A search for the phrases “supply chain hack” or “supply chain cybersecurity” will return millions of posts and articles about cyberattacks. Last December’s Sunburst attack, in which hackers compromised SolarWinds Orion network management software and then used Orion updates to penetrate the networks of thousands of SolarWinds’ customers in the private and public sector, is an example. By compromising one software supplier—in that case SolarWinds, “Spies or saboteurs can hijack [the supplier’s] distribution systems to turn any application they sell, any software update they push out, even the physical equipment they ship to customers, into Trojan horses,” explains Wired in a recent post.
These kinds of software supply chain attacks are extremely serious and damaging—and they will continue, as sophisticated hackers target software vendors to intrude into the networks of those vendors’ customers.
Another area of concern when it comes to cyber attacks is those that occur in an organization’s physical supply chains, specifically to one of their suppliers or logistics providers. When a tier-one or two supplier is compromised that could potentially disrupt the organization’s supplies of materials, parts and products, as well as services like contract manufacturing, assembly and testing.
“If a supplier has a network outage or is otherwise compromised, you can find yourself in a situation where you can’t transact business in the physical dimension,” said Resilinc CEO Bindiya Vakil in a recent webinar on the state of risk and trends in supply chain disruption for the first six months of 2021.
In the first half of 2021, Resilinc’s EventWatch supplier monitoring service reported 145 unique cybersecurity disruptions affecting or potentially affecting Resilinc customers’ supply chains. These included attacks on ports and other critical logistics infrastructure. In July, South Africa’s port and rail operator Transnet declared force majeure after a cyberattack crippled its ability to operate the country’s four container ports and freight rail system.
While the port operator resumed operations in less than a week, other attacks on logistics operators continue. In late August, hackers attacked Prologis Canarias, a mid-sized bunker fuel terminal in the Canary Islands. According to Freight Waves, “the extent of the incident is murky”; and even if the terminal were offline for weeks, its absence would be “inconvenient” for regional shippers but not seriously disruptive.
More worrisome is the business model of the hacking group LockBit, which has earlier attacked Accenture, Bangkok Airways and others. The outfit provides malware and infrastructure to other hackers for a share of the ransom proceeds. “The attacks themselves operate by both encrypting victims’ systems and stealing data,” according to FreightWaves. Hackers demand ransom in exchange for a key to restore the access and a promise to not post the data to LockBit’s leak site, a common tactic.”
Cyber vulnerabilities are widespread among smaller shipping and logistics firms, according to FreightWaves and Gwilym Lewis, director of UK cybersecurity firm Appsecco. Lewis told FreightWaves that while large shipping lines have their cybersecurity act together, the industry as a whole is mostly unprepared. “The whole sector is probably a decade behind everyone else,” said Lewis.
Trade News Weekly, published by Hawaii Foreign-Trade Zone No. 9, reports that Hacking attempts in the logistics industry are increasing rapidly, possibly due to the rapid and eager digitization of the space. Companies and ports are increasingly reaching to technologies such as the IoT, but these add another layer of risk that needs to be managed, increasing complexity yet further.
For Vakil, these vulnerabilities point to the need for supply chain management professionals to work actively with their in-house cybersecurity teams to assess cyber risks across the entire supply chain. “You can’t just let IT protect your internal systems,” she said. “It’s supply chain’s job to make sure your suppliers are also paying attention to these threats and have best-in-class capabilities.” She recommended that OEMs work with Resilinc or another reputable third-party company to survey suppliers about cybersecurity. “And these need to be refreshed regularly because attacks are constantly getting more and more sophisticated.”