NCI Campaign Transport & Logistics

The Suez Canal – could a virtual incident cause the same problems?

Back in March 2021, Ever Given, a large container vessel got stuck in the Suez Canal and effectively blocked the shipping channel for nearly a week, costing billions of dollars and causing huge delays in the delivery of goods.

The Suez Canal is one of the busiest shipping channels for oil and refined fuels, grain and other trade linking east to west.

  • Approximately 12% of global trade travels through the canal daily.
  • 50+ vessels navigate the canal everyday
  • 2bn tonnes of cargo is transported through the canal annually
  • 9m barrels of oil is routed through the canal per day.

[Source: Lloyds List – https://lloydslist.maritimeintelligence.informa.com/LL1136229/Suez-Canal-remains-blocked-despite-efforts-to-refloat-grounded-Ever-Given]

With such large ships navigating such a narrow area, and when the whole world relies on this short cut from east to west, the chances are that another incident could happen and again cause delays to the supply of commodities.  However, could a similar situation be caused by a cyber-attack?

What are the chances of a cyber-attack causing a virtual Suez Canal blockage?

As our daily lives become more integrated with technology, so do the vessels that our trade and people travel on.

The transport and logistics industry have been slow in adopting the digital age.  However, with navigation, communications and guidance systems being accessed via cloud systems, it naturally follows that this could be an area that cybercriminals may target in future.

Knowing what chaos was caused by the Evergreen incident, it may be that a bad actor gains access to a ship’s navigation and guidance systems possibly causing the ship to be artificially stranded in the Suez Canal causing a similar incident but this time, in order to get the ship moving again, a ransom is requested to get the ship moving again.

Currently, the transport and logistics industry lacks a unified approach to cyber security. At present it is up to individual countries to decide the extent of cyber secure systems and what best practices they should follow. Unlike other sectors such as healthcare, banking and finance, where industry bodies are dictating cyber security standards. The growing security gap across the transport and logistics sector is leaving many organisations exposed to cyber threats.

Why wait until you are a victim of cyber-attack?

If you are unfortunate enough to be a victim of a such a cyber-attack, there are huge costs involved in putting things right, the reputational damage and fines delivered by regional data protection legislation.

As the BCG state in their article navigating rising cyber risks in transport and logistics there are three main areas of weakness

1. Technology

The more networks they connect across, the more possibilities there are for hackers.  Secure technology can help evade attack, but often bad actors can devise devious and manipulative attacks to gain access to your systems, locating valuable cargo and tracking its journey.NCI Campaign - Cargo Ships Communications

2. Regulation

Regulation of cyber security within transport and logistics is not as extensive as other regulations and it seems that as the industry is global, the regulators have struggled to agree on a set of regulations that successfully meets the needs of the industry.

3. People and Processes

Here there is an element of human nature causing an already weak link to break and allow bad actors in.  People forget passwords all the time and click on links where they are asked to enter their credentials.

By creating digital identities for your employees within a credential management system, organisations can manage the lifecycle of that credential. Secure credentials for employee digital identity is a good way to keep your systems and processes secure.

Another tip is to make sure your employees are regularly trained in the dangers of phishing attacks and what to look for to spot them.  You should also have a policy in place to ensure they can report any suspicious activity.

75% of organizations around the world experienced some kind of phishing attack in 2020 – https://www.tessian.com/blog/phishing-statistics-2020/.

Digital Identities and Credential Management

Trusting the digital identities that have access to your systems and having a credential management system in place, which gives digital identities to your employees and supply chain, with strong authentication is a step towards becoming cyber secure.

MyID® is a feature-rich credential management system (CMS) that enables organisations to deploy digital identities to a wide range of secure devices simply, securely and at scale.

MyID integrates easily with your existing systems, ensuring the right people receive the right digital identities, with minimal impact on the current environment reducing deployment times and operational costs.

MyID provides full audit and reporting capabilities allowing visibility of who issued which digital identities to which users and on what device, ensuring organisations remain in control of who can access their systems and enabling them to demonstrate compliance with best practice security standards.

For more information see MyID

So back to the question could a virtual incident cause the same problems?

Yes, in theory it could, but also if transport and logistics companies adopt a secure authentication system for their employees and supply chain, organisations put themselves in a strong position to mitigate this threat.

See how MyID can support secure authentication within the National Critical Infrastructure 

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.