COVER STORY
C
Addressing Technical Debt, Supply Chain Vulnerabilities
yberattacks can shut down even the largest and most tech-savvy logistics firms. Cyber crooks look for “attractive” data, vulnerable security, companies with systems and training that haven’t been kept up to date, and industries that have to respond quickly, or risk a lot. Cyberattacks cause harm and companies must manage the risk. Vulnerabilities exist all along breakbulk and project cargo supply chains. Anywhere that computers and connectivity exist, there is the risk of having digital data compromised and manipulated. Which means that investing in cybersecurity can create competitive advantages. All supply chain participants are at risk, even ships at sea. Cybersecurity expert Ken Munro with UK-based Pen Test Partners, said to Breakbulk: “The problem is primarily one of ‘technical debt.’ Ship security didn’t matter so much in the past, as there was very limited internet connectivity … VSAT [very small aperture terminal] changed all that. Now vessels 12 BREAKBULK MAGAZINE www.breakbulk.com
are always online, exposing decades of under investment … Operators and owners are now struggling to play ‘catch up’ and get ahead of the hacker.” The level of exposure may be exacerbated for vessel and asset owners whose “roots are in traditional loss control.” In bygone eras, security was related to specific times, places and operations. Cyberthreats know no bounds, according to Andrew Kinsey, senior marine risk consultant at Allianz Risk Consulting. “It is a race that is never going to be finished.” Kinsey said: “I sailed for many years with Maersk and they were ahead of the curve with cyber … but they were still subject to Andrew Kinsey an attack. Constant vigilance is Allianz Risk needed. The key Consulting
BY LORI MUSSER
is any terminal anywhere in world is a gateway into your network.” For carriers, a breach could be catastrophic. Munro said: “During test exercises, we have had remote control of steering gear, main engines, generators and navigational systems. A compromise of any of these could lead to serious incidents.” The threat of GPS jamming is particularly concerning. “The technology for short-range jamming is well within the reach of the average consumer. I believe that we will see a spate of jamming incidents,” Munro said. While penetration testing has been able to breach almost every onboard technology in an effort to help owners identify shortcomings, “it’s more likely that outages of shore IT systems will prevent a shipping line from operating,” Munro said. That, however, is no reason to be complacent. “IT and OT [operational technology] systems on board are also of interest to hackers. The opportunity to cause fluctuations in commodity prices by delaying shipments is a real possibility.” ISSUE 4 / 2021
