Cyber Hackers Threaten Global Supply Chains

Calling the global supply chain “the next playground for hackers,” The International Maritime Bureau (IMB) is calling for vigilance.

According to IMB analysts, recent events have shown that systems managing the movement of goods need to be strengthened against the threat of cyber-attacks posed by criminals targeting carriers, ports, terminals and other transport operators.

“We see incidents which at first appear to be a petty break-in at office facilities. The damage appears minimal – nothing is physically removed,” said Mike Yarwood, an insurance claims expert with London’s TT Club.

“More thorough post-incident investigations, however, reveal that the criminal’s were actually installing spyware within the operator’s IT network.”

Yarwood said that more common targets are individuals’ personal devices where cyber security is less adequate.

Hackers often make use of social networks to target truck drivers and operational personnel who travel extensively to ascertain routing and overnight parking patterns, for example. The criminals were looking to extract information such as release codes for containers from terminal facilities or passwords to discover delivery instructions.

“In instances discovered to date, there has been an apparent focus on specific individual containers in attempts to track the units through the supply chain to the destination port,” said Yarwood. “Such systematic tracking is coupled with compromising the terminal’s IT systems to gain access to, or generate release codes for specific containers.”

He added that criminals are known to have targeted containers with illegal drugs in this way; however such methods also have greater scope in facilitating high value cargo thefts and human trafficking.

While it is difficult to get hold of exact numbers and statistics, the risks should not be underestimated, said IMB analysts.

And in June the U.S. Government Accountability Office warned about the possible threats to U.S. ports.

In a critical report, the organization said that the actions taken by the Department of Homeland Security and two component agencies, the U.S. Coast Guard and Federal Emergency Management Agency, as well as other federal agencies, to address cybersecurity in the maritime port environment have been “limited.”

SC
MR