
This information can come from sources all across the industry.
I still remember as a driver hearing about certain areas that were known for having high rates of cargo theft, so I would avoid parking in those locations. This is cargo theft threat intelligence.
As a security practitioner, I’ve seen my fair share of phishing attempts. Those emails are threat intelligence. Who did they come from? What did they say? What sorts of attachments or links did they contain?
All of this is valuable information for defenders in other organizations.
I invite you to consider how much it would help your business to have information about what specific threats are facing the transportation sector, and how exactly you can prepare to face them.
No overwhelming firehose, no complex integrations or cost-prohibitive feeds involved, simply information shared from fleet to fleet across the industry.
We all need each other to face the unprecedented levels of cyberattacks and cargo crimes that the industry is currently facing. Let’s stand together and fight back. Find out more at nmftathreatportal.com.
Ben Wilkens, CISSP, CCSP, CISM, is director of cybersecurity at the National Motor Freight Traffic Association Inc. (NMFTA).
In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners and government agencies to advance cybersecurity practices and knowledge.
Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats.
Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices.
With a rare combination of CISSP, CCSP and CISM certifications — alongside an active Class A CDL — Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.
