Edge Cybersecurity in Transportation and Logistics
There’s no hiding the fact that the global supply chain sector is getting hit with cyberattacks and facing widespread challenges as it’s still recovering from the COVID-19 fluctuations in availability of goods and services. In February 2021, the Biden administration signed an executive order on supply chains with a focus on securing and strengthening the American supply chain against attack vulnerabilities.
Simultaneously, ports are unusually congested with matters only getting worse thanks to a shortage of workers in the transport cargo area. Now, add cyberattacks to the mix and we clearly see the transportation and logistics sector is facing a precarious situation while being responsible for moving billions of dollars worth of goods around the globe.
All of these challenges are augmented by the fact that digitization in the transportation and logistics industry is prevalent and as a result, the risk of cybersecurity attacks is higher, including companies in maritime, rail, trucking, package delivery, and more secondary sectors.
According to CheckPoint Research, in 2021, there was an increase of 50% in overall cybersecurity attacks per week on corporate networks when compared to 2020. Moreover, in Q4 of 2021, there was an all-time high in weekly cyber attacks per organization, counting over 900 attacks per organization.
In the same research, an increase of 34% was found in 2021 for the transportation and logistics industry in specific, with 501 attacks taking place weekly.
For the transportation and logistics industry, a single attack can have an impact on the global consumer economy costing billions of dollars, create significant liabilities, and completely halt any form of transportation or logistics of goods. There’s also the very real danger of customer data being breached. For example, the NotPetya ransomware attack of 2017 that targeted Danish shipping firm Maersk’s worldwide logistics operations, costing them up to $300 million dollars in damages.
As the industry continues to expand and evolve, the need for sound security tools and technologies’ investment is critical to have operational transparency and visibility to manage risks within their mission-critical environments.
Edge Risk Use Cases in Transportation and Logistics
Supply chain disruptions
According to Supply chain resilience report 2021, the COVID-19 pandemic is considered the decade’s single most disruptive event for global supply chains. Now, removing the pandemic out of the equation, there was already a trend indicating that cyber attacks were rapidly increasing, being further accelerated by ransomware.
Circling back to the case of Maersk in 2017, we find that a single day of downtime can cost hundreds of thousands of dollars. Unfortunately, supply chain disruptions are more common than we’d like as found by 2020 report that revealed 75% of companies had suffered supply chain disruptions due to cyber attacks in the last decade.
Additionally, McKinsey research estimates that businesses will, on average, suffer disruptions that can last up to one month every 3.7 years. Transportation, shipping, and logistics are vulnerable sectors as they are all targeted by nation-state groups as well as cybercriminals. Geopolitical tensions can spark attacks or shipping disruptions such as Brexit, the US-China trade dispute, or the recent Russian invasion of Ukraine.
Operational Technology (OT) attacks
Integrating traditional IT environments with OT systems, as well as growing numbers of connected endpoints via Edge and IoT, security risks increase exponentially for transportation and logistics consumers and businesses.
Cyber attacks are plaguing the transportation and logistics industry with a recent report finding that in 2020 the number of attacks on the industry soared by 400%. The same report also found that cyber attacks on the maritime industry’s operational technology systems have increased by 900% from 2017 to 2020.
Among those attacks, 50 were major OT attacks reported in 2017, which increased to 120 in 2018, more than 310 in 2019, and more than 500 by the end of 2020. As you see, OT hacks and security breaches are increasing alarmingly.
Most transportation and logistics attacks are due to lack of security awareness within all layers of the IT perimeter that now includes OT, smart products, endpoints, and services across supply chains.
Undoubtedly, ransomware is the largest cybersecurity threat facing transport and logistics companies. A recent report found that ransomware is the number one cyber threat to transportation and logistics companies, yet 90% of organizations studied in the report had open remote desktop or administration ports and insufficient email security, which are known as primary vulnerabilities to ransomware.
For example, in 2019, the Ryuk ransomware caused an outage that prevented clients from using Pitney Bowes services, which include global shipping, mailing, e-commerce, data, and financial services for more than 90% of Fortune 500 companies
In early February 2020, Toll Group, a shipping company, communicated it had stopped deliveries due to an infection of the Netwalker ransomware. The infection persisted for at least 18 days, leading researchers to find that the ransomware was spread via phishing and brute-force access to remote desktops with weak passwords. Later in May of the same year, the company faced another ransomware infection that led to data exfiltration and was most likely exposed because of remote desktops.
The World Economic Forum indicates digitalization in transportation and logistics has the potential to unlock $1.5 trillion of value for companies in the field by 2025. The transportation and logistics industry has embraced digital transformation but it is simultaneously creating heaps and bounds of structured and unstructured data that can only be dealt with IoT, Edge, and artificial intelligence.
In today's world, digitalization is crucial in every industry. Large amounts of sensor data could be isolated with an Edge layer with on-board data processing, and digitalized assets for logistics might be readily reflected as digital twins. Large cargo ships with hundreds of sensors on board are a good illustration of such logistics situations, so we should preferably protect all elements of network data inside the ship, knowing that the IoT/OT equipment could be exposed to personnel/passengers on board or when it arrives at port. Furthermore, if we're talking about satellite-based gateways, exposing the public IP could expose the networking layer to additional risks.
Nowadays, digitalization plays an important role in all segments. Digitalized assets for logistics could be easily refleacted as digital twins and big amount of sensors data could be isolated with an Edge layer with data-processing on-board. Good example of such logistics cases could be big cargo ships with hundreds of sensors on-board, so ideally we should protect all the aspects of network data inside the ship, considering the fact that the IoT/OT equipment could be exposed to the personnel/passenger on ship or when it arrived at port.
Additionally if we’re talking with satellite-based gateways, exposure of the public IP could bring additional threats in the networking layer. These threats could lead to direct financial losses during ship communication and monitoring, which also could impact the safety of cargo and people on board. These concerns could result in direct financial losses during ship communication and monitoring, as well as compromising the cargo and crew's safety.
Possible deployment examples
How AI EdgeLabs Can Strengthen Cybersecurity in Transportation and Logistics
AI EdgeLabs can provide network intrusion detection and protection against threats that can appear on a shipping container’s Edge. AI EdgeLabs can provide defensive measures for ships' logistic chains and IoT/OT connectivity. The AI Edge Labs team recognizes the majority of data should be processed locally, and that the platform should ideally enable outside cyber-threat detection as a result of this local processing.
Each modern ship has one or more edge servers that process telemetry data from all across the ship. Simultaneously, Internet connectivity is implemented via a system of gateways that link to the internet via satellite or LTE connectivity (if presented). These gateways can be targeted in a variety of ways, including DDoS, scanning, flooding, brute force assaults, and many others, all of which can do considerable harm to the systems.
On Gateways, AI EdgeLabs sensors can secure connectivity to the ships and operate as a smart firewalling solution. Edge Sensors can deliver very high quality detections using Reinforcement Learning algorithms.
AI EdgeLabs is a robust, enterprise-grade, and AI-based platform that brings advanced network visibility, early threat detection, and automated incident response and remediation vital for the transportation and logistics industry. Enriched with Deep Reinforcement Learning, our platform is smart and impressively accurate in detecting threats before they even have a chance to cause harm.