Even the largest and most tech-savvy logistics firms can be shutdown through cyberattacks. Informative data, vulnerable security, companies with systems and training that is not up to date, and industries that response quickly is in a lot of risk. Which causes a lot of harm in the company. Breakbulk and project cargo supply chains is also vulnerable to cyberattacks. As long as there is computers and connectivity exist a risk of having digital data compromised and manipulated can be done which means companies will have competitive advantages if cybersecurity is investigated.
With all supply chain participants at risk, ships at sea is not an exception. Cybersecurity expert Ken Munro with UK-based Pen Test Partners, said to Breakbulk: “The problem is primarily one of ‘technical debt.’ Ship security didn’t matter so much in the past, as there was very limited internet connectivity … VSAT [very small aperture terminal] changed all that. Now vessels are always online, exposing decades of under investment … Operators and owners are now struggling to play ‘catch up’ and get ahead of the hacker.”
For carriers, a breach could be catastrophic. Munro said: “During test exercises, we have had remote control of steering gear, main engines, generators and navigational systems. A compromise of any of these could lead to serious incidents.”
The threat of GPS jamming is particularly concerning. “The technology for short-range jamming is well within the reach of the average consumer. I believe that we will see a spate of jamming incidents,” Munro said.
Penetration testing has been able to help company owners identify shortcomings with the breaching that is onboard on the technology, “it’s more likely that outages of shore IT systems will prevent a shipping line from operating,” Munro said. That, however, is no reason to be complacent. “IT and OT [operational technology] systems on board are also of interest to hackers. The opportunity to cause fluctuations in commodity prices by delaying shipments is a real possibility.”
Global logistics provider Blue Water Group was hit by a cyberattack in September 2020. In its year-end financial announcement the company confirmed, “Several IT systems have been shut down to stop and limit the attack.” An intensive organization-wide effort “ensured the operation, service and execution of the clients’ transports,” but an adverse influence on the company’s bottom line, related to lower efficiency and additional costs, was reported. The company nevertheless racked up record profits for the year.
Though news regarding cyberattacks don’t usually make the news, online research reveals many attack on project cargo and breakbulk movers which includes the attack from last August on North America’s largest flatbed trucker, Daseke, resulted in to a stolen data that is being posted to the dark web and the attack on Australian logistics giant Toll Group resulted in the services being offline for up to six weeks in the early 2020.
There are attacks that are not malicious that make some companies to try keep the attack quiet and some companies pays ransom quietly, against the general advice of law enforcement. “Collaborative cyber-threat information sharing is critical to the safety and security of our port,” said Thomas Gazsi, deputy executive director/chief of public safety and emergency management. The center will put the Port of Los Angeles at the forefront of maritime cybersecurity initiatives he said.
Help at Hand
Carriers, engineering, procurement and construction companies, railroads, ports, trucking companies, forwarders – all have been hacked. But help is available. Munro said: “There are a number of flags, classes, regulators and more who are helping drive ‘cyber’ forward, with varying success. The IMO cyber standard is a good step in the right direction.”
Kinsey added that we all depend on each other: “The big EPCs are relying on the shipping industry, truckers, barge lines, etc. That last mile depends on every piece of the supply chain. They deal with small operators. This isn’t a place where we want to exercise a cutthroat market approach. This is a place where we want to help each other.”
To help members navigate the digital age with information on real-time cyber incident detection or a recent attack against connected fleets by conducting cybersecurity educational outreach that was conducted by the American trucking Association.
Project Supply Chain Concerns
For the project cargo business, Kinsey said, cyber breaches can impact project delivery. “When we are looking at just-in-time delivery, the cost of an interruption along the supply chain has to include the ripple effect … With project cargo delivery, everything is based on the next step. If a module or compressor is delayed, we have a follow-on impact,” which can be significant if a project has to shut down for even a day.
Delay in Start-Up coverage is a cost of doing business that was constructed by Business interruption insurance. Business entity reputation risk or the negative public sentiment are some additional costs that is related to this project which can impact as a project substantially.
“Strategically, it’s difficult for an operator to know where to start. Where will investment show the greatest return? This is where a penetration test can help,” Munro said. Once the easiest routes to hack are identified and fixed, operators can “then get started on a program of improvement to comply with IMO MSC.428(98).”
Kinsey said: “Hand in hand with cybersecurity is making sure everything is up-to-date on networks,” allowing companies to “interface with customers who are updated. Mapping and tracking has come so far. Having an agile company now means having an agile network.” It is all part of the new cyber-aware industrial hygiene.
All in the same boat
There is plenty of help for transportation and logistics companies. Kinsey said: “The fact that this is an all-encompassing threat for everyone utilizing cyber helps.” There are frameworks and guidelines – NIST, Coast Guard, BIMCO, and others, he added. Some are marine- or transportation-related, but this is not just a marine threat.
Moreover, he said: “Make sure you work with your broker to ensure you have coverage. It is belts versus suspenders. You want to make sure you can operate successfully, and always do online updates, cloud backups, hard backups, etc., but you should still ensure you have coverage in the event of an incident.”
Unfortunately, “Most vessel insurance policies will specifically exclude cyber risk through Clause 380,” Munro said, but there may be cyber buybacks allowed, especially for those demonstrating good cybersecurity controls, and “silent cyber” cover is sometimes present through poorly worded policy terms.
Connectivity is the backbone of the transportation industry as it supports efficiency. “Hackers jeopardize these efficiencies and bring wider risk to your operations,” Munro said. Stopping them, or at least minimizing their impact on the supply chain, has become an all-hands-on-deck effort.
Article inspired from the Breakbulk
For more information please do contact us