Mega-terminal Security: Cybercrime is a Growing Threat
- Date: 03/12/2015
Peregrine Storrs-Fox, Risk Management Director of leading freight transport insurer TT Club assesses the current security risks that face the world’s container terminals, many of which are also coping with the challenges of larger ships and greater volumes of throughput.
Container shipping is, some half century after inception, remarkably resilient and successful in operational terms. Mankind, particularly in the developed world, takes it for granted that it is possible to buy exotic fresh produce that has travelled weeks from another continent, or pick up a bargain in latest electronic gadgetry that is most likely to have been manufactured thousands of miles from the consumer.
In order to achieve such freedom of freight movement shipping companies have had to lower their costs continually, a major consequence of which is a massive growth in containership size. In a couple of years the standard size of ships on the Asia-Europe trade is likely to be nearing 20,000TEU, so-called ULCCs.
The success of the container as a means of freight transport and the increasing size of ships means port terminals are handling ‘lumpier’ volumes and coping with larger dimensions of ships at their berths. Of course not all trades will see the largest ships and the majority of the world’s ports can’t accommodate them. These leviathans will only be employed on the main east-west Asia-Europe trade. However, as shipping lines seek to gain the effects of economies of scale across all the trades in which they operate, and employ ships displaced by the ULCCs effectively, they will ‘cascade’ their assets on to trades with smaller volumes of cargo. Therefore all ports and terminals are likely to experience an increase in ship size (if not necessarily the largest) and the consequent increase in volume throughput per ship call.
With this growth in business and the operational pressures that attend it comes greater exposure to criminal intent. Technological advances in terms of handling equipment and IT processing undoubtedly provide greater operational efficiencies and, to a degree, opportunities for terminal operators to mitigate their exposure to theft and fraud. Unfortunately, TT Club has also identified technological advances and increased opportunities benefiting organised criminal organisations. Invasive cyber-technology is becoming more widely available and a greater risk to legitimate trade, exposing terminals to economic and commercial damage.
The ingenuity of thieves and fraudsters has always surprised unsuspecting victims. The stakes are high and it is clear that the international supply chain, which by its nature facilitates movements across borders, is being targeted in order to fulfil trafficking of people and drugs, and other illegal trades, such as dumping waste, as well as intercepting valuable cargoes. Ports are necessarily a focal point for such activity.
The modus operandi of the modern ‘cyber-thief’ is now going beyond simply misleading terminals into thinking they are dealing with a legitimate company. It has been established that cyber criminals may now access and take control of operators’ IT systems, extracting or manipulating valuable data.
TT Club have identified a number of incidents which at first appear to be a petty break-ins at office facilities. The damage appears minimal – nothing is physically removed. More thorough post incident investigations reveal that the ‘thieves’ were actually installing spyware within the IT network of the operator. More typically, criminals identify targets (generally individuals) where the system cyber security is inadequate, making operational executives who travel extensively particularly exposed.
The type of information being sought and extracted may be release codes for containers from terminal facilities. However, spyware can record transactions, key strokes, and even download and print documents and screen shots to an external source. In the instances discovered to date, the cyber criminals have apparently been focused on specific individual containers, taking steps to track the units through the supply chain to the destination discharge port. Once the container has arrived, the perpetrators intervene, collecting the required release data from the unsuspecting operator’s IT systems, ultimately facilitating the release of the container into their custody and control. The incidents to date are thought to have been related to drug trafficking, a means of importing illegal substances through the supply chain unnoticed.
Freely accessible applications can allow criminal organisations to ring fence and pin-point individuals posting items such as tweets, photographs and location information to the internet through social media sites with mobile devices.
Whilst it appears benign, such data in the wrong hands can be very valuable and quickly affords organised criminals sufficient information to track patterns, such as at what time an individual is at work or home. The principle being that, if a criminal organisation wishes to gain information or access to a particular business by exploiting a potentially vulnerable employee, they are able to build a profile of employees who may be posting information to the internet from a particular business, department or building.
The cyber-criminals’ ability to hack into email accounts and communication channels is well-established, and the risks to the terminal operator must not be ignored. For instance, if a driver received instructions to pick-up a container from the port terminal but subsequently is sent information, from what appears to be a known and trusted source from within their own organisation, to deliver to a different warehouse destination, would they have concern to question it? Similarly, by accessing a terminal’s yard management system, a criminal organisation can achieve its ends by altering the logical versus actual container location within a terminal.
The ensuing losses can give rise to very large financial exposures, let alone the commercial and reputational damage. The increased sophistication of such ‘cyber-attack’ of course makes it challenging for operators to build effective defences. However, awareness is the first step, followed by thorough risk assessment. Boards and managements need to articulate a clear risk culture and deliberately follow through the process. In many cases, the human element is both the strongest and weakest link in the armoury. Education is key to success, making individuals across all disciplines of the organisation aware of the threat and aware of the risk management policies implemented to defend your organisation from such threats. In many ways, the source of the threat emanates from an organisation’s culture. The potential for individual or contractor malfeasance may be thoroughly mitigated by others’ alertness, thorough training and effective procedures (such as segregation of duties and ‘whistle-blowing’).
Vigilance and due diligence in day-to-day operations – the more physical side – are clearly vital, together with general security of IT installations. However, it would also be wise for operators to investigate the means of a greater degree of protection from and detection of hacking and spyware activity. A well informed and transparent relationship between risk management teams and IT departments within an organisation is of paramount importance. Often there is a breakdown in cohesion between such departments, with the IT department considered merely as a service provider to the operational element of the business. Where the continued effective management of cyber security is concerned, both must be seamlessly aligned in order to succeed.
In terms of a real threat to a business, cybercrime is still often low on the agenda and mitigation very much in its infancy. The key risk is perceived by many as being a potential high level shut down or hacking event, however where there is a targeted effort, simple extraction of much less obvious data, such as release codes for containers at a terminal facility, can have dramatic consequences.