The transportation industry is rapidly evolving into a digitally connected network. As fleets adopt advanced technologies, the transportation sector faces escalating cyber threats that jeopardize operations, safety, and profitability.
Recent data underscores growing vulnerabilities. From 2017 to 2022, automotive cyber attacks surged by 400%. Additionally, a report by Pro Circular indicates that one in six cyberattacks now targets transportation and logistics businesses, with the average cost of a ransomware incident estimated at $4.24 million.
Modern connected trucks are essentially rolling data centers. Volvo estimates that every minute, a truck collects and transmits about 20 GB of data, the equivalent of 1800 hours of streaming music. Over time, this data has grown exponentially, offering many opportunities for enhanced fleet management and predictive analytics.
In response to these emerging risks, the Bureau of Industry and Security (BIS) at the U.S. Department of Commerce introduced a final rule on January 16, 2025, titled “Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles.” As of March 17, 2025, the rule restricts transactions involving Vehicle Connectivity System hardware and related software from entities in the People’s Republic of China or the Russian Federation. You can review the full rule on govinfo.gov.
The measure is designed to bolster national security and reduce vulnerabilities in connected vehicle technologies. And while it’s a step toward preventing future risks, it does little to close the security gaps that fleets face today.
Presidents Biden and Trump both have issued executive orders aimed at bolstering cybersecurity. President Trump signed Executive Order 13984 on the last day of his first term, addressing “malicious cyber-enabled activities.” Biden signed Executive Order 14144 with three days left in his tenure, seeking to strengthen the nation’s cyber security. So far, neither order has been rescinded, signaling a rare agreement among competing administrations.
On-board telematics devices are a cornerstone of modern fleet management. They collect critical data on vehicle location, driver behavior, fuel efficiency, and diagnostics. However, these devices also present significant risks through unauthorized access, leading to potential data interception or possible remote exploits.
For example, in 2022, hackers caused a major traffic jam in Moscow by penetrating a ride-hailing app and sending dozens of taxis to the same location at the same time. Or the now famous example of two hackers remotely taking control of a Jeep Cherokee, ultimately driving the vehicle into a ditch.
Fortunately, fleets have tools at their disposal to try to safeguard their telematics devices. A recent study sponsored by FMCSA investigated best practices for integrating telematics into heavy vehicles. While highly technical, the report provides helpful checklists and recommendations for fleets seeking to secure their telematics devices.
Beyond telematics, fleets should seek to employ a comprehensive cybersecurity strategy to secure their data and their business. This should include:
- Employee Training and Awareness: Regular training on cyber risks, such as phishing and social engineering, can help cultivate a more vigilant culture.
- Incident Response Planning: Develop and routinely update an incident response plan to swiftly address any cyber incidents.
- Third-Party Risk Management: Evaluate and monitor the cybersecurity practices of partners and suppliers to minimize supply chain vulnerabilities.
- Advanced Threat Detection Solutions: Invest in real-time monitoring that can rapidly detect and respond to emerging cyber threats.
- Table Top Exercises: Conduct mock threat exercises to test your response plans and efforts to ensure your employees and third-party providers can effectively respond to an incident should one occur.
As the transportation industry becomes increasingly connected, the risks posed by cyber threats continue to grow. From the vast amounts of data generated by connected vehicles, to the vulnerabilities in modern technology, every component of a modern fleet can be a potential target.
By adopting robust cybersecurity practices, staying informed about regulatory measures like the BIS final rule, and educating yourself on tactics used by malicious actors, you can fortify your defenses and ensure the security and continuity of your operations in an ever-connected world.
