Tag Archives: transportation

When Hackers Take the Wheel

Operator errors, driving under the influence, and product defects have long been blamed for catastrophic accidents in the transportation industry. However, recent headlines revealed how cyber risk has emerged as a new and disturbing threat to airlines, railways, auto manufacturers and ocean cargo carriers.

Those in the transportation sector have embraced the “Internet of Things” and transformed what were once far-reaching concepts into some of the most common components of the cars they manufacture and the planes they fly. They often rely on a secure internet connection to function safely and efficiently. Recent headlines, however, raised concern and started a debate: Can the transportation sector be hacked? If so, what are the consequences?

Automobiles

In July 2015, Fiat Chrysler announced a recall of 1.4 million vehicles after white hat hackers demonstrated that they could take control of a Jeep Cherokee’s braking systems, change vehicle speed and affect operation of the transmission, air conditioning and radio controls. Hackers gained remote access by exploiting a software vulnerability in the vehicle’s Uconnect entertainment system.

The stakes have been raised even higher with recent advances made in the development of driverless cars, as more vehicles will become completely reliant on secure technology. Safety concerns were raised after a series of crashes allegedly caused by the failures of Tesla’s Autopilot technology, resulting in the death of a passenger. This prompted Tesla to announce efforts to improve its Autopilot software, including “advanced processing of radar signals.”

See also: How to Measure ‘Vital Signs’ for Cyber Risk  

The Department of Transportation has also recognized the risks associated with technology. In January 2016, the department entered into an agreement with 17 major automakers to enhance driver safety, including information sharing to prevent cyberattacks on vehicles. According to the agreement, the National Highway Traffic Safety Administration will propose industry guidance for safe operation for fully autonomous vehicles.

Planes

Boeing recently became the subject of a hacker demonstration when a security researcher accessed the entertainment systems of one of the company’s planes in mid-flight. Boeing was adamant that the hacker could not have gained access to the aircraft’s critical functions due to segregation of the two networks. However, the incident raised concerns throughout the airline industry, and an FBI investigation followed.

Railway Systems

German security researchers SCADA Strangelove demonstrated, without naming the rail systems in question, that they, too, are vulnerable. Their December 2015 report highlighted vulnerabilities related to outdated software, default passwords and lack of authentication. Moreover, entertainment and engineering systems were operating on the same network, leading to speculation that if one system is compromised hackers could gain access to the other. Because rail switches are automated and dependent on properly operating networks, the theory of a system compromise leading to a head-on collision with another train was explored in the report.

Marine Shipping

An investigation by Verizon Risk concluded that modern-day pirates are increasingly relying on network intrusions as a means to carry out crimes on the high seas. Verizon concluded that an unidentified shipping company’s networks were penetrated by hackers, giving them precise information on which ships were carrying the most valuable contents. Hackers then targeted their attacks on specific vessels, using bar codes to focus on individual shipping containers.

As of this writing, we have not seen any incidents of bodily injury or loss of life in the transportation sector directly attributed to a deliberate network compromise. Yet the findings of various researchers across multiple transportation sectors lead to some alarming conclusions. Law enforcement and transportation safety regulators have taken these findings seriously and conducted investigations of their own.

We can therefore expect with some degree of certainty that the transportation sector may be held to higher cybersecurity standards and will see increased regulatory scrutiny that has been witnessed in other industries, such as healthcare and financial services. When networks containing sensitive data may be compromised, regulators that oversee that industry often propose protection standards that ultimately become mandates. Failure to comply often leads to lawsuits, settlements, fines and significant reputational harm.

See also: Protecting Institutions From Cyber Risks  

Until then, the transportation sector can start by following the best practices as outlined in the National Highway Traffic Safety Administration’s “A Summary of Cybersecurity Best Practices,” published in October 2014 . Key observations and recommendations include:

  • Cybersecurity is a life-cycle process that includes elements of assessment, design, implementation and operations as well as an effective testing and certification program.
  • The aviation industry has many parallels to the automotive industry in the area of cybersecurity.
  • Strong leadership from the federal government could help the development of industry-specific cybersecurity standards, guidelines and best practices.
  • Sharing learning with other federal agencies is beneficial.
  • Use of the NIST cybersecurity standards as a baseline is a way to accelerate development of industry-specific cybersecurity guidelines.
  • International cybersecurity efforts are a key source of information.
  • Consider developing a cybersecurity simulator. It could facilitate identification of vulnerabilities and risk mitigation strategies and can be used for collaborative learning (government, academia, private sector, international).
  • Cybersecurity standards for the entire supply chain are important.
  • Foster industry cybersecurity groups for exchange of cybersecurity information.
  • Use professional capacity building to address and develop cybersecurity skill sets, system designers and engineers.
  • Connected vehicle security should be end-to-end; vehicles, infrastructure and V2X communication should all be secure.

The transportation sector is yet another industry that must learn to adapt to the systemic nature of cyber risk. Because of ever-increasing reliance on evolving technology, cyber risk will certainly begin to move toward the top of the list of transportation safety concerns. The captains of this industry can no longer claim ignorance to cybersecurity issues or completely delegate responsibility. They owe a duty to safeguard the flow of information that effectively keeps our planes airborne and our cars on the road. Failure to do so could be catastrophic.

What An Employer Can Do To Reduce Soft Tissue Injuries In The Transportation Industry

The trucking industry accounted for nearly 20 percent of all days-away-from-work cases in 2011. Correspondingly, trucking was among the seven occupations which had an incidence rate greater than 300 cases per 10,000 full-time workers and who had greater than 20,000 days-away-from-work cases.

