August 3, 2017 Information Security in Logistics When global container shipper A.P. Moller-Maersk A/S announced in June that its critical systems had suffered a cyberattack, a shudder went down the spine of the entire logistics industry. After all, if such a huge entity had been breached to the point that it was forced to shut systems down across its operations, then what other damage could these criminals do to the world’s critical supply chains? “Cybersecurity has come into focus across the economy, as hackers become more capable,” Luke Graham writes in Shipping industry vulnerable to cyberattacks and GPS jamming. “Meanwhile, ships are more reliant on a range of electronic devices to operate.” In April of 2016, for example, South Korea said that around 280 vessels had to return to port after experiencing problems with their navigation systems, Graham reports. Identifying the Vulnerabilities During the Maersk shutdown, vessels continued to operate but the carrier was unable to accept new bookings from shippers. “Our portal is down and we are not able to take new orders until we get back up,” Maersk Line Chief Commercial Officer Vincent Clerc told Bloomberg. “We’re being very cautious to ensure that as we bring the applications back up, the attack is contained and rolled back. It limits the accessibility we have at the moment.” According to Bloomberg, the attack reached Asia after spreading from Europe to the U.S. overnight, hitting businesses, port operators, and government systems. Maersk’s container line transports about 15 percent of the world’s seaborne manufactured trade, the publication reported, and the attack came at a time when Maersk has “rolled out a new digitization strategy to modernize an industry where most bookings still take place by telephone.” Maersk wasn’t the only logistics provider to get hit in June. Right around the same time, FedEx announced that a virus had impacted its European Subsidiary TNT Express. “The recent cyberattacks against FedEx and Maersk reveal the scale of impact security breaches can have on global logistics at a moment’s notice,” Supply Chain Dive reports in Maersk, FedEx cases show how cyberattacks can roil global logistics. 5 Steps to Security In FleetOwner, Sean Kilcarr singles out “detailed and repeated” employee training as a good strategy for protecting trucking’s information technology (IT) systems from data breaches and hackers. The same rules apply for individual shippers whose own systems may also be vulnerable to such attacks. “Yep, the best data defense is once again the human beings who use IT systems every day, in every way, to perform their freight-related tasks,” Kilcarr writes. Citing a Shed-It report and advice from the firm’s global director, he gives these five security tips for logistics providers: (click here to read the complete list and all of his advice). Commit to a “culture” of security. When management demonstrates a commitment to information security, employees are more likely to follow suit. Repetition and frequency. Training should occur throughout the year and include various modules on organizational information security policies. Out of sight, out of mind: Place visual cues throughout the workplace to remind employees of their responsibilities in protecting confidential information. Go where your employees are: Provide constant yet short reminders about different aspects of information security that employees can access anywhere, regardless of their location. Embed it: Make security best practices a seamless part of daily tasks, such as requiring all paper documents be destroyed when they’re no longer needed. Russ Marky, senior vice president at Odyssey Logistics, says the organization takes cybersecurity very seriously and is continually monitoring and updating its systems to ensure the highest levels of protection possible for its customers.