Up
Logo
  • Menu
Logo Cancel
  • +1 212 694 7000 New York
  • +44 207 016 4250 London
  • +34 917 021 364 Madrid
  • +41 799 020 921 Geneva
  • +1 213 296 3300 Los Angeles
  • Home
  • Insights
  • Thought Leadership
  • Increased Cyber Attacks on Shipping and Logistics Highlight the Need for Preventive Strategy

13 May 2015

Increased Cyber Attacks on Shipping and Logistics Highlight the Need for Preventive Strategy

Shipping and logistics organizations are seeing increasing numbers of infrastructural cyber attacks and probes.

Cyber attacks on shipping and logistics groups are on the rise. Reuters suggests that already £400 million is lost annually within the UK gas and oil industry alone due to cyber theft. As the European Union has adopted the Network and Information Security Directive (NIS) for the marine industry, companies must ensure that their cyber strategies are up to scratch.

Hackers will target any sector where there is an opportunity, and shipping has become a focus. As Oisín Fouere, UK managing director of cybersecurity at K2 Intelligence, explains: “High threat sectors such as banking and defense have long been aware of hacking risks and therefore have invested heavily, whereas mid-risk organizations, such as those in shipping or logistics, have historically been less of a target, but are now seeing an increase in activity.”

Motivation and Attacks

The motivation for attack varies greatly, as do the types of attack. So it is important for companies to understand where the vulnerabilities may lie.

Competition is a key driver, both on a national level—when consignments of arms or oil provoke state interception—and within rival industries. Industrial espionage can lead to supply-line disruption, and Fouere suggests that industries such as car manufacturers that have huge reliance on third-party logistics could be particularly vulnerable: “For example, rivals intent on malicious activity could hack into competitors’ shipments to delay the delivery and launch of a new model, causing reputational damage and loss of sales.”

Re-routing cargo enables trafficking and theft; opportunists can compromise unsecured cargo routing systems at a port, re-routing containers to non-bonded areas and bypassing customs. In these less secure areas of a port, criminals can enter at night, open containers, and remove goods. The U.S. Government Accountability Office’s report highlights an incident in 2013 where criminals allegedly hacked into IT systems at the Belgian port of Antwerp and smuggled drugs into the country.

There has also been research commissioned which demonstrates the ease of compromising on-board navigation systems, which could potentially lead to sabotage or misdirection of shipping. These are rarely reported because companies do not wish to be viewed as easy targets; however, hackers can threaten to divert a ship’s course, or even run the ship aground. The Iranian supply line IRISL suffered a highly disruptive cyber attack in 2011, which damaged data, caused huge financial losses, and resulted in large amounts of lost cargo.

Key Signs of Potential Cyber Attacks

  • Irregularities in the way systems are behaving.
  • Unusual human behavior—for example, people already in possession of high-level knowledge asking questions about the way particular systems work.
  • Breaches of physical security monitoring systems coinciding with unusual network activity.
  • Unusual behavior on the ground—for example, a system issues an unusual or different routing instruction. Don’t just assume it’s a manual error.

System Weaknesses

What makes this sector particularly vulnerable, says Fouere, is that the software and systems being used were not designed around security, and risk management exercises are rarely carried out on the software. A 2013 study of six U.S. ports by the Brookings Institution found that only one had assessed how vulnerable it was to a cyber attack, and none had developed any plan in response to such an attack.

The structure of these sectors’ physical networks is also a disadvantage: networks between ports don’t always have secure connections, which makes it easier to break into consignments and divert or delay these in customs, allowing criminals to intercept them. With many third parties involved, it is often easier to compromise security. Finally, the human factor offers many opportunities for compromised security: insider information, ex-employees with confidential knowledge and human error all have potential to lead to breaches.

Tackling the Problems

Implementing a cyber defense strategy will ensure that an organization is in the best possible position should an attack take place. “A baseline cyber strategy essentially provides a coat of armor for your organization and deflects 90 percent of opportunistic attacks,” says Fouere.

“Additionally we provide a cyber intelligence service, whereby we conduct due diligence on third parties, monitor a range of sources to provide information about when an attack is imminent, and examine whether underground groups are attempting to attack clients’ infrastructures. If an attack has already taken place, K2 Intelligence’s incident response service will provide specialist advice on damage limitation and remediation measures.”

Considerations for Improving Organizational Security

  • Do you have a dedicated sign off, someone with ultimate responsibility for cyber risk in your business?
  • Do you have a cybersecurity specialist function which deals with incidents and proactively minimizes cyber risks?
  • Do have a testing regime in place? If not, nobody will be in control of the risk and your company is vulnerable to attack.

Banking Pot: How Financial Institutions Can Prepare for Changing Regulations

04 Feb 2019

04 Feb 2019

The Unexplained Wealth Order Imperative: Always Keep Your Financial House in Order

25 Jan 2019

25 Jan 2019

The Importance of Enterprise-Wide Risk Assessments for Financial Institutions

24 Jan 2019

24 Jan 2019

A Winning Anti-Money Laundering Strategy: Strengthen Your Defense Against Financial Crimes

14 Jan 2019

14 Jan 2019

  • Services
    • Our Practices
      • Investigations and Disputes
      • Regulatory Compliance
      • Cyber Defense
      • Construction and Real Estate
      • Strategic Risk and Security
      • Private Client Services
    • Our Approach
      • Multidisciplinary Teams
      • Investigative Experience
      • Global Reach
      • Technology
    • The K2 Difference
  • People
    • Professionals
    • Spotlight Profiles
  • Insights
    • Focus On
    • Thought Leadership
    • Video
    • Resources
      • Glossary
      • Links
advanced threatsincident responsecyber attackcyber defensecyber due diligencecyber risk assessmentcybersecurity
  • About Us
  • Our Offices
  • Find a Professional
  • Sitemap
© 2018 K2 Intelligence, LLC | Privacy Notice | K2 Intelligence is not affiliated with Kroll Inc., Kroll Associates, Inc., Kroll On Track, Inc. or their affiliated businesses.
loader
  • Services
    • Our Practices
      • Investigations and Disputes
      • Regulatory Compliance
      • Cyber Defense
      • Construction and Real Estate
      • Strategic Risk and Security
      • Private Client Services
    • Our Approach
      • Multidisciplinary Teams
      • Investigative Experience
      • Global Reach
      • Technology
    • The K2 Difference
      • A History of Success
      • Sizing Up a Situation
      • Finding the Needle in the Haystack
      • A Multidisciplinary Approach
      • Considering Every Angle
      • Securing the Right Outcome
  • People
    • Professionals
    • Spotlight Profiles
  • Insights
    • Focus On
      • Africa and Middle East
      • Art Risk Advisory: Art, Collectibles, and Wine
      • Corporate Social Responsibility
      • Cybersecurity Awareness
    • Thought Leadership
    • Video
    • Resources
      • Glossary
      • Links
  • About Us
    • Our Story
    • Our Offices
    • Corporate Social Responsibility
    • Contact Us
    Careers
    • Working at K2 Intelligence
    • Job Opportunities
    Media
    • Appearances
    • Newsroom
    • Mentions
    • Media Contacts
    Events
    • Webinars
    • Speaking Engagements
    • Roundtables
  • Contact Us