The 2024 National Motor Freight Traffic Association, Inc. (NMFTA)™ Cybersecurity Conference in Cleveland, Ohio, brought together trucking executives, cybersecurity experts, manufacturers, and policymakers for three days of sharing knowledge and strategies to combat cyber threats. If you couldn’t attend, here’s a quick recap of key takeaways and a preview of what to expect at next year’s conference in Austin, Texas.
Keynote highlights
Stephen Viña from the White House’s Office of the National Cyber Director opened the conference with insights on cybersecurity threats to critical infrastructure, including the trucking industry. Viña emphasized the importance of addressing threats from state actors like China, Iran, Russia, and North Korea and highlighted the vulnerabilities posed by ransomware and overreliance on widespread software systems.
“If you turn to your right and your left and have a conversation with your neighbors about your software suppliers, you will hear a lot of the same names,” Viña said.
Then he went on to emphasize several points that he believes the White House needs to make:
- Realigning incentives to think about long-term solutions, such as building cybersecurity into technology from the outset rather than bolting it on at the end.
- Dismantling threat actors by taking the fight to those who are attacking our critical infrastructure.
- Shaping market forces to drive security and resilience, such as software liability and the incentivizing of stronger software security practices.
- Memory safe programming languages and memory safe chip architectures will probably be part of these new strategies.
Viña’s call to action stressed the need for robust planning, collaboration, and vigilance to secure the trucking industry’s role in national infrastructure.
Industry perspectives
Daragh Mahon, executive vice president and chief information officer for Werner Enterprises, joined me for a fireside chat to talk through how his team uses proactive measures, such as demonstrating deep-fake risks to employees, to enhance awareness. Mahon stressed the importance of standardizing truck operating systems for cybersecurity, ensuring that autonomous vehicles remain secure and manageable.
Email vulnerabilities were another focus. Mahon noted that 95% of corporate attacks stem from email, urging businesses to adopt secure communication alternatives.
Todd Florence, chief information officer for Estes Express Lines, shared lessons from a recent cyber event, emphasizing the importance of having and exercising a robust incident response plan. He highlighted:
· Maintaining an up-to-date inventory of assets and vendors;
· Fostering strong vendor relationships; and
· Developing clear communication strategies for internal and external stakeholders during a cyber event.
Hands-on learning
One of the most engaging sessions was a Business Continuity Tabletop Exercise led by Ben Wilkens, cybersecurity principal engineer for NMFTA. This session brought to life many of the concepts presented throughout the conference and gave everyone a chance to game out a realistic ransomware event.
This session also allowed attendees to discuss their company’s existing business continuity plan with their peers and the presenters and benefit from everyone’s insights and expertise on how to minimize the impact of a cybersecurity incident. This session was one of the most talked about sessions of the conference due to the real-world practicality of being able to work and share with peers “what would you do?” scenarios.
Cyber insurance insights
Carrie Yang, senior vice president for Marsh Cyber Practice, spoke with NMFTA’s Wilkens about the role that cyber insurance plays in an organization’s risk management program. She highlighted that while insurance is one tool to manage cybersecurity risks, it is not a magic wand. Businesses must work to reduce their risk exposure through a solid cybersecurity program before even considering cyber insurance. However, once an organization does make the choice to add cyber insurance, there are many benefits that it brings, such as providing a bench of subject matter experts and partners that can assist not only in financially recovering from, but in preparing for and managing the response during any incidents that may occur.
Managing response during an event was also a key point of discussion with Mike Zupon, vice president of technology for Ward Transport & Logistics Corp., when we discussed lessons learned during yet another insightful fireside chat.
Real-world hacking challenges
Ben Gardiner, senior cybersecurity research engineer for NMFTA, and Pete Statia, director of information security and compliance for SAIA, shared results from DEFCON’s Car Hacking Village, where students attempted to hack a truck. This exercise provided valuable insights for original equipment manufacturers (OEMs) and suppliers while fostering hands-on learning opportunities for the next generation of cybersecurity professionals.
Looking ahead for 2025
Our 2025 conference will focus on practical applications, best practices, and collaboration within the industry. Attendees at the Austin, Texas, conference next Fall will walk away with actionable insights, stronger peer connections, and a renewed commitment to cybersecurity.
Mark your calendars today for the 2025 NMFTA Cybersecurity Conference in Austin, set for October 26–28. As the trucking industry’s only conference dedicated entirely to cybersecurity, it’s a must-attend event for staying ahead in an ever-evolving threat landscape.
Visit www.nmftacyber.com to learn more.
