• Home
• Used vehicles
• Product news
• Dealer news
• Compliance
• Buying advice
• Archive

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192

THE DATA DRAIN

Zoom page

16th March 2006

Page 55

Page 56

Page 57

Page 55, 16th March 2006 — THE DATA DRAIN

Close

Noticed an error?
If you've noticed an error in this article please click here to report it so we can fix it.

Which of the following most accurately describes the problem?

Please select an option... Headline has errors Article text has errors Article is incomplete Submit

An increasing tendency for telematics service providers to 'host' users' data and make it available online has raised some concerns about data security. Robin Meczes reports.

Telematics systems are well-known for the reams of data they generate. From where your trucks have been and how fast they've been going, to where they are right now and what time they'll he arriving at their destination, there's not much about the status of your vehicles and loads that can't he recorded and transmitted electronically.

But that can be a bit of problem. Because increasingly, according to data security specialists, criminal gangs who are seeking to target vehicles and loads are relying on information about locations, times and consignments— and they're extracting this crucial data straight from the truck operator's own telematics system.

Stephen Spoonamore, chief executive officer of US data security consultancy Cybrinth, says the increasing use of telematics systems is something criminals are beginning to take advantage of in the US.They're even altering electronic manifests in transit so that goods or vehicles are delivered straight into their hands at the location of their choice.

Speaking at a recent truck security seminar, Spoonamore identified two major security weaknesses that criminals can exploit to access telematics data.

Inadequately protected First, the information gathered by or sent to onboard data collection devices on trucks is often transmitted without any kind of encryption, making its interception and interpretation a relatively straightforward matter. Second. the computers used to host management data once it has been received are often inadequately protected against hackers.

Extracting consignment information from passing trucks isn't as simple in Europe as it is in the US, thanks largely to the use here of digital communications systems (GSM and GPRS in particular) as opposed to the older analogue mobile systems still used in the US.

But it certainly isn't unknown for trucks to be diverted by bogus messages —electronic or otherwise— and Spoonamore advises all fleet operators to instruct drivers who receive any sudden changes to their instructions via electronic means to double-check with a quick phone call back to base.

Spooner also wants to see telematics system providers do more to protect customers' data —by encrypting the data streams between trucks and the central data repository, and by bolstering their office security.

Office security, he says,is a particular concern. Where telematics service providers host their customers' data, operators should make it their business to find out what security measures the service provider has in place. In particular, they should know what their contract says about liability if the data becomes lost or is compromised.

Who carries liability?

"A lot of service providers guarantee 99.99% access to data and that's fine," he says. But access for whom? And who carries the liability if that data is compromised? If you ask your service provider they'll often freak out."

This point is taken up by David Faithful, a solicitor at Solihull legal practice Lyons Davidson. Many contracts won't have anything in about liability at all.., and it's very unlikely the contract will specify what the provider actually has to do [to protect the data]," he warns.

Faithful adds that if the contract contains nothing about liability it could easily lead to a claim against the service provider if a vehicle or load is stolen as a result of lax data security. This is especially likely when insurance companies are involved.

"From the insurer's point of view, if they cover a vehicle or load and it transpires the reason it was stolen was because someone gained access to information through the third party, ie the telematics service provider, they'd certainly have a go at them," he says.

That's a problem for the service provider rather than the vehicle operator, of course—as long as the operator has done his bit by informing insurers about the telematics equipment in the first place.

Faithful warns: If insurers can find a way of getting out of paying out on a policy they will often do so. So if there is a situation where if you have telematics fitted to your vehicles and you've not told your motor insurer, and that's the reason for a vehicle or load being targeted by thieves, then as sure as eggs are eggs they will pull cover and not pay the claim."

It's also important that employers ask the right questions of their telematics service provider. He adds:-If it's your vehicle, your employee and your data, you shouldn't just give it away willy-nilly.

Insure against risk

-Good service providers will mention liability and will have their own insurance against that risk — but some of them won't even have thought of the question..."

That view appears to be largely borne out by the telematics services providers themselves. In a recent straw poll of 24 firms who provide telematics services in the 11K -including four truck manufacturers who market their own systemsonly 13 firms (54%) were prepared to comment on their security measures (see survey panel below).

Of these,11 firms did suggest that the data passing between vehicles and base station was encrypted or encoded in some way But only two of them RoadTech Computer Systems and RTL -stated that they would bear contractual liability if data held by them was lost or misappropriated.

Two of them-Siemens VDO and TISS stated that they would not bear contractual liability for lost or compromised data, which at least tells operators clearly where they stand.

But over half of those who responded despite much talk about firewalls, backup procedures, staff vetting and other measures designed to ensure data security -failed to answer the question about liability with any clarity. Also somewhat worrying was the fact that II of the 24 companies who were contacted (46%) were either unwilling or unable to provide any clarification of their security measures. VolvoTruck Sz Bus declined to comment on its security measures, citing security considerations.

Wake-up call All of which leaves the matter rather unresolved from the vehicle operator's point of view. But one thing is clear: users and potential users of telematics systems who are concerned about data security would do well to check out their service provider's security measures and, above al I, check their contracts carefully on the liability issue if the provider is hosting their data.

Spoonamore's advice is simple: If they suggest that they bear no responsibility, you need to wake up as a user and make a decision about how you are contracting with them." •