About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events
Jul 15

RubinBrown’s Provider Education Portal Webinar: E/M Essentials for Residents

Learn More & Register
Sep 9

RubinBrown’s Rural Health Webinar Series

Learn More & Register

RubinBrown Sports Betting Index: April 2025 Analysis

Learn More

Outsourcing in Healthcare Financial Leadership

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Insights

Focus on Cyber Security: Security Weakness in Electronic Logging Devices (ELD)

Contact Us

Focus on Cyber Security: Security Weakness in Electronic Logging Devices (ELD)

Contact Us

linkedin image

On July 21, 2020, the FBI issued a Private Industry Notification (PIN 20200721-001) describing an industry and academic study performed on a set of self-certified ELDs identifying a number of security vulnerabilities. The vulnerabilities could allow an attacker to steal and corrupt data, and in some cases inject commands into a vehicle’s electronic control unit (ECU) to cause the vehicle to respond in unexpected ways. ELDs are designed to collect the log data from commercial trucks and provide a method to electronically send inspection reports to the Department of Transportation’s Federal Motor Carrier Safety Administration (DOT FMCSA). However, like any device with network connectivity, they are susceptible to electronic attack, disruption, and compromise. If the device is connected with shipment tracking or dispatching networks, an attacker could access those networks or cause disruption. And, like any device with network connectivity, if it was not designed with security in mind, it is highly probable attackers will figure out ways to use the vulnerabilities to their advantage.

Although the DOT FMCSA released the “Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems” in May 2020, many of the existing ELDs commercially available for the study were self-certified in 2019 and the security best practices may not have been implemented. Many ELDs are designed to use mobile devices to submit ELD information, so the security concern goes beyond the ELD itself and includes the network and devices in the network as well. Organizations must examine their entire connected network of trucks, ECUs, devices, application interfaces and computer systems to effectively identify threats, evaluate risks, and take appropriate action to protect the ELD solution.

Assessing and selecting an ELD solution requires up front diligence so an organization can incorporate the appropriate technologies and controls for ongoing due care. We recommend addressing the following questions as part of due diligence when selecting and designing an ELD solution:

  • Is there a data flow map to help understand where the data is created, collected, processed, transmitted and stored?
  • What are the threats and risks at each point in the data flow?
  • How is the information protected (e.g., encrypted) in motion and at rest?
  • Has the solution been independently tested for security vulnerabilities?
  • How is security built-in to the design and development process for the solution?
  • If used in combination with a cloud solution, does the cloud solution have an independent security assessment?
  • Does the solution require access to our internal network?
  • What are our responsibilities in managing the solution to keep it secure?
  • What other safeguards does the solution use to protect the integrity of data?

These questions are not a barrier to using new technology, they help identify potential issues and give management the information needed to make an informed decision. These same questions should be addressed for every critical system or solution in the environment. The risk assessment process should be applied at the information system as well as the organization level.

Additional technical reviews, configuration review, tracking and testing can be worked into the approach as well. The questions above are the just the first step in identifying threats and risks for ELD solutions.

Please contact the RubinBrown Cyber Security team for more information about ELDs or other security concerns.

 

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

 

 

 

 

Contact Us:

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2025 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance