Managing cyber risks in logistics, transportation

The remedy is to identify this event, map it to expose the three types of attacks that can be unleashed, and itemize the risks, if any of the attacks were to occur. It is significant for logistic firms to set up practices to measure criticality of an organization’s systems and collect critical cybersecurity preparedness metrics.

Recognizing and managing cyber risks has become a significant facet of any CISO duty in the logistics and transportation sector. According to a NIST May 2022 publication, the most common cybersecurity risks in any given supply-chain/logistic organization include:

  • Data leaks, such as external and internal attackers
  • Information system breaches through a malicious actor infiltrating an operating system or network
  • Ransomware attacks through malware

Generally, the above three types of cyber attacks are perpetrated when people, processes, and technology meet each other

  • People could be employees, external users of the system, stakeholders, privileged users, vendors
  • Processes could be DevOps processes, change management processes, vendor management, configuration management, production deployment processes
  • Technology could be an introduction of IoTs, handheld devices for track and trace, New Edge locations where new software is deployed, data flowing through ports, IPs,
    and networks

So how do we recognize and manage such risks?  The best way to recognize any type of risk is:

Step 1: Identify any event relating to people, processes, and tech that will affect logistic systems or any tracking system in the transportation sector.

Step 2: Map the event to possible exposure to any or all the three types of risks mentioned (Data Leaks, Information system breaches, ransomware attacks).

Step 3: Assess and itemize the possible threat vectors of each risk and the possible mitigation strategies for each of those sectors.

Step 4: Zero in on the security/compliance solutions and other possible strategies for each threat vector, that need to be carried out relating to either of the people, process, and technology domains during and post the event.  Carry them out.

Step 5: Make sure to catalogue appropriate security adjustments are made to people, processes, and technology to mitigate the organization’s logistic system’s exposure to cyber-attacks.

Let us illustrate this with 7 as an example.  Let us say the scenario is to release a new version of track and trace software that has undergone changes such as adding a new set of users and a new set of hand-held devices to track goods. The software is released via a DevOps process to new cloud-based edge locations. We see this change management (process) involves deploying via a DevOps process, requires a new set of users (people) to
be onboard.

This scenario opens the possibility of all three types of attacks mentioned above. Data Leaks due to inappropriate handling, while it gets ferried to the edge location, IT system breaches due to faulty and insecure DevOps, and the possibility of insecure deployment configuration of ports, and system policies leading to system’s hijack. The remedy is to follow the above steps to identify this event, map it to the exposure of the three types of attacks that can be unleashed, and itemize the risks if any of the types of attacks were to occur:

  1. a) validating the identity of users that are going to use this new version.
  2. b) usage of access control lists in authentication and authorization.
  3. c) attribute verification.
  4. d) usage of IAM roles

According to NIST, it is vital for logistic firms to set up enhancing practices to measure the criticality of an organization’s systems and actors, build upon it to collect critical cybersecurity preparedness metrics.