As the risks of cyber attacks increase, it has become vital for air cargo operators to stay protected. Cyber attacks can bring cargo ships and planes to a halt and if these attacks increase, more needs to be done than develop cyber resilience. CARGOTALK asks those in the front line, how they set up their line of defense.
--Abigail Mathias
Since the start of COVID, hackers have been exploiting the vulnerabilities in the global crisis to attack the already strained organizations. This is especially true in businesses that rely on shipping, manufacturing, and storage, such as logistics, especially in demand and strained during the pandemic.
This presents major concerns for companies that transport goods—adding to the existing delays, bottlenecks, and obstacles affecting the supply chain. Cyber criminals create new sites to carry out spam campaigns, spread malware, or launch phishing attacks.
Typically, these domains closely mimic the legitimate websites with keywords and phrases that attract users. the growing reliance on IoT infrastructures, are essential in a fast-paced, global economy.Attacks on the supply chain can be initiated directly or indirectly.
Most modern logistics involves many suppliers and vendors working together in partnerships, so a security breach for any of them can give the attacker access to a shared pool of data. Hackers know this, which is why they put so much effort into attacking these targets.
Resilience to cyberattacks requires a solid risk management approach
-Celine Hourcade, Founder & Managing Director, Change Horizon
Prime cyber threats in the transportation sector are data-related, ransomware, malware, and operational disruptions motivated either by financial gain or connected to hacktivist groups, guided by ideological motivations and geopolitical conflicts.
It is important that investments in cybersecurity technologies alone are not enough for companies to protect themselves from cyber insecurities. Cybersecurity is not just about technology: it is about people and processes and truly requires a mindset shift.
Increasing resilience to cyberattacks also requires a solid risk management approach and a strong cybersecurity culture. That is why I am looking at cybersecurity in addition to sustainability. It looks different; but these are critical ingredients of the corporate transformational recipe to make air cargo smarter, resilient, and sustainable.”
Air cargo ferrying valuable items is an attractive target of cyber criminals
-Pradeep Luthria, Senior Partner and Chief Practioner, Saiber Innovation Technologies
Both air and ocean freight face cyber threats, but there are some key security differences between them. Air cargo frequently carries high-value goods such as electronics, pharma, and luxury items, making it an attractive target for cybercriminals. The aviation industry has stricter regulations around cybersecurity compared to maritime transport, supposedly (potentially) leading to greater compliance and investment in security measures.
But that is not always the real situation, unfortunately. The industry is more digitally transformed than the sea cargo sector. Consequently, digitalisation translates to potential entry points for hackers. High-value goods and potentially sensitive data within cargo raise the stakes of breaches. Keeping up with evolving regulations and ensuring security practices across global networks can be challenging.
More so with varying global levels of on-ground network security and state of compliance, availability of network redundancy, staff competency levels. Compliance checklists can contribute to a false sense of cybersecurity readiness. With challenges abound, the industry needs to do much more to develop cyber resilience.”
Threat initiatives frequently strengthen industry’s cybersecurity defence
-Ali Javaheri, CEO, Shiplifier
In the air cargo industry, cybersecurity protects critical information and operations. It includes secure data transmission, network security, cargo tracking systems, access controls, and vulnerability management,
among others. Ongoing employee training ensures awareness, while compliance with regulations and supply chain security measures fortify defenses. Participating in threat intelligence sharing initiatives strengthens the industry’s collective cybersecurity defense against emerging threats.
We work closely with the courier companies that partnered with us to ensure all the data sent from our application to them and vice versa is done securely and follows rigid cyber security protocols and standards. For example, we receive live tracking from the multiple courier firms through webhook handshakes that we have designed for each company. This ensures the information we are receiving has not been manipulated or intercepted.”
‘We implement advanced technology to protect our data from cyber threats’
-Pongsathorn Sangasang, Ground Operation and Commercial Director, Pattaya Airways
In the air freight industry, cybersecurity is a multifaceted approach that includes safeguarding sensitive transportation data, securing network systems, and operational measures against cyber threats.
Cybersecurity involves implementing data protection strategies such as encryption, secure data storage, and access control to prevent data breaches and unauthorized access, and emphasizes network security by using firewalls, intrusion detection systems, and on-going security evaluations to defend against cyberattacks.
Compliance with national and global cybersecurity regulations, including regular audits and adherence to standards such as ISO/IEC 27001. Employee training and awareness programmes are essential to educate staff about potential cyber threats, such as phishing and social engineering, thereby reducing the risk of data leaks.
Cybersecurity measures are combined with physical security systems to ensure the protection of both the facilities and the cargo being transported. To maintain the integrity of our security systems, our IT team performs regular audits and updates, addressing new vulnerabilities as they arise.
Our firm has engaged in implementing cybersecurity measures to protect our data and systems from complex cyber threats. This includes significant investment in both cybersecurity software and hardware. A focus on compliance with industry standards and regulations is essential, as it not only ensures legal compliance but also significantly enhances overall cybersecurity.”
Using advanced technology, regular checks vital in cybersecurity issues
-Shankar Subramoniam, CEO, Salt Tech International
Like other industries, the aviation industry has become increasingly digitized over the past few years. Modern aviation systems development leverages all sorts of technological innovations, such as augmented reality, 3D printing, Machine Learning, cloud technology, and perhaps most importantly in the context of cybersecurity issues, the Internet of Things (IoT). Using up-to-date systems and software, with regular checks for vulnerabilities.
Assessing all the aviation applications regularly for vulnerabilities, including in-flight and cockpit devices. Securing the access to network devices and systems by protecting the endpoints with endpoint management solutions.”
IATA Security Management manuals provide standards of safety culture
-Ruthvik Srinivas, Business Development Manager, Fresa Technologies
Cybersecurity in air freight industry is crucial as many procedures take place online. The air freight industry involves various web portals for data uploads and monetary transactions. It also includes maintaining sensitive data in cloud systems.
Authorities such as IATA publish Security Management System (SeMS) Manuals to provide standards for cyber security culture, aviation security measures, and cybersecurity risk management in the airline industry.
Fresa Technologies on its own provides cybersecurity solutions in the form of data encryption for heavy data storage, accessibility controls with auto logout in the event of a minimum idle screen time, firewall security for database and application servers, an incident response plan with Disaster Recovery Server (DRS), and other cybersecurity risk management solutions.
Cybersecurity, as a basic measure, can be applied at the workplace by checking/giving access to third party applications without a valid license or a work requirement.”
Firms should think of investing more in making their systems impenetrable
-Tony Hasek, CEO, Goldilock.com
With the recent collapses in logistics operations, the world has come to understand just how costly, and jarring such disruptions can be and the air cargo industry is no exception. Because of its speed, the industry is perhaps even more essential.
Cyber protection is crucial. There are myriad solutions at various technology layers that must be considered and implemented. Goldilock operates at Layer I, the very basis of network architecture. We physically separate networks and devices thereby making them almost impenetrable.
For preventing cyberattacks, we have been recognized by institutions, such as North Atlantic Treaty Organization (NATO). The companies should think of cybersecurity from day one and to always keep it front of their mind. Comprehensive training, regular auditing and iron-clad best practice procedures and compliance of regulations are the way forward.”