TT Talk - Increasing cyber risks through the supply chain

Whilst technological advances undoubtedly provide greater operational efficiencies and opportunities for carriers and operators to mitigate their exposure to theft and fraud, unfortunately they equally benefit organised criminal organisations. As invasive cyber-technology becomes more widely available, the TT Club suggests that what has been observed in recent months could be a significant emerging risk to legitimate trade, exposing the operators in the supply chain to economic and commercial damage.

The ingenuity of thieves and fraudsters has always surprised unsuspecting victims. The stakes are high and it is clear that the international supply chain, which by its nature facilitates movements across borders, is being targeted in order to fulfil trafficking of people and drugs, and other illegal trades, such as dumping waste, as well as intercepting valuable cargoes.

Spyware Infiltrations

We have previously highlighted the risks associated with internet clearing sites and suchlike, but press reports recently identified another approach regarding IT based theft. Going beyond simply misleading other operators into thinking they are dealing with a legitimate company through the use of internet based clearance web sites, it has been established that cyber criminals may access and take control of operators' IT systems.

In the last weeks a small but significant number of incidents have been reported which at first appear to be a petty break-in at office facilities. The damage appears minimal - nothing is physically removed. More thorough post incident investigations revealed that the 'thieves' were actually installing spyware within the IT network of the operator. Interestingly, this involved physical installation. More typically the criminals identify targets (generally individuals) where the system cyber security is inadequate, combined with sufficient access and authority rights. As such, operational executives who may travel extensively can be particularly exposed.

"The criminals identify targets (generally individuals) where the system cyber security is inadequate, combined with sufficient access and authority rights."

The type of information being sought and extracted may be release codes for containers from port and terminal facilities. However, spyware can record movements, key strokes, and even download and print documents and screen shots to an external source. In the instances discovered to date, the cyber criminals have apparently been focused on specific individual containers, taking steps to track the units through the supply chain to the destination discharge port. Once the container has arrived, the perpetrators intervene, collecting the required release data from the unsuspecting operator's IT systems, ultimately facilitating the release of the container into their custody and control. The incidents to date are thought to have been related to drug trafficking, a means of importing illegal substances through the supply chain unnoticed.

Criminals are focussed on emerging technologies

"The potential scope of valuable information within the supply chain cannot be underestimated."

The use of such technologies, however, could very easily be replicated to infiltrate other areas of the supply chain, from freight forwarders through to warehouse operators. The potential scope of valuable information within the supply chain cannot be underestimated. In addition to the focused incidents experienced to date, there is scope for highly selective and targeted cargo theft, human trafficking and general disruption of the global supply chain. Generally, security efforts focus on the potential for disruption and 'business continuity'; these recent spyware infiltrations point more to criminal leveraging to achieve darkly profitable ends. Implementing effective computer logs and 'dashboards' (as part of detailed operational and performance management information) may arguably be more pressing than updating and testing appropriate response plans.

Driven by the necessity to become more cost effective and efficient, many of today's national and global logistics operators are substantially reliant on IT systems to manage every section of their business from stock management and vehicle routing tools through to accounting, security and even communication systems. The value and extent of the information held increases daily to the cyber-criminal.

"The cyber-criminals' ability to hack into email accounts and communication channels is well-established, and the risks to the logistics operator must not be ignored."

Criminal organisations are well resourced and focused on utilising emerging technologies, not only to perpetrate crime but also to mitigate the risk of detection. The cyber-criminals' ability to hack into email accounts and communication channels is well-established, and the risks to the logistics operator must not be ignored. For instance, if a driver received instructions to deviate from a planned delivery destination and to deliver to a nearby warehouse, from what appears to be a known and trusted source from within their own organisation, would they have concern to question it? Similarly, by accessing a warehouse operator's stock management system, a criminal organisation can achieve its ends by altering the logical versus actual stock levels held within a facility.

Combatting Cyber Risks

The ensuing losses can give rise to very large financial exposures, let alone the commercial and reputational damage. The increased sophistication of such 'cyber-attack' of course makes it challenging for operators to build effective defences. However, awareness is the first step, followed by thorough risk assessment. Boards and managements need to articulate a clear risk culture and deliberately follow through the process. In many cases, the human element is both the strongest and weakest link in the armoury - the potential for individual or contractor malfeasance may be thoroughly mitigated by others' alertness, thorough training and effective procedures (such as segregation of duties and 'whistle-blowing').

Vigilance and due diligence in day-to-day operations - the more physical side - are clearly vital, together with general security of IT installations. However, it would also be wise for operators to investigate the means of a greater degree of protection from and detection of hacking and spyware activity. When reviewing IT systems, the 2013/2014

Global Fraud Report

issued by Kroll identifies at two key questions to consider:

  • If you discover that your systems have been compromised, does your system have the facility to trace and identify what was viewed, modified or taken?
  • What would be the potential commercial impact on your business if it became known to your clients that such information had been accessed through your IT Systems?

Equally, removing single system dependencies, such as implementing bifurcated messaging through different devices, and controlling information release by GPS mapping have been shown to foil infiltration.

Security in the supply chain is no longer 'simply' about the use of locks, alarms and tracking systems. Organised crime has spawned new risks. For those who need to consider this topic further, the Kroll report provides a thorough global overview, with many comments applicable to those involved in transport and logistics. Additionally, the TT Club's handbook

'Supply Chain Security - Management, initiatives & technologies'

is a useful contextual reference. This is free to Members and brokers and available to others to purchase in print or pdf for £36.00.

We hope you found the above interesting. If you would like further information, or have any comments, please email us, or take this opportunity to forward to any colleagues who you feel may be interested.

We look forward to hearing from you

Peregrine Storrs-Fox

Risk Management Director, TT Club

Staff Author

TT Club

Date28/11/2013