Features 06.07.2023
Stormy Seas: Cybersecurity Challenges in the Logistics Sector
From Americold to SolarWinds, logistics companies have been, and continue to be, vulnerable to cyber attacks. Eugene Yiga investigates
Features 06.07.2023
From Americold to SolarWinds, logistics companies have been, and continue to be, vulnerable to cyber attacks. Eugene Yiga investigates
The logistics industry is a sector that involves planning, implementing, and controlling the efficient and effective flow and storage of goods, services, and related information from the point of origin to the point of consumption. It often includes transportation, warehousing, distribution, and inventory management. It’s also constantly adapting to new and innovative technology to maintain its competitiveness. This opens it up to threat actors that may not have previously paid attention to it.
“Logistics is a cyber-physical business,” says Ian Schmertzler, president and CFO of Dispel, a company on a mission to connect people to their industrial control systems, wherever they are. “You have the problem of proving the asset is genuine; tracking the asset’s location, condition, and possession in real time; and physically getting that asset between two locations.”
One of the most common cyber challenges in the logistics sector is the risk to information management. But given that cyber challenges are no different for logistics organisations to those in any other sector, vulnerabilities in critical software applications can cause outages that have severe consequences for the business.
“A cyber doomsday scenario for a logistics business would be a ransomware attack that can bring business operations to a complete halt, devastate their brand reputation, and cause their most valued clients to switch to competitors,” says Damir J. Brescic, CISO at Inversion6, a cybersecurity risk management provider that offers tailored security solutions paired with innovative technologies. “Additionally, I could see a disgruntled employee with just enough permissions to conduct a similar scenario to a ransomware attack if proper cybersecurity controls are not in place.”
Because logistics companies run on uptime and availability, denial of service attacks are another common fear. This would involve malicious actors flooding the network with so much traffic in the form of bogus requests to prevent legitimate users from accessing it. At the point when critical applications cannot function, the attackers might request a ransom to stop the denial of service and bring the business back online.
“I could see a disgruntled employee with just enough permissions to conduct a similar scenario to a ransomware attack” Damir J. Brescic
“The catastrophic event for logistics firms is when a warehouse’s operational technology gets hit with ransomware, so none of the goods can be picked, processed, or pre-packaged using the equipment the facility depends upon,” says Schmertzler. “Equally damaging is when the inventory tracking database is scrambled. A less catastrophic event is when someone steals goods or inserts fake products into the supply chain by adjusting the manifest. With ransomware, the damage is roughly equivalent to a bridge collapsing outside the plant. Goods can’t get where they are needed, customers get angry, delivery guarantees get breached, and knock-on effects on consumers of those goods start stacking up. With fake goods and the theft of goods, the impact is self-explanatory.”
And yet it’s not just a case of customers becoming frustrated if a system is slow or unresponsive. Logistics also includes tracking of vehicles, vessels, and their contents; therefore changing the routing of packages and containers to the wrong shipping method would be catastrophic. Just imagine the logistics nightmare of the wrong materials being in the wrong container on the wrong vessel and not realising this until the material reaches its destination. That’s why it’s critical to reverse any attacks or disruption to a system’s performance as soon as possible so that orders are processed, and shipments are fulfilled.
“Damages cause delays or interruptions to logistics operations, interruptions to enterprise resource planning, network outages so orders can’t get entered, and theft of customer information that hurts a brand’s reputation,” says Vincas Ciziunas, research principal at Nisos, a managed intelligence company whose services enable cybersecurity, corporate security, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs.
“Logistics giant J.B. Hunt recently filed a lawsuit to Avtex Solutions for breach of contract due to a software vulnerability that disrupted J.B. Hunt’s online driver recruiting platform,” explains Ciziunas. “While the business impact was not specifically defined, we can assess the attack disrupted J.B. Hunt’s ability to recruit drivers in a timely fashion, thus leading to logistics delays.”
Another case was when Expeditors International of Washington Inc. had to defend itself in court against its long-time customer iRobot Corp., seeking $2.1 million (£1.65m) in damages amid allegations of breaching contractual obligations due to a cyber attack. That’s why an ecosystem that is secure by design and enabled with resilient solutions is crucial to mitigate the risks associated with cyber threats.
“A first step may be to conduct a thorough risk assessment of all areas of operations and develop a comprehensive security strategy that addresses each identified area of vulnerability,” says Joe Giranda, director of sales and marketing for CFR Classic, a company specialising in international car shipping and relocation. “This process alone will often involve deploying advanced technologies such as automation, machine learning, artificial intelligence, and cloud computing services to strengthen the system’s security. I also strongly advocate investing in regular security audits and training staff to recognise the signs of a potential cyber attack. As the greatest assets in any company are its people, teaching staff how to recognise and respond quickly to threats can help limit the damage caused by cyber attacks. If they are better positioned to respond quickly and efficiently, it can also help in the recovery process.”
So, what else can logistics companies do to improve their cyber resilience? The simplest and least expensive place to start is reading and following the cyber resilience standard NIST SP 800-160 volume 2. Like other industries, logistics companies should also conduct a cyber controls assessment to identify all of the areas of risk throughout the entire enterprise. After completing that, executives would need to address any gaps identified in the assessment.
“As the gaps are being remediated, it would also be a good idea to conduct regular tabletop exercises at appropriate intervals with all the key members of the organisation to review and practice their plans in case a real cyber incident was to occur,” says Brescic.
Companies also need to understand that outdated legacy tech and legacy processes are a concern in the logistics sector. Granted, they are not as critical to logistics companies as to oil and gas or manufacturing industries. Still, it’s important to ensure vulnerabilities in commercial software used on these networks are patched to ensure network availability remains a priority.
“This would greatly depend on how serious a logistics company takes their cybersecurity posture maturity,” says Brescic. “It would be a great embarrassment if a well-known logistics company gets compromised due to legacy technology, especially in this day and age. Companies that take the extra measures to improve their cybersecurity posture by advancing aspects such as cyber hygiene and recovery controls have been found to do better to thwart certain attacks.”
Because ease of use is critical in transporting products between destinations, logistics company networks are often flat, with little segmentation between corporate and production environments. Additionally, legacy systems are often vulnerable to modern threats and lack the features necessary for defending against advanced cyber criminals. It’s no wonder they’re a risk.
“All this makes them more susceptible to data breaches, malware attacks, and other malicious activities,” says Giranda. “Compliance violations due to a lack of oversight or control will also become a concern, as regulations require up-to-date security measures to protect customer data.”
“Resilience for logistics organisations starts with ensuring patch management is up to date for critical applications”Vincas Ciziunas
Ultimately, given that we’re now in an era where processes and systems are increasingly automated, an operational interruption in the logistics sector would mean the inability to move goods from one point to another or process orders quickly, which causes delays in shipping and receiving of items. On a broader scale, it could lead to disputes between customers and suppliers due to a lack of delivery or timely services. If mismanagement is at fault for the interruption, it could also damage the company’s reputation and lead to a drop in customer confidence.
“Cybersecurity resilience for logistics organisations starts with ensuring patch management is up to date for critical applications used for transporting goods and services, with particular focus on defending against denial of service attacks,” says Ciziunas. “In addition to patch management, identity access management, multi-factor authentication, actionable threat intelligence customised to the organisation and industry, and endpoint detection and response are critical defence mechanisms that will keep logistics companies out of hot water.”