TT Talk - Supply chain cybercrime: more targeted, smarter
With some 90% of world trade transported by sea, coupled with the logistics challenges of Covid-19 and emerging new trends in cybercrime, the importance of cyber security in the supply chain has never been more critical.
The supply chain is inevitably an attractive target for hackers given that numerous actors in multiple jurisdictions will use common software applications, with the result that once the software has been compromised in one entity it may be possible to expose vulnerabilities across a range of businesses globally.
The supply chain is inevitably an attractive target for hackers given that numerous actors in multiple jurisdictions will use common software applications
Awareness of the vulnerabilities across the maritime supply chain has been growing over recent years. The International Maritime Organization (IMO) recognised this and mandated cyber risk management within the context of the existing International Safety Management (ISM) Code. However, this necessary focus on the purely maritime aspects of cyber security should not be seen as a panacea. TT, in collaboration with UKP&I, highlighted in 2018 the risks at the ship/port interface; the implications of cybercrime have only increased in the interim.
The last year alone has demonstrated multiple vulnerabilities that could each be exploited through a cyber event. Threats to the Covid-19 vaccine supply chain are now clearly in the spotlight, while the impacts of the Suez Canal blockage continue and persisting pandemic risks are played out, for example recently in Yantian.
What are supply chain cyber risks?
Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and technological networks. In practice, we are talking of the illegitimate breach by hackers to access Information Technology (IT) or Operational Technology (OT) systems with the potential to disable controls, disrupt activities, or release, modify or destroy data.
In the maritime domain, such a cyber-attack might include radio frequency (RF) domains, meaning both global navigation satellite system (GNSS) and automatic identification system (AIS) jamming and spoofing are viable attack methods. This has significant implications for navigation and safe passage.
Similarly, Terminal Operating Systems used within the port infrastructure, for example cargo handling equipment, are equally vulnerable to potential breaches. Pandemic-induced dislocation and increased exposure from remote working have only heightened the risk of fraud.
The latest threats
- Cyber criminals are becoming more sophisticated in their approach. Ransomware attacks are more targeted than previously, cyber criminals are no longer taking a ‘shot gun’ approach and assessing who falls. The tools that cyber criminals have at their disposal are proliferating.
- More targeted attacks, tailored to the target in terms of the demand are being made. Historically there may have been a simple request for US$500 in bitcoin to re-establish access to systems. Today, the demand is aligned with the turnover of the company. Higher demands are assessed on the likely value of the denial of service, turnover and cash reserves to pay.
- Change of direction. Where a ransomware attack used to involve a simple denial of service, an attacker now might raise the stakes by adding in a threat not only to deny access, but to release or sell sensitive data on the dark web.
- Third party service providers contracted to manage cyber security have themselves become a target for cyber criminals. A recent ImmuniWeb report suggests that 97% of the leading cyber security companies had their data exposed on the dark web during 2020.
Apart from the obvious motivation of financial gain, there are well-documented instances where the innate attributes of the global supply chain – the systems and processes to facilitate trade across national borders – have been exploited to carry out illicit trades, primarily around narcotics and people trafficking.
Mitigating cyber risks
TT Club regularly highlights the importance of robust cyber security risk management and urges boards and management to carry out thorough assessments, including analysing the integrity of safety critical data. A ‘top ten’ list might look like this:
- Strengthen the 'e-perimeter fence' and ensure only approved software programmes can be run on systems and networks
- Ensure software patches are applied diligently and quickly
- Maintain effective anti-virus software and strong spam filtering
- Compartmentalise IT and OT infrastructure with the aim that an infected area can be isolated and quarantined
- Systematically back up key data regularly, including ensuring that the backup files are held offline
- Educate employees not to download malicious content, open unsecured web browsers or fall victim to social engineering attacks and phishing scams; train them to recognise and report threats
- Collaborate intra and cross industry to raise awareness and identify threat trends (including being open to increased information sharing)
- Develop a robust incident response plan, with a well-prepared and dedicated team having clear objectives
- Develop robust contingency plans, since preparation is key to resilience during or following an attack
- Be alert and expect the attack; it’s not if but when
Be alert and expect the attack; it’s not if but when
The general public in most, if not all, countries around the world in recent months have had their awareness of the global supply chain heightened, whether through media on their screens or gaps on shop shelves. Many will be aware also of the recent ransomware attack involving the US fuel supplier, Colonial Pipeline, which effectively shut down their supply system.
Such public awareness is compounded in the global supply chain by the impact on national economies. As the feasibility of more damaging cyber activities increase – whether initiated by criminal or more sinister state actors – all stakeholders involved must prepare for the inevitable and build resilience to the evolving cyber threats.
The reality is that all businesses are susceptible to a Colonial Pipeline event, more than likely resulting from an employee failing to spot a phishing email and launching a malicious link.
For further insights
We hope that you have found the above interesting. If you would like further information, or have any comments, please email us, or take this opportunity to forward to any colleagues who you may feel would be interested.
We look forward to hearing from you.
Risk Management Director, TT Club