By Claus Herbolzheimer and Max-Alexander Borreck
This article first appeared in Forbes on June 28, 2017.
When Danish shipping giant A.P. Moller-Maersk’s computer system was attacked on June 27 by hackers, it led to disruption in transport across the planet, including delays at the Port of New York and New Jersey, the Port of Los Angeles, Europe’s largest port in Rotterdam, and India’s largest container port near Mumbai, according to reports. That’s because Maersk is the world’s largest shipping company with 600 container vessels handling 15 percent of the world’s seaborne manufactured trade. It also owns port operator APM Terminals with 76 port and terminal facilities in 59 countries around the globe.
The June 27 cyberattack is a clarion call to elevate cybersecurity to a top priority.
For the transportation and logistics (T&L) industry, the June 27 cyberattack is a clarion call to elevate cybersecurity to a top priority. Besides Maersk, press reports said other transportation and logistics industry giants were affected including German postal and logistics company Deutsche Post and German railway operator Deutsche Bahn, which was also a victim of the WannaCry ransomware hack in May.
While up until now hackers have seemed more preoccupied penetrating computer systems at banks, retailers, and government agencies – places where a hacker can find access to lots of money and data and create substantial disruption – the most recent ransomware attacks demonstrate that the transportation and logistics industry is now on hackers’ radar.
What is the Darknet?
T&L's increased digitization
Part of the increased interest in the industry is because of its own efforts to digitize. Over the past couple of years, the industry has been in the process of automating systems, turning paper into digits, and using advanced analytics to stay on top of needs of their customers. That has put more systems online and vulnerable to various attack weapons now so readily available on the Darknet – the hidden underbelly of the Internet where hackers, terrorists, and criminals cavort anonymously buying malware, stolen data, arms, and drugs.
The early, more obvious targets have upped their game in cybersecurity, and hackers who are relentless look down the chain for new avenues of entry. Hacking also has become not only a corporate business, but a nation state’s business. Here, nation states are looking for places where things are crossing borders regularly and for access to major industries and public infrastructure, such as the airports and ports that transportation and logistics companies operate.
The transportation and logistics industry also has characteristics that make it a particularly tempting target. First, the industry is a global one with tentacles into so many different industries around the world. Complex logistical chains are created around manufacturers, and often logistics companies are embedded within production facilities controlling inventory and handling on-demand needs of a plant.
Simultaneously, the industry is fragmented with large transportation and logistical giants working alongside tiny companies responsible for one short leg of a product’s long journey from raw materials, to production, to retailer, to consumer. This almost always means multiple technology systems are being employed, and multiple cybersecurity procedures of various degrees of rigor being followed. This fragmentation provides more opportunities for hackers.
Like with all forms of warfare, attackers will seek out the weakest link in any chain – the most vulnerable element – as a target. Why steal money from the bank with all its infrastructure and protections when you can steal it on the way to the bank?
Looking for the weakest link
Like with all forms of warfare, attackers will seek out the weakest link in any chain – the most vulnerable element – as a target. Why steal money from the bank with all its infrastructure and protections when you can steal it on the way to the bank? While efforts to protect it along the way are made, almost any criminal could tell you, it is almost always more insecure in transit.
We already see malware that allows for hacking of delivery robots and parcel lockers. Drones can be hacked as well as autonomous cars, and as these are used more and more for deliveries the potential for hijack increases. Drones could be flown into no-fly zones posing the possibility of attacks on planes. When we reviewed the Darknet, we found personnel data from a major transportation and logistics company, car entry hacks, and means to create fake parcel station identity.
Until now, the transportation and logistics industry has not prioritized cybersecurity except in cases where life was on the line, such as with aerospace manufacturers or airlines where the most sophisticated protections are used. But the direct costs from cybersecurity breaches are growing exponentially, and companies – even small ones – need to invest in new systems and more comprehensive risk management. By our projections, they can be expected to grow from $1.7 billion in 2015 to more than $6.8 billion by 2020.
No industry will be entirely safe from the threat of cyberattacks. But every industry must do its part to at least make the job of hackers hard.
Bringing security to fragmentation
The industry’s fragmentation and its requirement to operate within the various IT systems of its customers makes figuring out cybersecurity solutions more challenging and has led to lower investment. The industry also operates on low margins, making extensive capital expenditure on cybersecurity unattractive. That may be offset by the potential liability costs from hacks.
Increasingly, shippers and regulators will require transportation and logistics companies to guarantee the integrity of product and transport data, as well as ensure compliance with stricter cybersecurity laws. This will include carriers and forwarders, who are assuming central roles in supply chains as hubs for data exchange, making them high-value targets.
Taking precautions by installing security systems, such as firewalls and detection systems for denial of services attacks and other malware, is crucial, but insufficient by themselves. Cyber-risk management also needs to take into account personnel and organization failure.
Ultimately, adopting proactive cybersecurity risk management provides an opportunity for transportation and logistics companies to differentiate themselves. Forward-looking companies will begin to see a safer logistical offering as a competitive advantage, especially if attacks continue.
In the end, no industry will be entirely safe from the threat of cyberattacks. But every industry must do its part to at least make the job of hackers hard.