BIFAlink January 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

BIFAlink

Policy & Compliance

www.bifa.org

CYBER ATTACKS: An increasing risk to the supply chain

Susanna Marsden of freight transport insurance specialist TT Club comments on the trend for cyber-attacks to target transport operators and infrastructure. She looks at the practical issues in combating the risks

As evidenced by the June 2017 ‘Not Petya’ cyber-attack on the Maersk Group and a similar virus affecting TNT amongst others, cybercrime has become increasingly commonplace within the freight industry. For logistics businesses, the impact of cybercrime is simply another operational risk that they cannot afford to ignore. As well as relatively commonplace data thefts perpetrated at container depots and terminals, such incidents can also involve sophisticated actors aiming to impact haulage and warehouse operations. Often, identifying the attackers, whether criminal, malicious or politically motivated, is almost impossible. Within the global supply chain the logistics and freight forwarding

community is particularly vulnerable to disruptive cyber activity. Such operations are characterised by widespread office networks and reliance on multiple third-party suppliers. IT systems are predominantly of an in-house, legacy nature, which may be poorly protected by security software. Furthermore, there is a lack open communication and reporting of past damaging cyber experiences. All of these tend to increase the risk levels for this industry.

Modus operandi The modus operandi of the modern cybercriminal is now going beyond simply misleading transport operators into thinking they are dealing with legitimate companies. Sophisticated hackers may now access and take control of operators’ IT systems and equipment, extracting or manipulating valuable data in order to cause economic or even physical harm. While the ‘Not Petya’ attack purported to be ‘ransomware’, a number of commentators suggested that this was seeking to cause damage and disruption rather than to collect ransom payments. The increasing risk posed by such cyber activity has the potential to affect

the legal obligations owed under shipping contracts such as bills of lading or charter parties. In particular, evolving cyber risks may come to redefine some of the legal definitions that international conventions have traditionally relied on. All supply chain stakeholders need to ensure they have a robust cyber response plan, which should include periodic stress testing of operating systems in order to measure their vulnerability to cyber-attacks and identify what additional system or process mitigation may be required. The cyber risks are increasing rapidly not just in terms of greater hacking and malware activity. The desire for supply chain visibility and efficiencies is

10 January 2018

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20