WEF

Why transport and supply chain ecosystems need to be cyber secured

Margi Van Gogh
Head, Supply Chain and Transportation Industry, World Economic Forum
Filipe Beato
Lead, Centre for Cybersecurity, World Economic Forum
Luna Rohland
Specialist, Cyber Resilience, World Economic Forum

  • Transport plays a vital role in connecting global economies, with air, ocean, road and rail modes facilitating global trade and economic activity.
  • Disruptions in the transport ecosystem, including cyberattacks, can have far-reaching consequences for organizations and entire economies.
  • The World Economic Forum is bringing together players from across the ecosystem to collaboratively foster cyber resilience through the Cyber Resilience in Transport and Supply Chain Ecosystems initiative, which was launched at the Industry Strategy Meeting 2024 in New York.

Transport networks play a crucial role in connecting global economies. Via multiple modes, such as air, ocean, road and rail, transport networks serve as a vital link to facilitate worldwide trade and economic activity.

Disruptions in the transport ecosystem can have far-reaching consequences for organizations and entire economies. Although not related to a cyber incident, this has been illustrated by the recent Houthi attacks on vessels in the Red Sea, obstructing maritime traffic through the Suez Canal.

This has resulted in a notable 1.3% decline in global trade and a potential increase of between 31-575% of carbon dioxide (CO₂) emissions per TEU as vessels are forced to take alternative routes.

Transport and supply chain ecosystems increasingly digitalized and automated

The transport ecosystem is undergoing a rapid digitalization and automation, driven by technologies like artificial intelligence, cloud and the internet of things (IoT).

Just over 80% of transport leaders are reporting increased investments in technology since 2020, resulting in a 20% reduction of operating costs for companies with advanced supply chain digitalization. It is anticipated that the digitalization of the trade ecosystem will unlock $9 trillion value across the G7 countries until 2025.

While these developments are very promising for the industry, the rapid digitalization of the transport ecosystem also introduces a high level of cyber risk. In the maritime industry alone, there has been a 467% increase in organizations that have paid ransoms after a cyber attack in the past year.

According to research conducted by IBM, a single data breach affecting the transport sector costs the organization on average $4.18 million. Increased interconnectivity and reliance on digital technologies heighten vulnerability to cyber threats.

The reliance on legacy information technology (IT) and operational technology (OT) infrastructure and dependency on critical niche suppliers across the transport and supply chain ecosystems emerges as a major challenge, complicating efforts to strengthen cyber resilience.

The profound effects of cyberattacks on the transport ecosystem were illustrated by the July 2023 ransomware attack on Japan’s Port of Nagoya. The attack led to a two-day suspension of operations, disrupting 10% of the total trade of Japan – the world’s fourth largest economy.

Similarly, in mid-November 2023, four major DP World port terminals in Australia had to suspend their operation for three days due to a cyberattack. This resulted in a backlog of more than 30,000 containers and up to 10 days of delay.

Furthermore, cyberattacks not only have the potential to disrupt operations; they also pose significant safety and environmental risks. This has been highlighted by incidents such as the 2017 cyberattack on a Saudi petrochemical plant, which aimed to trigger an explosion, and the 2020 cyberattack on a water treatment facility in the US, where hackers attempted to poison the water supply.

Taking an ecosystem-wide approach to building cyber resilience

In the face of these challenges, cyber action is being complicated by the complex structure of the transport, logistics and supply chain networks. This complexity arises from what is a highly fragmented landscape, compounded by the diversity of players, all with varying digital and cybersecurity maturity levels.

Furthermore, the reliance on legacy IT and OT infrastructure, and the limited visibility on the complex interconnection of various transport modes and infrastructure elements, presents significant challenges for managing risk and implementing cybersecurity measures.

The high dependency on third-party providers, including niche suppliers, further compounds this challenge and puts transport players at risk of global cascading effects. For instance, most modern cargo vessels are presently powered by slow-speed two-stroke diesel engines.

An attack on a few niche suppliers to these major players could have severe consequences across the sector. This would in turn lead to disruptions across global supply chains given that maritime transport moves approximately 90% of traded goods.

While there has been a proliferation of cybersecurity initiatives focusing on specific segments of the transport ecosystem, there is a need to bring players from across the end-to-end transport, supply chain and logistics services industries together to address system-level cyber resilience.

In the aviation industry, organizations like the International Air Transport Association (IATA) and the Airports Council International (ACI) have been pivotal in setting industry standards and promoting the alignment of cybersecurity regulations, approaches and risk management. However, those efforts widely remain sector specific.

Building cyber resilience across the transport ecosystem

To effectively address cyber risks and bolster the resilience of the highly interconnected transport systems, it is critical to adopt a collaborative and ecosystem-wide approach.

An approach that encompasses all modes of transport including air, ocean, road and rail, and includes key stakeholders such as brokers, suppliers, technology providers, key associations, regulators and law enforcement agencies, can lead to enhanced understanding of what is essential to building cyber resilience across diverse global transport and supply chain networks.

Recognizing the need for a consolidated effort in transport and logistics, the World Economic Forum is bringing together players from across the ecosystem to collaboratively foster cyber resilience. The Cyber Resilience in Transport and Supply Chain Ecosystems initiative was kicked off at the Industry Strategy Meet

To drive impact on cyber resilience, the initiative aims to develop a playbook that sets out the cyber foundations for transport and logistics, mapping existing dependencies, risks and opportunities, and assessing their systematic impact.

Additionally, the engaged actors will seek to define key guiding principles to enhance cyber resilience and support small and medium-sized players with adoption of effective cybersecurity measures and promoting collective responsibility across the industry.

By demonstrating best practices and use cases, such a playbook can serve as a valuable resource for a broad spectrum of industry stakeholders – from multinationals to SMEs – fostering collaboration and knowledge-sharing to ensure a more cyber resilient global transport and supply chain ecosystem.

Previously posted at :