Supply chain security: NMFTA highlights cyber risks from imported tech

The NMFTA's cybersecurity director warned the sector about the security risks posed by dependence on Chinese-made technological components.

The National Motor Freight Traffic Association (NMFTA) has issued a new security warning to trucking companies regarding the growing cybersecurity risks associated with the use of technology manufactured in China, according to a report by Commercial Carrier Journal.

In a recent association webinar, Ben Wilkens, NMFTA’s lead cybersecurity engineer, and Artie Crawford, the association’s director of cybersecurity, warned companies in the sector about the dangers posed by relying on Chinese-made technological components.

Wilkens explained that any component manufactured in China could be vulnerable to unauthorized remote access. He cited the case of port cranes sold by China to the U.S. at highly discounted prices, which ended up transmitting sensitive information about cargo and logistical movements.

This technological vulnerability, he emphasized, poses not only a business risk but also a threat to the nation’s critical infrastructure and even national defense.

Supply chain security concerns

These warnings come in the context of what the road transport industry has experienced in recent years. The uncontrolled rise in cyberattacks has revealed that, although companies may be prepared, threats remain constant. In this regard, Wilkens pointed out that in the ground transportation sector, technologies such as asset tracking systems can expose key information about the flow of goods, routes used, and resource logistics. This information could be exploited by malicious actors to disrupt operations or manipulate traffic signals, with potentially serious consequences.

Wilkens and Crawford stressed that the problem does not lie with any one specific technology, but rather with the entire ecosystem. Entry points for threats can be found anywhere within the technology stack, which requires a thorough evaluation of each component’s origin and manufacturing process.

While the goal is not to cause alarm, it is essential to understand how these systems are connected to the U.S. supply chain and infrastructure, Wilkens stated during the webinar. He also emphasized the need for security and technology companies to anticipate these risks before becoming overly reliant on vulnerable components.

Crawford also noted the need to relocate part of the manufacturing of critical components, such as chips, to the United States in order to reduce dependence on foreign suppliers, aligning with the policies promoted by President Trump.

Security recommendations for trucking companies

In an article published by CCJ Digital covering the webinar, it is noted that the NMFTA urges companies to ask key questions before purchasing any hardware or software:

Where was it manufactured and assembled?
Do any components come from countries with known security risks?
Has the device been rebranded under a different name?
What does the user agreement say about the origin of the code and the destination of the data?

Additionally, Crawford warned companies about the practice of white labeling, where the same device is sold under various names, making it difficult to trace. He recommends reviewing user agreements to understand how and where data is stored and used.

The NMFTA is currently developing a supplier checklist to help companies make informed decisions without compromising security—even when seeking low-cost solutions.