Transportation companies have a history of defending themselves against physical attacks. The 21st century presents a new kind of threat that challenges older defense measures. Today, the preferred tool of attack is the cyberattack. Transportation management software must be designed to withstand this kind of attack, an ever-changing, ever-present threat that forces companies to keep their software updated and protected. A robust defense plan will include ongoing communication and efforts to minimize known risks and weaknesses in hopes of thwarting a security breach.
Understanding the Risk
Cybersecurity is not just an IT problem. The potential risks threaten vendor relationships, supply chain integrity and public safety. Ninety percent of trade worldwide crosses vast oceans, spending most of its time in international waters.
Cyber attackers launched one of the most widespread attacks to date this summer when they disrupted several port terminals run by Maersk. Ports in the United States, the Netherlands, India and Spain were unable to accept cargo and had to shut down systems after the breach. Maersk operates 76 ports through its AMP Terminals division. Maersk estimated the attack could cost up to $300 million.
Transportation disruptions affect security, the economy, and public health. IBM’s Cyber Security Intelligence Index estimates it is the 5th most cyber-attacked industry. In the Maersk attack, ships off the coast of Anchorage, Alaska were unable to deliver necessary goods like milk and groceries. Even more unsettling is the fact most ships rely on GPS for navigation, and failure causes captains to lose critical course information, communications ability and computer links.
Developing a Plan
Ports and transportation companies around the world are taking notice, and many are developing security plans based on the following principles:
- Breaches will happen. The threat continues to evolve, so it’s not a question of when, but how. When stakeholders approach the threat as inevitable, they can plan not only how to prevent an attack but how to limit the attacker’s ability to use information and how to facilitate a speedy recovery.
- Cybersecurity is an ongoing process. There will never be a day when companies can download or install a permanent solution. Transportation companies must plan for an ongoing process that reduces the potential for human error and continually analyzes every step of the supply chain for risks.
- Online security and physical security are both important. It would be a mistake to focus on cybersecurity at the expense of other types of safekeeping. Attackers are constantly on the lookout for entry points, and failure to protect physical locations can provide devastating access.
Managing Supply Chain Risks
Transportation companies are using a range of best practices to protect their cyber territory including the following:
- Part of every Request for Proposal (RFP) is language that specifies security obligations.
- Careful vendor screening and partnerships that evaluate security risks.
- Ongoing development programs for managing software lifecycles and training employees to avoid risks.
- Strict booting protocols that require authentication codes and security handshakes.
- Automated processes that minimize the potential for human error.
- Strict support for, and monitoring of, legacy systems to prevent cyberattack.
- Scrupulous control of vendor-accessed services and software.
The threat and impact of cyberattack is great, but ongoing refinement and monitoring can limit the ability of criminals to cause significant disruption to the supply chain.