10 minute read
SUPPLY CHAIN COLLABORATION: THE BEST DEFENSE AGAINST CYBER CRIME
By John Weir, Government Services, Sales and Marketing, Crane Worldwide Logistics
Physical threats and cargo crime have long been acknowledged within the international transportation environment. According to freight security firm CargoNet, rates of physical cargo theft have been dropping in recent years. In Q3 of 2015, cargo theft incidents in the US and Canada were down 23 percent from the same period in 2014. Industry experts are quick to warn that this reduction is not because of an overall drop in criminal activity, but because there is a shift from traditional cargo theft to cybercrime—the next generation of crime that will threaten the transportation industry, and may pose a far greater menace. As we move increasingly to digital information systems, the threat to our information systems, software and networks grows in parallel. Cyber security in the transportation environment is generally referred to as a subset of supply chain security and includes the threats of cyber terrorism, malware, data theft, as well as Advanced Persistent Threat (APT). The logistics industry has embraced technology with high expectations of seamless transactions, upto-the-minute information and user-friendly interfaces. There is increased sharing of information between providers and their customers, often through web-based applications which are vulnerable to hackers. Add to this advanced tracking and tracing systems using RFID tags and GPS systems, and you have a wealth of information on every shipment at each step of the supply chain. While visibility and transparency is integral to effectively managing your supply chain, it’s also incredibly powerful, and leaves organizations vulnerable when it falls into the wrong hands.
SUPPLY CHAIN CYBERCRIME Cyber-attacks have been growing in number and in sophistication, and have already presented demonstrable risk through its targeting of carriers, ports, terminals and other transport operators.
CYBER THREATS
CYBER TERRORISM The use of computer network tools to shut down critical national infrastructures (e.g., energy, transportation, government operations) or to coerce or intimidate a government or civilian population.
MALWARE Software programs—such as viruses, worms, Trojan horses and spyware—designed to damage or do other unwanted actions on a computer system.
DATA THEFT The act of stealing computerbased information from an unknowing victim with the intent of compromising privacy or obtaining confidential information.
ADVANCED PERSISTENT THREAT A network attack, designed to steal data rather than cause damage, in which an unauthorized person gains access to a network and stays there undetected for a long period of time.
For surface carriers, a growing challenge is the theft of physical cargo, facilitated with cybercrime, through ‘fictitious pickups’. These schemes leverage a form of identity theft, with thieves seizing shipment and carrier information, and impersonating or creating fictitious trucking companies in order to collect and abduct cargo, defrauding shippers and carriers at numerous points along the supply chain. So well executed are these heists that cargo is willingly handed over to thieves by carriers or shippers, never to be seen again. Rates of fictitious pickups are rising, but go underreported due to a reluctance of victims to report crimes of this nature, as it exposes failures on their part to vet carriers responsibly.
For ocean carriers, cybercrime has seen pirates hack carrier IT systems to access bills of lading in order to efficiently locate and target attacks on valuable cargo. The attacks are executed not only on specific vessels, but on particular containers on board, with well-informed pirates knowing details of the contents and location of these containers in advance.
Cybercrime has also facilitated the international trafficking of drugs aboard vessels, the greatest example being the 2013 Port of Antwerp saga. The cyber-attack saw drug traffickers recruit hackers to breach IT systems that controlled the movement, location and security details of shipping containers. Emails to port staff embedded with malicious software, and later key-logging devices installed during a break in, allowed the criminals to access data remotely. Cocaine and heroin were hidden among legitimate shipments from South America, and upon arrival in Antwerp the stolen data allowed traffickers to intercept and seize the cargo with their own trucks before the true owner arrived.
No industry is immune to cybercrime, but for the transportation industry, the stakes can be far greater than loss of personal property.
ONLY AS STRONG AS THE WEAKEST LINK In the past, intense competition has hindered the process of information sharing in the transportation industry. In the commercial world, manufacturers, freight forwarders and carriers have been reticent to share the information that they would readily make available to one another due to the underlying fear of protecting their unique sale. However, as the pressure of globalization and competition continues to increase, transparency of information is in fact becoming a key differentiator in an effective supply chain. In the past, strategic procurement of a supply chain partner would give emphasis to cost-reduction. This approach is now seen as wholly outdated. A 2015 survey by Accenture of 225 organizations worldwide found those that had mastered procurement by collaborating with suppliers spent half as much on managing their supply chain as businesses without a collaborative model, yet saved 30 percent more. 1 There are numerous quantifiable benefits to developing collaborative supplier partnerships, related to improved quality, accuracy and efficiency. Another advantage to collaborating closely with select trusted suppliers, rather than juggling many, is reducing access points and therefore limiting cyber security risks in the supply chain. Businesses often allow vendors access to their systems to conduct their work, and the more suppliers you allow access, the more inroads you begin to open up for hackers to exploit. With such a high volume of information being exchanged across multiple platforms at one time, the risk of exposure to cybercrime is significant. When information and security is linked across a supply chain, as it so often is in order to share information, the cyber-security of any one organization in that chain is only as strong
Supply chain transparency must now go beyond the traditional visibility of the movement of goods. The data that supply chain transparency can provide is a meaningful insight that enables organizations to manage cyber threats more effectively with their supply chain partners. Vet your suppliers to ensure their organization and their systems meet your standards of security. Understand and screen your partners’ data management practices to ensure there are no holes in their system.
as that of the weakest organization. More often than not, this weakest link is also the smallest member of the supply chain, with the least resources to combat cyber threats. For cyber criminals, supply chains are a way into business systems. An example of this is the much talked about Target breach in 2013, where hackers targeted an HVAC contractor with a phishing attack, using the contractor’s connection with Target as an entry point for a breach that resulted in the financial information of over 110 million people being compromised. With cyber crime, who you partner with becomes extremely important in managing the risks at every step of the process.
