Transport and Logistics

The transport and logistics sector comprises of aviation, maritime and land transport, including rail.

The sector is often critical to a country’s infrastructure. Historically, transport and logistics companies have focused on improving safety and reducing physical risks rather than cyber security.

Challenges

Increasing digital interconnectedness:

Transport and logistics operations are becoming increasingly digital, integrating IT with IoT and OT cyber/ physical systems.  This brings real benefits such as real-time data to create cost-effective operations across aviation, land and maritime transport and logistical operations.

Increased attack surface area:

However, using IoT systems increases the cyber-attack surface area, while some legacy OT systems were ever designed with security in mind. Security is not about restricting these systems; it’s about embedding security within the design to ensure increases in productivity and efficiency are complemented with better security.

Threats and impacts:

Typically, cyber criminals may seek to exploit inventory, delivery or even operational data that pinpoints transportation or simply exploits the reliance on cyber-based control.

Effects of attack on the supply chain can crimple organisations, for example, the 2017 NotPetya ransomware attack against Maersk, causing an estimated $300 million on associated costs, or in 2022 where multiple oil terminals across Europe were unable to process incoming barges – also the result of a ransomware attack.

In April 2021, the metropolitan Transport Authority (MTA), carrying over 11 million passengers a day during the working week and over 850,000 vehicles, had been targeted by state threat actors, exploiting a zero-day vulnerability. It was reported no operational systems were impacted nor data stolen.

Opliciti

Our staff have experience of working with transport and logistics, combining both physical and cyber security risk to create comprehensive approaches to reducing risk.

Let us help you:

  • Assess and present cyber security as a business risk to drive board ownership and risk appetite.

  • Create business-integrated or aligned cyber security strategy across IT and OT environments to enable safety, resilience and create and protect value.

  • Align with industry accepted best practice, ISO27001, NIST, NIS CAF, IEC62443 etc, identifying prioritised risk and aligning appropriate proportionate controls that are suitably governed.

  • Manage security operations using artificial intelligence and machine learning with automated response to stop cyber threats efficiently and effectively.