Fleet Management and the Internet of Things: Securing Your Fleet

Fleet Management and the Internet of Things: Securing Your Fleet
Electronic Security Association — April 25, 2023

Fleet management plays a significant role in any transportation or logistics company. However, the level of expertise and commitment required is substantial to operate efficiently. 

That’s why fleet management is a great place to leverage IoT technology to improve operations and efficiency. By utilizing the right technologies, fleet managers can reduce vehicle-to-site time and fuel costs and decrease the risk of theft or accidents. 

While the goal is to reduce risk, fleet managers must understand that leveraging IoT brings about inherent security risks.  

 

What are the security risks?  

Gianmarco Zanda, product manager and electronic engineer for Telit Communications, said that are multiple security risks that fleet managers must contend with.  

From cellular communications to the vehicle CAN bus (Controlled Area Network, which functions like a nervous system for the car) and cloud servers, there are numerous points on an IoT-based fleet management system that hackers can target. 

Aside from a malicious hacker, an IoT-based fleet management system can also be compromised by normal users. For example, suppose a person with a smartphone downloads a GPS tracking app and provides their personal information. In that case, the application could be hacked and used to track a vehicle or even shut down the engine while the car is in motion. 

A common challenge with IoT fleet management is ensuring the integrity of data transmissions. If data is hacked or compromised, it can impact the operational performance of the entire system and affect real-world fleet management workflows. 

Additionally, the data collected from a fleet management system is susceptible to theft or exploitation by competitors or criminals. This means that the data should be protected with additional security tools embedded in your fleet management system to prevent any information from being stolen or exploited. 

Perhaps the most critical risk, according to Zanda, is unauthorized access to the fleet’s network. While this may seem the most obvious of all risks, the manner in which a bad actor can compromise the fleet is not quite as evident. “If companies do not properly segregate the sections of their networks, a malicious attacker may be able to access your fleet network from a less secure side of your network,” he said. What this means is that if an attacker compromises the HR segment of the network, but that network is cordoned off from other networks segments, the attacker would be “stuck” in the HR segment.  

 

What are the real-world repercussions? 

 In 2015, a group of hackers exposed the vulnerabilities in a Jeep Cherokee, using a journalist as a volunteer test subject in their remote takeover of the car’s entertainment system, air conditioning, windshield wipers, steering and brakes. While limited to just one vehicle, the attack revealed the same security flaw on almost 2,700 cars connected to the same mobile network segment, rendering them all vulnerable to a mass fleet attack.  

Four years later, another hacker broke into thousands of accounts belonging to GPS tracking apps — gaining access to the locations and even engine controls of over 20,000 vehicles. Unlike the first incident, the bad actor in this case had malicious intentions and the potential to cause serious harm.  

In another incident, a 2016 4.8 Million gold truck heist involved a GPS tracking device — which is frequently used in fleet management. The thief “mailed” a tracker that was eventually placed inside the truck so that he could follow it and strike at the right time. 

While these three cases don’t all specifically pertain to a fleet, they serve as a stark reminder of the fragility of the security of connected vehicles—a problem that manufacturers, drivers and fleet managers must address before more serious consequences arise. 

 

Fleet management security strategies 

For companies with fleets of vehicles, vehicle management requires a deep understanding of the data patterns that flow between the manufacturer’s fleet models and the back-end computer system. 

Therefore, finding an IoT fleet management solution that offers a single pane of glass for viewing all data across multiple systems and locations is crucial. This will help organizations reduce the number of systems they must maintain and automate tasks, allowing them to free up time for other high-value use cases. 

The second strategy is incorporating security by design into your fleet management strategy. To do this, organizations should work with their security teams to develop and deploy systems that include data privacy and protection, as well as other security protocols. In addition, fleet managers should look for a telematics platform that is compliant with road safety regulations and driving standards. This will allow them to monitor driver behavior, avoid accidents, prevent vehicle failure and improve overall performance. 

However, fleet vehicle mangers are not expected to also be experts in cyber security; so it is essential to find the right security partner to protect against remote threats.  

 

Working with experts  

Organizations may choose to have their own cyber security team on hand, or they could outsource to a third-party wireless or internet provider or even to a specialized automotive cyber security consultant.  

“Not all companies have the same level of expertise in everything,” said Zanda. “The best suggestion for many companies is to choose a partner they’re comfortable with — which can provide that level of security.”  

Equally important, according to, is that the partner offers continuous upgrades to their services and solutions. “Say the partner offers a very good product today with all the right security measures,” he said. “But five years from now, if they’re not upgrading features and solutions, the probability of being attacked and the capability of bad actors can be tenfold.” 

Zanda notes that outsourcing partners should not only be capable of providing security expertise, but also the hardware, software and a general fleet management services. Everything from a limited consulting engagement to turnkey solutions are available from third party solutions providers. 

With the proper security measures and outsourced partnerships in place, companies are in a much better position to ensure their fleet is safely and securely managed.