As logistics-sector companies go increasingly digital, they face a rising threat from hackers and ransomware attacks. But experts say there are steps they can take to minimize the risk.
Ben Ames has spent 20 years as a journalist since starting out as a daily newspaper reporter in Pennsylvania in 1995. From 1999 forward, he has focused on business and technology reporting for a number of trade journals, beginning when he joined Design News and Modern Materials Handling magazines. Ames is author of the trail guide "Hiking Massachusetts" and is a graduate of the Columbia School of Journalism.
Supply chains are becoming more digital by the day, as companies add electronic sensors to everything from pallets and containers to conveyors, forklifts, and dock doors. While all that hyperconnectivity is great for supply chain visibility, connecting every truck and warehouse to the internet of things (IoT) also has a downside: It makes businesses more vulnerable to hackers, who can use those links to steal data or install ransomware—software that freezes a company’s entire network until the victim pays a steep fee.
Fortunately, companies don’t have to go it alone when it comes to security planning. There’s a wealth of information on cybersecurity available online, including protocols developed by government agencies and industry organizations to help businesses lessen their risk (see sidebar).
A COMPLEX PROBLEM
That’s not to say it will be easy. In the logistics sector, keeping track of every online asset can be a complex job, says Sharon Reynolds, chief information security officer (CISO) at the Dallas-based telematics technology vendor Omnitracs. In the transportation sector alone, trucks are rapidly becoming digitalized with internet connections like in-cab devices, IoT sensors, and links for routing and dispatch tracking.
Furthermore, modern supply chains involve complex webs of suppliers, who often share real-time data with each other. “Before, you could screen partners by just checking the financials of the company to make sure they’re reliable, and maybe get references. But with supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks. Now, you have to understand your entire cyberthreat exposure, because all the partners are interconnected,” Reynolds says.
That web of connections makes companies more vulnerable to attacks because a network is only as secure as its weakest link, agrees Pal Narayanan, executive vice president and chief information officer–Americas at contract logistics and supply chain services provider Geodis.
“You have partners with partners, and some of those partners operate right within your four walls,” