NMFTA raises the bar on ELD security standards
NMFTA has developed several resources to help carriers validate cybersecurity.
ELD security standards are critical to the trucking industry. The National Motor Freight Traffic Association (NMFTA) has been working to promote awareness around this issue.
In May 2020, NMFTA published “Cybersecurity Requirements for Telematics Systems” as a resource to support government fleets and private industry stakeholders with the procurement of telematics and electronic logging devices (ELDs). A complete list of cybersecurity requirements is provided. The most up-to-date list can be found on GitHub.
NMFTA Open Telematics APIR (OTAPI)
Previously, NMFTA announced release 1.0 of the Open Telematics API (OTAPI) to enable business resiliency for motor freight carriers with tight integrations into telematics service providers.
OTAPI facilitates interoperability between telematics service providers’ interfaces and motor freight carriers’ systems by standardizing the data format and methods for retrieving telematics logs and data.
Release 1.0 focuses on the most business critical use cases, as identified by motor carrier contributors, to promote business continuity and a carrier’s ability to meet hours of service (HOS) reporting requirements in case of an extended business interruption/termination from an electronic logging device (ELD).
OTAPI will benefit the heavy vehicle industry by:
- Raising awareness of cybersecurity among motor carriers;
- Establishing baseline cybersecurity standards for telematics devices connected to commercial trucks, used by drivers of commercial vehicles and integrated into fleet operations/management systems.
Telematics procurement RFP templates for carriers
In addition, NMFTA released v1.0 Request for Proposal (RFP) templates for use by motor freight carriers during the telematics system procurement process. The templates are provided in a collection of Word and Excel files, and are intended to be distributed to telematics solution providers so they can respond with details about which requirements their products satisfy.
NMFTA is a nonprofit membership organization headquartered in Alexandria, VA, whose membership is comprised of motor carriers operating in interstate, intrastate and foreign commerce. It publishes the National Motor Freight Classifications, as well as assigns the Standard Carrier Alpha Codes and the Standard Point Location Codes.
Recommended: Tips for creating an effective telematics RFP
Making ELD security a priority
While price, ease of installation and functionality are often key considerations during ELD procurement, security is another factor that should be heavily considered.
It can be a challenge for fleet managers to ascertain what exactly they should look for when trying to assess the security policies and measures related to their telematics platform.
When evaluating an ELD solution, ask your provider about its security measures and procedures:
- How secure is the ELD?
- What overall security measures — from manufacturing, to hardware and software, data transfer and data storage — does the provider have in place?
- What happens in the event of a security breach?
As the December 16 ELD compliance deadline approaches, fleets are focused on compliance. During this time, cybersecurity should also be a priority. No longer confined to the IT experts, cybersecurity is a key responsibility of all fleet executives.
Geotab is proud to have partnered with NMFTA to help develop these telematics initiatives. NMFTA also worked with motor carriers and cybersecurity experts on use cases, feasibility and security services.
“Working with NMFTA to help develop these guidelines was an opportunity for Geotab to help raise telematics cybersecurity standards for fleets and solution providers,” said Ryan Brander, Associate Vice President, Security for Geotab. “The telematics industry worked with OEMs, commercial fleet owners, cyber professionals, and government representatives to develop the telematics template, with NMFTA coordinating the effort.”
“In the same way you expect your Windows computer, iPhone or Android to be secure, you should have the same expectations when buying a telematics solution. Thanks to NMFTA, fleets and owners/operators now have the tools they need to make an informed decision about the security of the product they are buying,” he said.
Geotab takes a rigorous approach to data security following the principle of continuous improvement, and is constantly reviewing, improving and validating our security mechanisms and processes so our systems remain resilient to intrusion and disaster. Geotab collaborates with leading stakeholders to advance security across the industry. Visit the Geotab Security Center for more information.
The future digital landscape is continually changing, but one thing is sure — the need for cybersecurity will never diminish.
The API Blueprint for Open Telematics API and RFP templates (Release 1.0) are both available on GitHub. Access these resources here.
NMFTA also offers a Heavy Vehicle Cyber Security (HVCS) list service, as well as HCVS workshops, documents and more. You also can learn more about cybersecurity for heavy vehicles at the NMFTA website.
Originally published August 29, 2019. Updated August 7, 2020.
If you liked this post, let us know!
Denise L. Rondini, president of Rondini Communications has nearly 40 years of experience covering the trucking industry.
Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.
Subscribe to the Geotab Blog
Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.
Republish this article for free
Other posts you might like
Geotab’s CVE-2021-44228 Response
The US Cybersecurity and Infrastructure Security Agency (CISA) recommends taking immediate action on the Log4j vulnerability.
December 15, 2021
ELD mandate: Suggesting edits to verified HOS logs
Learn more about new changes to driver log editing based on updated U.S. and Canadian ELD mandates.
November 10, 2021
Vehicle cybersecurity in a connected world
Cybersecurity is a process requiring vigilant monitoring.
September 10, 2021