Skip to main content

Three men sitting at a table, addressing a room

Four questions about cybersecurity every fleet executive must ask

Last updated on April 24, 2023 in Productivity by Dirk Schlimm |  3 minute read

Cybersecurity is an executive responsibility. Dirk Schlimm discusses four principles that should be top of mind for fleet executives.

Is cybersecurity for connected fleets a “nerdy” topic that is best left to the computer scientists and other IT experts, or do fleet executives have a direct responsibility to understand and ensure the security program for their fleet?


This was my opening question at a panel on cybersecurity for connected fleets at the recent Connected Fleet Conference in Brussels, Belgium. I had a chance to discuss this and related questions with two eminent experts in the field: Dr. Dan Massey, Director of Technology, Cybersecurity and Policy at the University of Colorado Boulder and part of the Neutral Vehicle Consortium (and formerly program manager for the Cybersecurity Division at the U.S. Department of Homeland Security) and Ted Guild, Connected Vehicle Lead at W3C and Research Staff at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL).


See also: What you need to know about the FBI notification on electronic logging


Their answer was clear and unequivocal: Cybersecurity is an executive responsibility; it cannot be abdicated or blindly delegated — be it to an inside department or outside provider. This was their analogy: Senior executives must not and will not leave a firm’s finances to the accounting department (alone) or people development to the HR department (alone); the same way, fleet executives must have a grasp of cybersecurity at the concept level and must ask the right questions of their IT departments and vendors to satisfy themselves that a robust program is in place.


At the same time, cybersecurity is of course a highly technical subject matter and fleets must rely on experienced and specialized technical experts both inside and outside the firm. Thus, taking responsibility does not mean becoming a cyber expert; but it does mean understanding the fundamentals. So the answer to our questions is actually not “either or” but “both.”


See also: Podcast: Data privacy with Dirk Schlimm

The follow up question was: “How do executives take responsibility?”

The answers here were very practical. With all the technical sophistication and often enormity of detail in cybersecurity there are four principles that should be top of mind for fleet executives:

  1. Cybersecurity for connected fleet starts with a standards based security program that is then tailored towards the specific context of connected fleets. An example of a *fleet specific* set of security recommendations that can be implemented in the framework of a broader standard such as ISO or NIST is the telematics cybersecurity primer for agencies prepared for the U.S. Department of Homeland Security by the U.S. DOT Volpe National Transportation Systems Center. Such a specific set of recommendations will ensure that fleet related risks, threats, and vulnerabilities are appropriately addressed. The Neutral Vehicle Consortium at the University of Colorado is actively engaged in bringing forward fleet specific security recommendations and advance their adoption in the fleet industry.
  2. Fleet executives must appreciate that it will always be hard for “insiders” who have designed the system to take on the mindset of an outside intruder. The “bad guys” just think differently. Therefore, while it may sound counter-intuitive, “open systems” — those that are fully disclosed and documented — are actually more secure than closed systems that are only known to insiders and adversaries looking for vulnerabilities. In closed systems, the defender is on their own whereas in an open system the defender can enlist their system users as allies. Companies should also employ outsiders to assess the security system and look for weaknesses — this outside perspective and testing is crucial.
  3. Security is always a journey and never a destination. Adversaries will constantly always look for new and creative ways to break through; there simply is no such thing as a flawless system. Those who say otherwise either suffer from ignorance and hybris or are willfully lying. The key therefore is to start with a sound architecture, detect flaws early and patch them immediately. That’s why over-the-air patching using digitally signed updates is the third crucial component of any fleet security program.
  4. Finally, connected fleets do not exist in isolation. They typically rely on systems and components supplied by third parties who must follow the above principles in their systems.

Thus, fleet executives should be asking four critical questions:

  1. Does our fleet follow leading cybersecurity standards and is their implementation geared towards the fleet and transportation industry?
  2. Do we use outside experts to test/challenge our security program?
  3. Do we disclose security vulnerabilities and do we have a reliable system for over-the-air patching?
  4. Do our strategic partners have good answers to the above questions?

Asking these four questions — not just once but on a regular basis — and insisting on answers that are clear, unequivocal and understandable is a concrete way that fleet executives can and must take responsibility for managing cyber risks.

More from this author:

Securing the future of connected mobility

Open cars — The future of ransportation?

If you liked this post, let us know!


Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.

Get industry tips and insights

Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.

Republish this article for free

Other posts you might like

Hands on a steering wheel

Four major benefits of telematics for risk management in the public sector

Data-powered decisions help fleet managers mitigate risk in the public sector, where safety and efficiency are paramount.

July 9, 2024

Dash cam front view image

What is video telematics?

Video telematics uses AI dash cams and telematics data to provide near real-time insights into fleet operations. This technology enhances safety, improves driver performance, streamlines incident management, and boosts operational efficiency by offering actionable data.

July 3, 2024

Aerial view of cars in a parking lot

Public sector leaders’ unique outlooks on driving utilization and policy enaction

During this year’s Connect event, the session titled “Driving Utilization: Backing Up Policy with Practice” offered actionable insights on utilization, why it’s important to monitor and effective ways to manage assets and vehicles.

June 26, 2024

Person looking at a computer screen with the refleciton in their glasses

Data security and privacy with Geotab Ace

Learn how Geotab Ace™ keeps your fleet data safe with advanced privacy and security measures, providing powerful AI-driven insights.

June 12, 2024

View last rendered: 07/14/2024 13:01:34