FBI bulletin exposes another crack in ELD mandate
July 28, 2020
The FBI’s Cyber Division released last week an unsettling bulletin that called out the “vulnerabilities” in electronic logging devices and exposed the lack of cybersecurity or quality assurance requirements for ELD suppliers.
“Cyber criminals could exploit vulnerabilities in electronic logging devices. … Although the mandate seeks to provide safety and efficiency benefits, it does not contain cybersecurity requirements for manufacturers or suppliers of ELDs, and there is no requirement for third-party validation or testing prior to the ELD self-certification process,” the FBI bulletin stated.
“This poses a risk to businesses because ELDs created a bridge between previously unconnected systems critical to trucking operations.”
These “vulnerabilities” could create a variety of problems, the FBI said. Cyber criminals could use an insecure ELD to move laterally into a larger company business network, to steal such personal information as business and financial records, or to install malware that could prevent the vehicle from operating until a ransom is paid.
The bulletin paints a frightening picture that makes you wonder why these concerns weren’t mentioned before the Federal Motor Carrier Safety Administration began enforcing an ELD mandate on commercial motor vehicles in December 2017.
Oh wait, they were.
In its fight against the ELD mandate, the Owner-Operator Independent Drivers Association petitioned the U.S. Supreme Court, mentioning privacy concerns and saying that it violated truckers’ Fourth Amendment rights.
In September 2017, an OOIDA-led coalition of 31 organizations, said there were “significant technological and real-world concerns” that hadn’t been addressed by FMCSA.
Those ELD concerns included:
- The devices not being certified.
- Cybersecurity vulnerabilities.
- The ability of law enforcement to access data.
- Connectivity problems in remote areas of the country.
At the time, the coalition was backing a bill proposed by U.S. Rep. Brian Babin, R-Texas, that would delay the ELD mandate for two years. The coalition said the delay was needed in order to address these concerns.
But you know the rest. The bill didn’t pass and the $2 billion ELD mandate began its first phase in December 2017 and entered its third and final phase in December 2019.
Why were lawmakers so determined to push this mandate forward, you might ask. They said it was all in the name of safety. The ELDs would force truckers to rigidly follow the hours-of-service regulations, which, in theory, would reduce crashes. OOIDA has contended that compliance doesn’t equal safety and that there have been no studies proving that ELDs increase safety on the highways.
Soon after the mandate was put in place, truckers began to complain that the hours of service were too rigid and that the ELDs were forcing them to “beat the clock” and speed in order to get parked in time. Those cries led to the FMCSA reforming the hours-of-service rules, which are set to go into effect on Sept. 29.
While the official numbers haven’t been released, preliminary stats don’t do much to support the justification for the ELD mandate. A preliminary study released in 2019 said ELDs have not reduced crashes and may cause an increase in unsafe driving habits. According to numbers from the National Highway Traffic Safety Administration, fatalities involving large trucks reached a 30-year high during the first full year of the ELD mandate.
So more than two-and-a-half years into the ELD mandate, here’s what we know:
- The regulation cost the industry billions of dollars.
- The mandate opened the door for cyber criminals to hack into personal information and potentially unleash cyber attacks on motor carriers.
- FMCSA allowed ELD makers to self-certify without including any cybersecurity requirements.
- The mandate prompted a change in the hours-of-service regulations after reports the ELD was forcing truckers to speed in order to remain compliant.
All of this even though there is still no proof that ELDs do anything to benefit highway safety.The FBI bulletin is the latest proof that the ELD mandate was an unnecessary and hastily enacted regulation.