���ϳԹ���

From left: Ben Barnes with McLeod Software, John Paape with Roehl Transport and Joe Russo with Isaac Instruments discuss cybersecurity measures during a panel session at MCE 2025 in San Diego. (John Sommers II for Transport Topics)

[Stay on top of transportation news: .]

SAN DIEGO — Fleets that want to stay ahead of cybersecurity threats must remain in ongoing contact with their security providers, and ensure that every potential threat is quickly investigated and addressed, experts said.

“Carriers are getting better at doing security audits, and we have ramped up our focus,” John Paape, chief information officer at , said during a discussion on cybersecurity at American Trucking Associations’ 2025 Management Conference and Exhibition. “The challenge is that there is so much going on in the security space. Once you bring them into the circle of trust, you often don’t have time or resources to have ongoing discussions. Things can erode within a company if you don’t audit them frequently.”

Paape continued, “The lack of collaboration in two-way communication is a problem. Through a 30-minute conversation — a two-way street conversation — we can get so much more clarity. More collaborative and less paper-focused.”

Joe Russo, vice president of IT and security at , said, “It has to be part of the culture. You need to make your vendors accountable.”

But he was quick to note that fleets also must take responsibility for their own operations and the threat vulnerabilities they can control.

Image

“Inventory your assets,” Russo said “It’s the little things that get you. Do you supply USB keys? If so, are they inventoried? There are a lot of these little things we take for granted — that’s what attackers prey on. That’s where we turn a blind eye, and that’s where they get us.”

Paape noted every truck on the road is likewise a target.

“All of our trucks, and all of the different internet connections that they maintain — it’s kind of mind-boggling when you talk about all of those internet connections rolling down the road every single day. Certainly, that’s a concern,” he said.

And a lot of that connectivity is cloud-based, opening up another area of cybersecurity focus.

“Every carrier in the room today has services in the cloud, and they have services likely running locally in their offices or in their data center,” Paape noted. “So that multicloud hybrid architecture is really hard. It offers just a ton of opportunity to be exploited.”

For Roehl, that level of threat has led to a corresponding elevation in security spending.

“There’s applications and capabilities that we need to have to compete effectively in the market,” he said. “They result in a really complex security environment, and it just takes a big investment. Security spend for us goes up and up every single year, because we have to. If you don’t, you’re just not keeping up with all the bad guys out there.”

Russo noted for smaller fleets with limited resources, options still exist.

“You have to make someone responsible, and that doesn’t cost any money,” he said. “There has to be somebody that has a level of responsibility for your support. From there, you can find training material on YouTube. You can just do the basic educational things. If you start with your people … that is that is ground zero.”

The emerging use of artificial intelligence in cyberattacks presents an entirely new frontier.

“Last year, 16% of attacks were AI-driven,” Paape said, citing a recent IBM security report. “If you look at how quickly AI is being adopted, and the fact that only 16% of attacks [were AI-driven] last year, you know that’s going to really skyrocket. All of those bad actors out there are really excited about using AI for their businesses.

“We have to also adopt and use AI tools from a security perspective. We’ve implemented several just so that we can respond and keep pace with the complexity and speed of attacks that the bad actors are using.”

He added, “There’s lots of really ethical business uses for it; I think that’s really exciting. But on the security side, there’s tons of opportunities for helping it keep you safe.”

Russo said one limitation in trucking security is a lack of regulations or standards that the industry must follow, like those that exist for the health care and retails sectors. Absent that, he stressed, it’s up to fleets to ensure their security partners are doing the right things.

“Vet your vendors against other vendors just to confirm that what they’re selling you is not just marketing,” Russo said, “but an actual secure solution that is not going to increase your attack surface and not put your most prized possession — which is your data — at risk.”