The Current State of Cybersecurity in Transportation: Q&A with Trimble’s Chris Sandberg
Cyber threats aren’t new, but they should certainly not be taken lightly. In fact, cybersecurity concerns are greater than ever, with headlines popping up frequently about new attacks affecting many different industries, but especially transportation, logistics and infrastructure.
We caught up with Chris Sandberg, vice president of information security at Trimble Transportation, for an update on the current state of cybersecurity, and how supply chain stakeholders can take steps to proactively protect themselves against threats.
Hi, Chris! What’s your role at Trimble Transportation, and what do you currently work on?
I’ve been with Trimble for 13 years. I joined PeopleNet as a network engineer, and now lead our Cybersecurity team.
Prior to that, I had retired from the Air Force as a Chief Master Sergeant, where I oversaw maintenance and operations of some very complex electronic communication systems used for nuclear command and control, which is a nice way of saying I’m very familiar with cybersecurity. After I retired, I attended a job fair where I learned about PeopleNet for the first time. It seemed like the perfect pairing of working with both hardware and software -- I have degrees in electrical engineering and computer science, so it was a great match with my interests.
Today, I help ensure that all of Trimble Transportation’s existing systems and solutions meet top-of-the-line security requirements, and as we build new ones, that security is at the forefront of the design process. I really enjoy building things to be resilient, from both a security and availability perspective.
Tell us more about the current state of cybersecurity. What types of threats are most common these days?
Most hackers out there right now are looking to make a buck, quickly and simply. For the most part, they’re looking for easy opportunities to make a profit, with as little effort as possible.
What that means is that ransomware attacks are becoming increasingly common everywhere. This method of attack typically involves a bad actor gaining access to a system via an unsuspecting user whose password may have been hacked and shared on the internet, or who clicks a link or downloads a file from a suspicious email. Then, the attacker encrypts all the data available within that system (“locking” users out), demanding payment in order to decrypt or “unlock” it.
We’ve seen these types of attacks play out in various ways in recent months and years, perhaps most publicly in the form of a gas shortage this spring due to a ransomware attack on Colonial Pipeline.
Less-common threats may be more for grabbing attention, such as hacking into a vehicle to commandeer controls or hacking a navigation system to learn the location of certain cargo. While these types of threats seem scary, they’re more likely to be seen in Hollywood movies than in real life because they are much more effort-intensive and thus have less appeal to the average cyber-scammer aiming to make a quick buck.
Cybersecurity is a serious concern for any business, but particularly in the transportation industry. Are there any industry-specific cybersecurity threats we should know about?
The transportation and logistics industries are frequently a target for bad actors because they are full of data. Simply put, data has immense value: perhaps not to the attacker, but to the business whose operations may screech to a halt if they can’t access it. This is why so many ransomware attacks in the supply chain end with the hackers getting paid: supply chain companies need their data to operate.
Because that data is so valuable and mission-critical, it’s important to keep a close eye on who your data is being shared with. For example, if you haven’t closely reviewed your end-user license agreement, you may not realize that a technology provider may be using your data for third-party marketing purposes, or selling it to other transportation companies.
It’s also possible that your company could be sharing data unwittingly with your integration partners, making it incredibly important to review how and when you share data. For instance, you may unknowingly be sharing rate information with a customer or competitor, who could use that to under-bid you in the future. Or, payroll information could be accessed and used to recruit away drivers or other staff – something you don’t want in an incredibly tight labor market like we’re currently seeing.
Trimble has addressed these concerns by introducing the Trimble Trust Center, which allows users to control exactly when, with whom and for how long data is shared.
What are some cybersecurity best practices you’d recommend to transportation industry stakeholders?
The No. 1 best practice I can recommend for any industry, but especially the transportation industry, is to have backups. It’s important to back up the data your company needs to operate, on an interval that is appropriate for how critical it is to your business.
For example, a monthly data backup may not be often enough – in the event that a ransomware attack occurs, could your company continue operating using month-old data? If not, you may need to consider doing backups weekly, daily, or even multiple times per day.
Every business should also have a disaster recovery plan in place. Start by reviewing the critical workflows and resources you need to operate, and create a step-by-step plan of action for how to restore backups and address a hack. For obvious reasons, this plan should be physically printed (you may want multiple copies) and kept in close proximity so it’s accessible if an attacker has locked you out of your system. A further best practice would be to run through the plan on a regular basis as a tabletop exercise, to keep the processes top-of-mind and updated.
I also have a saying that I use frequently: “a chain is only as strong as its weakest link.” I really want to stress the importance of the principle of least privilege: users should only have the access they need to do their job. This helps protect your data in the event of an attack – the virus or vicious code only has access to a limited amount of information and can’t penetrate the rest of the system.
How does Trimble ensure its solutions are secure?
Every solution we develop at Trimble is built with security in mind from the very beginning. There is a minimum set of standards that every Trimble product must adhere to, that we take very seriously. Our solutions are designed to work together – as well as integrate with other technology providers across the industry – so all of our products must be equally secure.
We have a very robust range of controls that we use, such as vulnerability scanning, intrusion detection, dynamic code analysis, architecture reviews and best practices for public cloud environments, among many others.
We also undergo third-party audits and certifications to ensure that our programs meet industry standards. One of these is the SOC2 Type 2 audit, a cybersecurity gold standard that tests how well a company safeguards customer data and the availability of our services.
Anything else you’d like to mention?
With the COVID-19 pandemic increasing the number of people working remotely, the “attack surface” for potential threats has been pushed outside of the corporate firewall. What I mean by that is that home networks and the other devices on them may not be as secure as the ones in the office, where IT departments have likely spent a great deal of time ensuring that hardware and software is protected.
Having a very strong, complex password is also an easy way to help mitigate cybersecurity threats. This doesn’t necessarily mean it needs to be full of symbols or characters: studies have shown that creating longer passwords based on sentences or phrases are more secure because they’re harder to crack, and easy to remember, so users like them more and they also allow you to push out your change interval.
Thank you so much, Chris!
Interested in learning more about the focus we have on cybersecurity and how it relates to our technology? Contact us today to find out how our solutions are built to keep your business secure and operating as efficiently as possible.