“I am convinced that there are only two types of companies: those that have been hacked and those that will be.”
These words belong to Robert Mueller, who was one of the longest-serving FBI directors in U.S. history with twelve years of service. Luckily, we haven’t seen any examples of merchant vessels or aircrafts hacked, but recent events have showed us that it is not the only way that hackers could target our industry. The risk of cyber-attacks on transportation modes continues to be significant, and each year, we see more and more cases that result in loss of critical data and money in logistics operations.
Former chairman of the Joint Chiefs of Staff, and U.S. Navy admiral, Michael Mullen, mentioned the seriousness of this issue back in 2012. He said, “We are vulnerable in the military and in our governments, but I think we’re most vulnerable to cyber-attacks commercially. This challenge is going to significantly increase. It’s not going to go away.”
Even though we’ve been clearly warned by the former Chief of Naval Operations, most people still underestimate the intensity of this threat. A possible cyber-attack on transportation systems could cost a lot more to our domestic and global trade than we are aware of.
To understand the consequences of cyber-terrorism in transportation and logistics, we first need to understand the dimensions of the industry itself.
In the United States, the government determines 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the country that their incapacitation or destruction would have a debilitating effect on security, national economy, national public health, or safety. Transportation is one of the key sectors among these 16, and is commonly referred as the “lifeline” of a country. From the freight point of view, transportation starts when a good is purchased as a raw material at its source, and does not stop until every single finished product reaches to its consumer. It basically keeps the nation running, and our economy wouldn’t survive without this physical connection.
When we look at the global picture, over 90% of the world’s trade is carried by the international shipping industry. In 2016, merchant vessels moved $1.5 trillion of cargo through U.S. seaports. The United Nations Conference on Trade and Development estimates that international shipping operations generate about $380 billion just in freight rates, equivalent to about 5% of total world trade. The world’s airlines also carry around 50 million tons of freight annually. Including the passenger transportation, aviation industry contributes over $660 billion to global GDP.
Now, we have an idea of where transportation stands in our economy.
What about in the cyber world?
According to IBM’s Cyber Security Intelligence Index, transportation was the 5th most cyber-attacked industry in 2016. Because of its relatively weaker security infrastructure, it is an easy target for hackers. When I use the term “hacking”, most of you think that there is a group of computer experts, writing codes, and trying to breach our online systems remotely, but the biggest risk to cyber security is actually the human element. The International Maritime Bureau reported that more than 80% of offshore cyber, information and operational technology security breaches were the direct result of human error.
Surprisingly, the security risks caused by their own employees are usually ignored by the companies. For example, only 12% of maritime crew in the world had received any form of cyber security training. In addition, only 43% of the crew were provided a cyber security guideline for personal use of IT systems on vessels.
In addition to the human factor, usage of technology is increasing the vulnerability, too. The Transportation Systems Sector-Specific Plan released by the Department of Homeland Security states that the transportation sector is increasingly vulnerable to cyberthreats, as a result of “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.”
The good news is that people’s perspective on this matter is rapidly changing.
Awareness is growing, and trade associations are also encouraging companies to educate their employees. For the shipping industry, major organizations including International Chamber of Shipping, Baltic and International Maritime Council, International Association of Dry Cargo Shipowners and International Union of Maritime Insurance, have recently published the second version of “The Guidelines on Cyber Security Onboard Ships”. Last year, in the U.S., the “Cybersecurity Standards for Aircraft to Improve Resilience Act” was also introduced by Senator Edward J. Markey, requiring the FAA to develop cybersecurity guidelines for the aviation industry.
However, guidelines cannot protect us from cyber-terrorism unless they are properly followed.
We should train our employees on how to recognize cyber-attacks and implement policies on computer hardware usage, particularly the use of USB memory sticks. We should also integrate cyber security into our risk management and crisis communication procedures to respond the threats timely and effectively. Setting strong user access controls in our networks, performing regular backups in our servers, and keeping our software up to date, are also some simple precautions that we must consider.
These are the easiest and most strategic steps that any company can take to improve cyber security. We should always remember that cyber security is not only about protecting our data, but protecting our reputation as a secure service provider as well.