When it comes to data and information, there’s a lot to worry about. “Recent years have brought us a slew of cyber breaches and attacks that have put millions of people’s financial data on the black market, exposed company secrets, and maybe even swung the 2016 presidential election,” writes Slates’s Jennifer Golbeck in What Cybersecurity Threats Should Most Worry You? “With so many attacks, it can be difficult to know where to start protecting yourself.”
Shippers aren’t immune to the risks, explains Jerry R Scott, Head Security Operations at DB Schenker Inc. In Global Cybersecurity Threats To The Maritime Sector, law firm Holland & Knight notes that cybersecurity risks to the U.S.’ critical infrastructure—including those impacting the transportation and maritime sectors— continue to grow.
“To date, the maritime sector has not seen mandatory cybersecurity regulations come to the forefront, but it is expected that the international community will move in that direction in the near future,” the law firm predicts. “Nation-states, non-state actors, hacktivists, and organized crime represent the range of attackers against the maritime sector. Ports, port operators, vessel operators, shipping companies, and others are faced with constant attacks that range from 21st century theft, to more critical risks to the sector as a whole.”
Here are three things, according to Scott, that every shipper should know about cybersecurity:
- Cyberhackers see over the road (OTR) trucks as “computers on wheels.” This is especially true in the age of the Internet of Things (IoT), where the trucking industry uses connectivity technologies to improve fleet efficiencies and increase productivity. Unfortunately, these technologies also open the door to potential cyberhackers who are eager to gain control of these “computers on wheels” for criminal and other nefarious motivations, writes Argus Cyber Security Ltd.’s Yoni Heilbronn in Trucking is an Economic Engine Prone to Cybersecurity Risk. For example, ransomware—in which a hacker is able to disable a truck completely, stranding its driver and goods until a ransom is paid—could “paralyze fleets on tight delivery schedules, strand drivers in remote locations far from basic amenities or security services and expose sensitive commercial details,” according to Heilbronn, who advises companies to establish multilayered lines of defense to thwart the criminals. Good tactics include securing the vehicles’ communications with the outside world, containing malware installations, detecting operating system anomalies, isolating suspicious applications, and thwarting any attacks attempting to penetrate or that have already penetrated the in-vehicle network.
- The shipping industry is dealing with a mix of internal and external threats. In general, there are two categories of cyber attacks that can affect companies and ships. Untargeted attacks include those where a company or a ship’s systems and data are one of many potential targets and untargeted attacks center on the company or a ship’s systems and data as the intended targets. The Maritime Executive singles out the growing complexity of ships, and their connectivity with services provided from shoreside networks via the Internet, as two key reasons that onboard systems are increasingly exposed to cyber attacks. “In this respect, these systems may be vulnerable either as a way to deliver a cyber attack, or as a system affected because of a successful cyber attack,” according to the publication, which advises operators to take special care in understanding how critical shipboard systems might be connected to uncontrolled networks. “When doing so, the human element should be taken into consideration,” the publication warns, “as many incidents are initiated by personnel actions.”
- Fleet security requires a five-pronged approach. The global supply chain is dynamic, growing in size and complexity and is vulnerable to a host of threats and hazards such as natural disasters, accidents, theft, and malicious attacks.
A security strategy, focused on the worldwide network of transportation, postal, and shipping pathways, assets, and infrastructures (including communications and information infrastructures), is an important step forward,” writes Security’s Bill Zalud in The Daily Challenges of Supply Chain Security. He says the five key areas of fleet security that companies should be focused on are:
- Visibility – real time cargo/asset location with environmental sensing capability for cargo integrity
- Validation – chain of custody, regulatory compliance, loss and incident forensics
- Performance – transit time, estimated time of arrival, destination acknowledgement and notification
- Risk mitigation – awareness and prevention of criminal activity, law enforcement engagement and assistance with recovery
- Efficiencies – least cost/time/risk routing, targeted areas for supply chain improvement, carrier evaluation, shipment history and exception analytics based on the shippers’ business rules
Don’t Wait for Something to Happen
Scott says, “Regardless of where the cyber-threats are coming from—or what they happen to be targeting at the time—vigilance and awareness both go a long way in making sure they never reach those intended targets.”
PwC points out in a Transportation & Logistics 2030, “When it comes to security, it’s especially important to look at future scenarios and manage security proactively. Reacting to crisis situations is not enough. Companies have to find the right combination of preventive and reactive measures to achieve the optimal level of supply chain security. We believe that companies need to consider the possible, not just the probable.”