OSHA defines a Musculoskeletal Disorder (MSD) as an injury of the muscles, nerves, tendons, ligaments, joints, cartilage and spinal discs. They identify examples of Musculoskeletal Disorders to include: carpal tunnel syndrome, rotator cuff syndrome, De Quervain’s disease, trigger finger, tarsal tunnel syndrome, sciatica, epicondylitis, tendinitis, Raynaud’s phenomenon, carpet layers knee, herniated spinal disc, and low back pain.

The average cost of a work-related soft tissue injury in the trucking industry exceeds any other industry. According to the U.S. Bureau of Labor Statistics (BLS), Musculoskeletal Disorders nationwide typically account for 33% of work-related injuries, while the incidence of Musculoskeletal Disorders in the transportation industry is 60-67%. The Bureau of Labor Statistics also noted that there were 1.4 million total transportation workers, and each year 1 in 18 is injured or made ill by the job.

These higher rates of injury can be attributed in part to several factors. Due to the nature of their work, many drivers maintain a poor diet, rarely get enough sleep, and are sedentary. As a result, they find themselves more susceptible to heart attacks and diabetes, as well as a myriad of strains, sprains and various other Musculoskeletal Disorders.

Additionally, the percentage of older workers is higher in transportation than in most industries, with the Transportation Research Board estimating that up to 25 percent of truck drivers will be older than 65 by 2025, translating into more severe Musculoskeletal Disorder claims.

These factors are contributing to more workers’ compensation claims for drivers which increase employers’ costs. As part of the job, many truck drivers are required to unload the goods they transport, leading to serious sprains and strains. Heavy lifting after long periods of sitting can increase the likelihood of severe sprains and strains. In addition, drivers often rush at the delivery site in an effort to meet the demands of tight schedules. This combination contributes to 52% of the non-fatal injuries in this industry, with trunk and back claims accounting for 70% of these cases.

Due to its unique workplace circumstances, the commercial transportation industry is at higher risk for increased frequency of injuries and costs to the industry. The following describes the framework of this dilemma:

  1. Commercial transportation jobs expose workers to high physical demands and extended hours of exposure.
  2. The transportation industry experiences one of the highest work-related injury rates among all workplace sectors.
  3. The transportation industry experiences a high level of turnover on an annual basis, which results in a high number of newly hired employees exposed to unfamiliar and physically demanding tasks.

While this is an industry-wide issue, we will focus on California in order to illustrate how problematic it truly is. In March of 2010, the California Workers’ Compensation Institute (CWCI) issued its latest scorecard for the California Trucking Industry. Over eight years, $480 million dollars was paid in medical and indemnity costs alone. The study found that, even though this industry accounted for only 1% of all California industrial claims, they accounted for 1.8% of the state’s workers’ compensation paid benefits. It was also found that medical and indemnity payments were higher than any other industry. The average lost-time direct claim cost at $18,587 is 41% higher than the industry average in California. The indirect costs in this industry range from a 2x to a 10x multiple, and in an industry known for low profit margins, controlling costs is critical.

It should also be noted that California can retain jurisdiction of a workers’ compensation claim even if the injury did not occur in that state; the employee only has to live in California, drive through California or have been hired out of California. This is such a significant problem that in 2010 the U.S. Department of Transportation initiated the Compliance Safety Accountability measure of driver’s fitness. This is specific to transportation, is publicly available, and the ratings are tied to insurance rates and letters of credit.

With the numerous reforms taking place in 2013 and the Centers for Medicare and Medicaid Services (CMS) Mandatory Reporting Act, it is now essential that employers become proactive and only accept claims that arise out of the course and scope of employment. Medicare has mandated all work-related and general liability injuries be reported to CMS in an electronic format. This means that CMS has the mechanism to look back and identify work comp-related medical care payments made by Medicare. This is a retroactive statute that will ultimately hold the employer and/or insurance carrier responsible for these payments.

Should CMS have to pursue the employer in court, the amount owed is doubled. The insured or employer could pay the future medical cost twice — once to the claimant at settlement and later when Medicare seeks reimbursement of the medical care they paid on behalf of the claimant. There is no statute of limitations on compliance with the MSA requirements. CMS can review claims closed last year, five years ago, or even longer to check for compliance. Penalties and fees for noncompliance are $1,000 per day if medical care is not paid within 30 days.

Historically, soft tissue injuries have been difficult to diagnose and even harder to treat due to the broad spectrum of disorders related to soft tissue. Most diagnostic tests are not designed to address Musculoskeletal Disorders and are unable to document the presence of pain or loss of function … two key complaints.

Employers need a way to manage their Musculoskeletal Disorder exposure and provide better care to their injured workers. The key to managing this problem is for employers to obtain the ability to only accept claims that arise out of the course and scope of employment. The only viable solution for employers is to conduct a baseline soft tissue assessment in order to establish pre-injury status. The baseline must be job and body part specific and objective to comply with the Americans with Disabilities Act Amendments Act of 2008.

The baseline assessments are not read or interpreted unless and until there is an injury. By not identifying a potential disability, employers are able to conduct baseline assessments on new hires as well as existing employees while maintaining compliance with the Americans with Disabilities Act Amendments Act. If there is a soft tissue injury, the employee is sent for a post-loss assessment to determine what and if there is any change from the baseline assessment. If no change is noted (no acute pathology), then there is no valid claim. This proven baseline program is known as the EFA Soft Tissue Management Program (EFA-STM Program), which utilizes the Electrodiagnostic Functional Assessment to objectively provide this data.