Cybersecurity in Shipping and Logistics

Cybersecurity has been a topic of growing importance over the recent years. With a push from many governing bodies, to sensational stories of disasters and mishaps when cybersecurity protocols are not properly observed, there are many valuable lessons to be learned.

The increasingly ubiquitous presence the internet plays in our daily lives has never been more apparent than over the past year. Work from home arrangements, business, and personal Zoom calls, and a dramatic upswing in online purchasing have all become the new normal. This translates to the sensitive data from our work and private lives being more accessible than ever.

Business are now faced with unique challenges and keeping pace with technological developments is becoming a necessity in all industries as every access point provides a new potential threat to their cybersecurity. The field of shipping and logistics has, in the past, been thought of as an industry that is traditionally slow to adapt to new and emerging technologies. However, over recent years shipping tech has entered the industry in a major way. The rapid adoption of new technologies, the international nature of global transportation, and the intrinsic involvement of many levels of layered partners, vendors, and service provider networks required to move goods from point A to point B can make for a perfect storm of cyber-threat to logistics companies, and we will show how criminals attempt to exploit data for their own benefit.

The biggest and most notorious story from the past year was the SolarWinds hack of US government information. Russian state sponsored hackers hacked into the IT management company SolarWinds as far back as March 2020 and was not discovered until December because of the extreme level of sophistication and elaborate planning. The hackers were then able to infiltrate the cybersecurity of an unknown number of victims, but the list includes the US Departments of State, Homeland Security, Commerce, and the Treasury, as well as the National Institutes of Health. SolarWinds was an easy entry point for the attackers to target and offered them a back-door into the US government’s systems which were extremely ill-prepared to defend and respond.

The important takeaway from this story is that the reason the US system was hacked is directly because of the vulnerability of their service partner SolarWinds’ security operations. Often times our network partners pose the biggest threats to our cybersecurity, and companies in the supply chain in particular deal with many different partners across various sectors. In this situation, an unknown third-party who was never contracted directly could offer the backdoor into a system or a partner system intended to be protected.

The maritime shipping industry has been specifically targeted in the past with all four of the world’s largest container shipping companies, APM-Maersk, Mediterranean Shipping Company, CMA CGM, and COSCO having been successfully targeted by cyberattacks with significant financial impacts and system shutdowns. In these events, it has not been the ship-based technology that has been infiltrated, but the shore-based networks.

Part of the COVID-19 vaccine security program includes a huge amount of coordinated effort to keep the development of the drugs and integrity of the supply chain free from cybersecurity threats and foreign state hackers. US officials have warned that state sponsored actors from the Chinese and Russian governments particularly pose a threat to our supply chain safety through use of hacking and targeted cyber-attacks. According to the FBI, they are combining cyber warfare tactics with more traditional espionage and human resource tactics to gather information, gain access to systems, and ultimately disrupt distribution. North Korean hackers attempted to hack into at least six US/UK pharmaceutical groups already, and IBM has warned that there is a global phishing campaign targeting the cold storage portion of the COVID-19 vaccine supply chain.

Freight-tech companies in the space have already pivoted and rebranded in response to the pandemic and other disruptions that have shaped the market over the past several years. The huge opportunities are for vaccine distribution and cold-chain transportation, both of which are fields that Falvey is deeply involved with. There is an expected concentration of that growth to be seen across the major existing logistics players such as UPS who have been charged with transporting millions of vaccine shipments across their operations. They have been monitoring these doses in a newly dedicated 24/7 Healthcare Command Center, and their use of GPS tracking, temperature monitoring, and related software management systems have been a major focus. This top-down industry focus has led to increased development among the big players and spurred many smaller companies and niche industry providers to invest in IoT innovations.

While the field of cybersecurity is a very in-depth one with many technical applications, the key takeaways that we want to express are the importance of being aware of cybersecurity, how the field can impact daily operations, and ways that criminals can specifically target supply chain professionals. Working with numerous third-party vendors is a part of the ecosystem that exposes our industry to potential threats, so we will conclude with some basic risk mitigation strategies.

1) Protect privileged access to information and systems only allowing for necessary information to appropriate parties.

2) Develop a comprehensive cybersecurity plan understanding the risks that you face and how to protect against them.

3) Monitor your systems carefully with a qualified team dedicated to protecting your sensitive and vital systems.

Understanding your risk, planning appropriately, and having an established course of action is typical protocol in any loss prevention program, and cybersecurity should be treated as a top priority for all companies in the modern business landscape.

Sources:

Russia's SolarWinds Hack Is a Historic Mess | WIRED

Senior intelligence official says China, Russia targeting COVID-19 vaccine supply chain | TheHill

How COVID vaccine transport will reshape freight tech - FreightWaves

All four of the world's largest shipping companies have now been hit by cyber-attacks | ZDNet

Four Ways to Protect Against Supply Chain Infiltration - Security Boulevard