How can connected trucks press the gear on cybersecurity?

As we welcome the era of connected trucks, cybersecurity concerns around the large set of data managed by them remain.

Rapid digitalization and climbing consumer expectations have brought us to the threshold of a road transport evolution – characterized by a demand for increased truck uptimes and connected transportation. 

Connected and autonomous trucks are growing in numbers, and will directly impact businesses, society and the way we live our lives. Innovation and connectivity will be instrumental in helping trucks meet rising demands in an ecosystem influenced by geopolitical scenarios and the e-commerce boom accelerated by the COVID-19 pandemic.

The global connected truck market is anticipated to rise from US$20.45 billion in 2021 to US$58.90 billion in 2028, as per an industry report. Connected trucks are all set to push the envelope on what’s possible in delivery and logistics – transforming industries around the world. However, the industry is not without a few key challenges.

Despite its popularity, few concerns hold connected truck manufacturers back

Connected trucks are part of a hyperconnected ecosystem that is enabled by a lot of data and an intelligence network. Due to the growing quantity and complexity of data handled by connected systems, traditional cybersecurity measures can no longer ensure the required degree of safety. 

While connectivity can make things more efficient, it creates a larger attack surface area that can expose the vehicle’s controls. Once inside the central control system, attackers may be able to send commands to the vehicle from a remote location to steal sensitive data, track vehicle operations and manipulate critical functions.

Due to the dynamic threat environment, manufacturers will need to take innovative, calculated approaches to address the risk of cyber threats. Or risk putting their fleets in danger.

How can connected trucks check the cybersecurity box?

In a conversation on the connected truck landscape in the Nordics, Ulrika Eklöf (EY EMEIA Advanced Manufacturing & Mobility Leader, Client Service Partner, Ernst & Young AB) and Jonas H. Halldin (Nordic Cyber Market Lead, Partner, EY Godkendt Revisionspartnerselskab) explore the increasing relevance of cybersecurity in the rapidly growing ecosystem.

Q: How popular is the connected truck ecosystem in the Nordics? What are the reasons for this popularity?

The Nordic countries have always shown an affinity toward digitization in general, hence it does not come as a surprise that the connected vehicle ecosystem is growing in popularity here.  

Across the globe, the number of use cases for connected vehicles is substantial. This phenomenon can be attributed to the desire for longer vehicle uptimes so that they are more actively transporting goods. Connectivity also helps fleet owners plan services and maintenance better, avoiding disruption to services due to maintenance.

Another important reason is data. Connectivity promises us ways of monitoring and owning data in a way that we’ve never done before. Consider fleet owners who own many trucks – data can unleash so many insights for them, and give real-time answers to questions like “How fast are the trucks moving?“ “How much fuel is being consumed?” or “How long do the trucks stay idle?” 

Connectivity also comes armed with the possibility of making services customizable. For instance, you could build a low-level engine and buy extra horsepower as a service when needed, at the click of a button.

The trend is such that in the future, every vehicle will be connected somehow – not just trucks, but all commercial and private vehicles as well. 

Q: How well do connected vehicle manufacturers understand the threat of cybersecurity?

Vehicle manufacturing companies are well aware of the cybersecurity component of connected trucks and have the skills and resources needed for it. But there is a tremendous amount of effort that still needs to be channeled toward cybersecurity in the context of connected vehicles.

The threat landscape is ever-changing, with new vulnerabilities accompanying every new feature as we connect more components and build new infrastructure. The risks connected trucks are exposed to are critical, and high in number. 

An exploited vulnerability can give hackers insight into sensitive data – from the kind of goods in the truck to the details of the person driving the truck. In extreme cases, hackers could turn the truck on or off and create incidents.

So, while connected truck manufacturers understand the complexity of the threat landscape, stronger, advanced cybersecurity measures remain to be built.

Q: What are the implications of the security threats faced by connected vehicles?

Just like in every other industry, new vulnerabilities are emerging every day in the connected truck landscape. 

An implication of a cyber threat in connected trucks can be data theft – where hackers steal sensitive information regarding goods and personnel – or in the worst case, loss of human lives. For example, a truck carrying dangerous chemicals, if hacked, can pose a huge risk – the truck could be made to turn or speed without driver control. This can cause damage to the goods, vehicles and drivers, and also pose a risk to the surroundings. Loss of personal data is also a major implication.

Consider a hypothetical scenario of a truck transporting fruits and vegetables. Due to the nature of the goods, the truck would come equipped with a freezer or cooler. A vulnerability in the system would let a hacker fluctuate the temperatures, spoiling the food. There are many similar examples.

Q: What are the key security concerns of connected vehicle manufacturers in the Nordics?

The major concerns that plague connected truck manufacturers are plenty. A connected truck is essentially a server room on wheels. It can have hundreds of components represented by small CPUs that do everything from analyzing the quantity of gas frequently to measuring the speed of the truck. 

One of the major requirements of connected trucks is that the truck should be available almost all the time. This begs the question, “When do you perform an upgrade?” The complexity involved in this question is massive – a remote upgrade of the vehicle can unearth a vulnerability that hackers can exploit. As the truck can connect to remote devices, various parts of the truck must be protected based on the criticality of its function.

Q: What is one key insight that connected truck manufacturers must know to navigate cybersecurity with certainty?

The connected vehicle market is thriving – but every layer of digitization brings with it a plethora of security challenges for manufacturers to overcome.

The security pitfalls can have negative consequences or, worse, put an end to these developments. So, it’s important to lean on each other to protect the growing connected landscape. Collaboration among each other is vital, and manufacturers must work together to share learnings and inspire each other.

Though there are an increasing number of ways to stay connected and informed about trucks, we cannot ignore the large quantities of data created, shared and stored in the trucks and online. This leaves a lot of personnel and vehicle information exposed, vulnerable and attractive to hackers. Connected truck manufacturers must take heed and adopt a cybersecurity approach that addresses obvious and hidden vulnerabilities in the system.

How can EY Teams help?

The knowledge of EY teams in cybersecurity services, and the manufacturing industry in general, places us in a great position to help connected truck manufacturers innovate safely and securely. EY teams can support businesses throughout the project lifecycle by helping create policies, regulations and strategies to protect confidential data and build the security infrastructure necessary for your business to succeed.