Trucking & Logistics And Cybersecurity: Why It Matters Now More Than Ever

By a Biometrica staffer

Transportation was one of four industries that suffered the highest percentage of malicious attacks last year, according to IBM’s Cost of a Data Breach Report 2020, along with the technology, retail, and financial sectors. As transportation becomes more and more connected and dependent on advanced computing systems and software, the opportunities for cybercriminals to target it and rob such companies of cash also, invariably, go up. Cybercriminals have been increasingly, almost persistently, targeting everything from K-12 schools to critical infrastructure this year.

Meanwhile, when it comes to trucking and logistics, the nation is facing a trucker workforce shortage, trailer utilization is said to be near its peak, there are order delays, and a rise in demand for optimization of existing trailers means some fleets are engaging third parties to add to manpower by helping them monitor, analyze, and decide when to move a trailer, where to move it, and when to have it maintained. Then there are automated trucking fleets, which may not necessarily mean we will see self-driving vehicles on the roads — not in the near term anyway — but mixed operations involving automation systems are inching closer to becoming a reality.

The Federal Motor Carrier Safety Administration (FMCSA) sought public opinion late last year in a survey of private trucking companies, aimed at helping the government establish safety rules that would govern autonomous trucks. All of these developments imply that more technology is coming, ergo more connected devices, which puts cybersecurity under the scanner even in the trucking industry, although it’s pipelines that have been in the limelight when it comes to the broader infrastructure space this year.

While the three other sectors with the highest percentage of malicious attacks — technology, retail, and financial — also had a higher level of security automation deployed, transportation lagged on that front, according to the IBM report we mentioned earlier. When it came to the root causes of data breaches across industries last year, malicious attacks accounted for 58% of all breaches in the transportation sector, which was second only to the tech sector with a similar 59% accounted for by malicious attacks.

So, it’s no wonder that as part of transportation, the trucking and logistics industries did not emerge unscathed either when it comes to cyberattacks in 2020. In fact, cyberattacks in the trucking and logistics space have also reportedly been on the rise since last summer. And as with the Colonial Pipeline hack, many of the attacks against trucking and logistics companies last year also involved ransomware, according to a Freight Waves article. Earlier this month, for instance, data stolen from heavy truck and military vehicle maker Navistar International Corp. is said to have made its way to the dark web. The leaked data exposed detailed financial information, and came less than a month after the company had disclosed that it had been a victim of a cyberattack.

Here’s a quick look at a few major attacks in recent times that depict the interconnectedness of the logistics and trucking industry, therefore making cybersecurity even more pertinent:

• CMA CGM, the world’s fourth-largest container shipping group was hit by a cyberattack that it reported on September 28 last year, which paralyzed its own activity, the impact of which, in turn, was felt globally. While the attack was first discovered in a subsidiary, the company ultimately had to disable its core IT systems, and some functions were down for two weeks.
• In October 2020, when CMA CGM restored its online services, news had also broken of the UN shipping agency the International Maritime Organization (IMO) falling prey to a cyberattack. The IMO’s website and intranet had been disabled by the hackers and its IT specialists had shut down key systems to prevent further damage. An IMO spokeswoman said that while the organization had thwarted other cyberattacks in the past, last year’s was the first to have disabled services.
• In December 2020, trucking and freight transportation logistics giant Forward Air said a ransomware attack affected its operational and information technology systems, causing service delays, in a filing with the Securities and Exchange Commission (SEC). In February 2021, the company said the ransomware attack had a $7.5 million impact on its fourth quarter financial results. The company provides ground transportation and related logistics services to the air freight and expedited less than load (LTL) trucking market in North America. In other words, it is a key link in the airline cargo operations chain. It was targeted by a new and relatively unknown ransomware gang called Hades. The attack left customers unable to book loads for days. Although it is not the largest trucking and logistics company in the country, it had no peer that was immediately able to pick up the slack, according to a Freight Waves article.
• But it’s not just large companies. Small businesses are allegedly the most common victims of cyberattacks. Hundreds of thousands of small trucking companies keep the supply chain going across the country, and are a crucial link in the system. As with the larger firms, companies with smaller fleets are also often threatened and held for ransom by cybercriminals.

Only last week, groups representing various infrastructure sectors called for robust methods to protect the country’s freight and mobility grids, according to Transport Topics. To be sure, cybersecurity is only going to gain even more importance for the trucking and logistics industry with time. As a Freight Waves article puts it, the shutdown of Colonial Pipeline — i.e., a vital supplier of diesel that powers trucks — could just as easily have happened to a major truckload carrier or, really, any other company in the complex, interconnected supply chain that keeps the country running.