Likewise, within each organization, cyber-security is no longer a problem for the IT department, but for every employee, in every department. Systematic tracking of individuals, particularly through social media, allows cyber criminals to identify the weakest link and strike with minimal
risk. To truly ensure the strength of an organization’s cyber-security, it must remain a company-wide focus, with individual behavior often determining the success or failure of preventing a breach, despite company policies.
“Cyber-security is a moving target and the threat is real. An attack on any point of an organization’s supply chain is an attack on the entire supply chain. Diligence, readiness and transparency by all involved parties are of the utmost importance,” said Adel Chaveleh, Chief Information Officer at Crane Worldwide Logistics.
THE COST OF CYBER CRIME In a joint report by Hewlett Packard and the Ponemon Institute on cybercrime, it is estimated that the average cost of cybercrime to American firms is $15.4 million in damages per year. 2 Steps are being taken by prudent organizations and the government to help
The President’s Budget for Fiscal Year 2017
Securing the Digital Economy for All Americans Through Strengthened Cybersecurity. The Budget invests $19 billion in overall Federal resources for cybersecurity to support a broad-based cybersecurity strategy for securing the Government, enhancing the security of critical infrastructure and important technologies, investing in next-generation tools and workforce, and empowering Americans. In particular, this funding will support the Cybersecurity National Action Plan, which takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security. www.whitehouse.gov/omb/budget
Adventure awaits.
When it’s time to get away, get moving with more savings and rewards with Budget. No matter the destination, get more out of every trip.
Save up to 25% always with BCD # V053905
For reservations and more deals, go to budget.com/recgov or call 1-800-527-0700. For reservations and more deals, go to or call
© 2015 Budget Rent A Car System, Inc.
So well executed are these heists that cargo is willingly handed over to thieves by carriers or shippers, never to be seen again. Rates of fictitious pickups are rising, but go underreported due to a reluctance of victims to report crimes of this nature, as it exposes failures on their part to vet carriers responsibly.
mitigate the danger from cyber security threats. The Obama Administration asked Congress to dedicate $19 billion to cyber security in its fiscal 2017 budget proposal. Internationally recognized programs such as the US Custom Service’s Container Security Initiative, as well as the C-TPAT, AEO, PIP, J-AEO and C-AEO have all helped to reduce the risk of terrorism and theft, however, these programs will not be sustainable if accurate data is not provided by the shippers.
IT’S EVERYONE’S PROBLEM The key to preventing cybercrime is understanding key vulnerabilities and managing them effectively. Never misjudge the value of the information your business digitally creates or stores. Whether intellectual property, customer details, financial information or otherwise sensitive data, even what appears to be the most benign information can prove extremely valuable to a criminal organization.
Managing the threat of cyber security begins, but does not end, at home. Organizations must establish clear security policies and brief staff on how to manage potential security threats. Alongside investment in next generation security solutions and event correlation such as end point protection, perimeter security, and targeted attack protection, there is a need for risk management and well-enforced policies designed to defend the organization from cybercrime to be in place across the organization. The focus must be ongoing: almost a third of companies in the UK who suffered security breaches in 2015 cited a lack of priority from senior management as a contributing factor. 3 Additionally, when it comes to cybersecurity, your organization is only as strong as the weakest link in your supply chain. Supply chain transparency must now go beyond the traditional visibility of the movement of goods. The data that supply chain transparency can provide is a meaningful insight that enables organizations to manage cyber threats more effectively with their supply chain partners. Vet your suppliers to ensure their organization and their systems meet your standards of security. Understand and screen your partners’ data management practices to ensure there are no holes in their system. Participate in ongoing collaboration and information sharing with long term, trusted partners throughout the supply chain process to help to identify security threats to any cargo shipments going forward, ensuring you are proactively working together to face imminent threats as they arise.
While awareness of the impact of cybercrime is growing, and managing this
threat is making its way onto risk management agendas, this focus is not universal. A long list of countries currently have no cybercrime laws in place, leaving international transportation even more vulnerable. Another major challenge for the transportation industry is that often theft is not reported in order to avoid increased insurance rates or tarnished reputations. It could be that the penalties are currently too soft on carriers who do not report theft.
It’s becoming clearer that the industry as a whole needs to work together to manage threats, report breaches, and build awareness of best practice, if anyone is going to successfully navigate the constantly changing tides of cybercrime. It’s apparent that both throughout and beyond the supply chain, collaboration is the transportation industry’s best defense against cybercrime. DTJ
1 Dempsey, M. (2015, Feb. 12). Supply Chain Partnerships Are Win-Win. Retrieved from Raconteur: http://raconteur.net/business/ supply-chain-partnerships-are-win-win 2 Ponemon Institute LLC. (2015). 2015 Cost of Cyber Crime Study: United States. Traverse City: Ponemon Institute. 3 HM Government. (2015). 2015 Information Security Breaches Survey. London: Crown.
