FBI: “There are only two types of companies: those that have been hacked and those that will be”

Barcelona, October 18, 2018.- Cybersecurity in logistics is another variable to be managed with strategy, specialized professionals, method, tactics and constant monitoring. In the Internet of Things era, anti-kacked protocols are essential. This is what the More Than Shipping portal understands in the following reflection:

I am convinced that there are only two types of companies: those that have been hacked and those that will be.” These words belong to Robert Mueller, who was one of the longest-serving FBI directors in U.S. history with twelve years of service. Luckily, we haven’t seen any examples of merchant vessels or aircrafts hacked, but recent events have showed us that it is not the only way that hackers could target our industry. The risk of cyber-attacks on transportation modes continues to be significant, and each year, we see more and more cases that result in loss of critical data and money in logistics operations.

Former chairman of the Joint Chiefs of Staff, and U.S. Navy admiral, Michael Mullen, mentioned the seriousness of this issue back in 2012. He said, “We are vulnerable in the military and in our governments, but I think we’re most vulnerable to cyber-attacks commercially. This challenge is going to significantly increase. It’s not going to go away.”

Even though we’ve been clearly warned by the former Chief of Naval Operations, most people still underestimate the intensity of this threat. A possible cyber-attack on transportation systems could cost a lot more to our domestic and global trade than we are aware of.

In the United States, the government determines 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the country that their incapacitation or destruction would have a debilitating effect on security, national economy, national public health, or safety. Transportation is one of the key sectors among these 16, and is commonly referred as the “lifeline” of a country. From the freight point of view, transportation starts when a good is purchased as a raw material at its source, and does not stop until every single finished product reaches to its consumer. It basically keeps the nation running, and our economy wouldn’t survive without this physical connection.

When we look at the global picture, over 90% of the world’s trade is carried by the international shipping industry. In 2016, merchant vessels moved $1.5 trillion of cargo through U.S. seaports. The United Nations Conference on Trade and Development estimates that international shipping operations generate about $380 billion just in freight rates, equivalent to about 5% of total world trade. The world’s airlines also carry around 50 million tons of freight annually. Including the passenger transportation, aviation industry contributes over $660 billion to global GDP. Now, we have an idea of where transportation stands in our economy.

According to IBM’s Cyber Security Intelligence Index, transportation was the 5th most cyber-attacked industry in 2016. Because of its relatively weaker security infrastructure, it is an easy target for hackers. When I use the term “hacking”, most of you think that there is a group of computer experts, writing codes, and trying to breach our online systems remotely, but the biggest risk to cyber security is actually the human element. The International Maritime Bureau reported that more than 80% of offshore cyber, information and operational technology security breaches were the direct result of human error.

Surprisingly, the security risks caused by their own employees are usually ignored by the companies. For example, only 12% of maritime crew in the world had received any form of cyber security training. In addition, only 43% of the crew were provided a cyber security guideline for personal use of IT systems on vessels.

In addition to the human factor, usage of technology is increasing the vulnerability, too. The Transportation Systems Sector-Specific Plan released by the Department of Homeland Security states that the transportation sector is increasingly vulnerable to cyberthreats, as a result of “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.”

Awareness is growing, and trade associations are also encouraging companies to educate their employees. For the shipping industry, major organizations including International Chamber of Shipping, Baltic and International Maritime Council, International Association of Dry Cargo Shipowners and International Union of Maritime Insurance, have recently published the second version of “The Guidelines on Cyber Security Onboard Ships”. Last year, in the U.S., the “Cybersecurity Standards for Aircraft to Improve Resilience Act” was also introduced by Senator Edward J. Markey, requiring the FAA to develop cybersecurity guidelines for the aviation industry”. 

A computer attack: Cost the company more than US$2 million

For its part, Supply Chain Quarterly, offers all the details of a computer attack to a logistics company with terrible negative results:

“One of the biggest cybersecurity stories of 2017 was the NotPetya attack, which memorably hit shipping giant A.P. Moller – Maersk, causing it to shut down operations at 76 port terminals in four countries around the world. The attack caused delays and disruptions that lasted weeks and ultimately cost the company more than US$2 million.

According to the consulting firm Booz Allen Hamilton, this type of cyberattack should not be viewed as a one-time fluke. In its “Foresights 2018” special report, Booz Allen predicts that companies will see more of these types of cyberthreats in the coming year.

What made NotPetya different from other cybersecurity attacks is that it originated not with Maersk but as an attack on the Ukrainian tax software M.E.Doc, which then spread through compromised networks. Booz Allen describes these types of cybersecurity risks as “indirect supply attacks,” where cybercriminals infiltrate a small software provider or other supplier that operates within the supply chain of a much larger company. The ultimate target is not the original compromised company but larger Fortune 500 companies.

Another cybersecurity trend that supply chain managers should be aware of is extortion attacks on industrial control systems (ICS). In these cases, hackers gain access to a manufacturer’s ICS and demand that the company pay a ransom to prevent or mitigate any disruptions to operations. Automakers Nissan and Renault and pharmaceutical company Merck all experienced such attacks in 2017. In addition, there have been incidents of Eastern European criminals who have used such techniques against chemical manufacturing facilities, according to the report.

However, the report suggests that these types of threats will not be widespread. To successfully carry out such attacks, criminals will need to know not only how to gain access to a control system but also how to target the process being controlled. “Attacks of this nature will likely be beyond the reach of most cybercriminals and be limited to a small, niche group of technically savvy actors,” says the report.

Sources consulted:

Supply Chain Quarterly

More Than Shipping

Capital Link Inc

Cybersecurity Consultations in Logistics:

AndSoft

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s