Air Transport Publications
Contact
Login   |   Register
jobs Jobs
events Events
bookmarks
My bookmarks
feature_main_image
Cargo

Nowhere to hide

The freight industry was caught up in high profile cyber attacks last year, Rob Coppinger questions what the industry is doing to counter this threat
 

The last year has seen the freight industry rocked by significant damage and costs caused by cyber attacks. Just as the air freight business knows no borders, the hackers can strike almost anywhere there is an internet connection. The attacks rendered the computer systems of leading freight organisations inoperable, demonstrating that no one is immune.

 

“The most recent attack that got Maersk, they had to buy 4,000 servers and 45,000 PCs almost overnight to get up and running. So, you see how dangerous this was and for all you know it was done by some bloke in his bedroom,” British International Freight Association (BIFA) Director General, Robert Keen, tells Airline Cargo Management.

 

The cyber attacks last year brought chaos to Maersk’s operations and cost TNT parent company FedEx $300 million because of the computer network disruption they caused. The different types of malicious software behind these cyber attacks are referred to as ransomware, according to the University of Connecticut’s Information Security Office. Once ransomware infiltrates a computer or a network it will lock the computers up, stopping any user from using them and demand that a payment is made to unlock the machines. The payment can be demanded in a crypto-currency such as Bitcoin. However, sometimes computers are not unlocked after payment.

 

Maersk commented: “We anticipate that Maersk, as well as the wider industry, will also in the future experience more attempted cyber attacks; both indirectly as was the case with the NotPetya and as a direct target.” NotPetya was one of the ransomwares to strike industry last year. Accusations by experts and governments about the perpetrators were many, from allegations of hackers and organised crime to the Russian government being blamed, as one attack began in Ukraine and spread across the world.

 

a Ukrainian tax software product, according to its July 2017 financial filing. In the filing, the company stated that the “worldwide operations of TNT were significantly affected by the cyber attack known as Petya, which involved the spread of an information technology virus through a Ukrainian tax software product.” The statement went on to explain that while TNT computers in Ukraine were ‘compromised’ other FedEx company systems elsewhere in the world were not affected. FedEx also claimed that, despite the attack, “no data breach or data loss to third parties is known to have occurred as of 17 July 2017.”

 

FedEx Founder, Chairman and CEO, Frederick W Smith, said in his company’s 1Q18 earnings statement: “I strongly believe FedEx will emerge from the cyber attack as an even stronger, more resourceful company. And I’d like to thank the thousands of FedEx team members who worked tirelessly to remediate the TNT system’s problems and take care of our customers.”

 

Attacks have not been aimed at freighters, but the business infrastructure that supports that core activity of flying cargo around the globe. In response to such threats, BIFA advises its members to train their staff, but does not provide training itself. “You tell your staff, ‘if you don’t know who it [the email] is from, delete it’,” Keen explained. “It really is that simple. There [are] great education programmes, step-by-step, that talk to people about the various [cyber security] issues. We don’t do them, it is up to the [corporate] members to tell their staff.”

 

This sort of training comes under headings like enterprise risk management and there are wider industry efforts relating to cyber risks. In its December 2017 cyber security fact sheet, the International Air Transport Association (IATA) states: "Many airlines and airports have robust systems in place to address common hacking threats, but they haven’t always taken a holistic approach to the IT environment or considered the broader threat to the aviation system.”

 

IATA puts forward a three pillar strategy for this holistic approach. The pillars are called risk management, advocacy, and reporting and communication. The risk management is the policy and technical aspects; advocacy is interacting with regulators and supporting the security system developers; and, reporting and communication is about raising general awareness of the challenge and making sure people know they can report anything they encounter.

 

It is widely advised that airlines implement a comprehensive enterprise risk management strategy with support from senior management to ensure its adoption across an organisation. Insurance is also recommended.

 

However, the industry does not have a good history of tackling this subject. “We see less investment in air cargo as compared to financial services or the public sector,” says information technology firm Unisys’ Vice President and Global Head for Travel and Transportation, Dheeraj Kohli. “Because of this lowsecurity maturity index, Unisys carried out a survey sometime back and the maturity index in air freight is very low for security." >>

 


To download the PDF file for this article, you have to pay the amount by pressing the PayPal button below!


Filename: Nowhere to hide.pdf
Price: £10

Contact our team for more information!


The Cargo channel

Industry blog
Autonomous freight drones: a revolution in air cargo?
Jobs
Events

Comments

You must be logged in to post a comment.

Please login or sign up for a free account.

Disclaimer text: The views expressed in the above comments do not necessarily express the views of Air Transport Publications Ltd. or any of its publications.