Industry viewpoint: Supply chain increasingly vulnerable to cyber attack


  • Date: 14/07/2014

Industry viewpoint: Supply chain increasingly vulnerable to cyber attack

Tuesday 15 July 2014, 08:08
by Mike Yarwood

Criminals are able to take control of operators’ IT systems and use data to gain custody of containers
AS INVASIVE cyber technology becomes more widely available, a greater risk to legitimate trade is emerging, exposing operators in the supply chain to economic and commercial damage.

Criminal organisations are increasingly hacking into operators’ IT systems from anywhere in the world. The threat to security potentially affects every type of business in the container trade from ocean carriers, port terminals and handling facilities to inland depots, railheads and truck operators. The very nature of a freight container makes it prone to attention by criminals.
At TT Club, we have previously highlighted the increasing trend in the fraudulent use of internet clearing sites. Recent reports, however, have identified another approach regarding IT-based theft. Going beyond simply misleading other operators into thinking they are dealing with a legitimate company through the use of internet-based clearance websites, it has been established that cyber criminals may access and take control of operators’ IT systems, extracting or manipulating valuable data.
We have seen a number of incidents which at first appear to be a petty break-ins at office facilities. The damage appears minimal — nothing is physically removed. More thorough post-incident investigations reveal that the “thieves” were actually installing spyware within the IT network of the operator.
More typically, criminals identify targets (generally individuals) where the system cyber security is inadequate, making operational executives who travel extensively particularly exposed.
The type of information being sought and extracted may be release codes for containers from port and terminal facilities. However, spyware can record movements, key strokes, and even download and print documents and screen shots to an external source.
In the instances discovered to date, the cyber criminals have apparently been focused on specific individual containers, taking steps to track the units through the supply chain to the destination discharge port.
Once the container has arrived, the perpetrators intervene, collecting the required release data from the unsuspecting operator’s IT systems, ultimately facilitating the release of the container into their custody and control. The known incidents are thought to have been related to drug trafficking, creating a means of importing illegal substances through the supply chain unnoticed.

Threat to road deliveries

A particular area of risk, quite understandably, is the road delivery element of a container move. Over a period of time a criminal organisation can, via invasive data collection, in effect build a profile of regular routes and parking locations. This is especially true where high-value container cargo is concerned and where loading or delivery locations are known to the organised criminals.
Building detailed profiles affords the criminals the opportunity to assess the most vulnerable point in the supply chain and simply choose their moment to strike.
Thus, for instance, a driver may receive instructions to deviate from a planned delivery destination and to deliver to a nearby warehouse, from what appears to be a known and trusted source from within his own organisation.
Similarly, by accessing a terminal operator’s container control system, a criminal organisation can achieve its ends by altering the location of a particular container within a facility or even make it appear that it is not at the terminal at all.
The ensuing losses can give rise to very large financial exposures, let alone the commercial and reputational damage.
The increased sophistication of such cyber attacks of course makes it challenging for operators to build effective defences. Boards and managements need to articulate a clear risk culture and deliberately follow through the process.
In many cases, the human element is both the strongest and weakest link in the armoury.

Education is key to success, making individuals across all disciplines of the organisation aware of the threat and of the risk management policies implemented to defend their organisation.
In many ways the source of the threat emanates from an organisation’s culture. The potential for individual or contractor malfeasance may be thoroughly mitigated by others’ alertness, thorough training and effective procedures (such as segregation of duties and whistle-blowing).
Vigilance and due diligence in day-to-day operations – the more physical side – are clearly vital, together with general security of IT installations. However, it would also be wise for operators to investigate the means of a greater degree of protection from and detection of hacking and spyware activity.
A well informed and transparent relationship between risk management teams and IT departments within an organisation is of paramount importance.
Often there is a breakdown in cohesion between such departments with the IT department considered merely as a service provider to the operational element of the business. Where the continued effective management of cyber security is concerned, both must be seamlessly aligned in order to succeed.

We would recommend that all operators consider the following:
1. Be clear and define who is responsible within your organisation in respect of cyber security.
2. Understand the cyber risk to your business, conduct risk assessments as to what data you hold and which may be of the greatest potential value.
3. Make an active decision on risk. Set your risk appetite and communicate it to all departments within your organisation.
4. Plan for resilience. How will you know if your business is being attacked or targeted and once a threat is identified, how your business will react in overcoming that threat?

Mike Yarwood is a claims executive at freight transport insurance specialist TT Club.

 

 

Through Transport Mutual Insurance Association Limited and TT Club Mutual Insurance Limited, trading as the TT Club. TT Club Mutual Insurance Limited, registered in the UK (Company number: 02657093) is authorised by the Prudential Regulation Authority and regulated in the UK by the Financial Conduct Authority and Prudential Regulation Authority. In Hong Kong, TT Club Mutual Insurance Limited is authorised and regulated by the Hong Kong Insurance Authority, in Singapore by the Monetary Authority of Singapore and in Australia by the Australian Prudential Regulation Authority. In the United States, TT Club Mutual Insurance Limited is approved as a surplus lines insurer in all states and is accessible through properly licensed surplus lines brokers. The registered offices are: 90 Fenchurch Street, London, EC3M 4ST.

Through Transport Mutual Insurance Association Limited, registered in Bermuda (Company number: 1750) is authorised and regulated in Bermuda by the Bermuda Monetary Authority and is authorised in the UK by the Prudential Regulation Authority and regulated in the UK by the Financial Conduct Authority and Prudential Regulation Authority.

The UK VAT Identification number for Through Transport Mutual Insurance Association Limited is: GB 564 5244 35 and for TT Club Mutual Insurance Limited is: GB 564 3375 30. The Italian VAT Identification number for TT Club Mutual Ltd is: 03627210101.