CSCMP's Supply Chain Quarterly
December 14, 2018
Forward Thinking

Supply chain cybersecurity threats may rise in 2018, warns Booz Allen

Companies could see an increase in cyber threats such as the NotPetya attack, which shut down container shipping giant Maersk.

One of the biggest cybersecurity stories of 2017 was the NotPetya attack, which memorably hit shipping giant A.P. Moller - Maersk, causing it to shut down operations at 76 port terminals in four countries around the world. The attack caused delays and disruptions that lasted weeks and ultimately cost the company more than US$2 million.

According to the consulting firm Booz Allen Hamilton, this type of cyberattack should not be viewed as a one-time fluke. In its "Foresights 2018" special report, Booz Allen predicts that companies will see more of these types of cyberthreats in the coming year.

What made NotPetya different from other cybersecurity attacks is that it originated not with Maersk but as an attack on the Ukrainian tax software M.E.Doc, which then spread through compromised networks. Booz Allen describes these types of cybersecurity risks as "indirect supply attacks," where cybercriminals infiltrate a small software provider or other supplier that operates within the supply chain of a much larger company. The ultimate target is not the original compromised company but larger Fortune 500 companies.

Another cybersecurity trend that supply chain managers should be aware of is extortion attacks on industrial control systems (ICS). In these cases, hackers gain access to a manufacturer's ICS and demand that the company pay a ransom to prevent or mitigate any disruptions to operations. Automakers Nissan and Renault and pharmaceutical company Merck all experienced such attacks in 2017. In addition, there have been incidents of Eastern European criminals who have used such techniques against chemical manufacturing facilities, according to the report.

However, the report suggests that these types of threats will not be widespread. To successfully carry out such attacks, criminals will need to know not only how to gain access to a control system but also how to target the process being controlled. "Attacks of this nature will likely be beyond the reach of most cybercriminals and be limited to a small, niche group of technically savvy actors," says the report.

Join the Discussion

After you comment, click Post. If you're not already logged in, you will be asked to log in or register.

Want more articles like this? Sign up for a free subscription to Supply Chain Executive Insight, a monthly e-newsletter that provides insights and commentary on supply chain trends and developments. Click here to subscribe.

We Want to Hear From You! We invite you to share your thoughts and opinions about this article by sending an e-mail to ?Subject=Letter to the Editor: Quarter 2018: Supply chain cybersecurity threats may rise in 2018, warns Booz Allen"> . We will publish selected readers' comments in future issues of CSCMP's Supply Chain Quarterly. Correspondence may be edited for clarity or for length.

Want more articles like this? Subscribe to CSCMP's Supply Chain Quarterly.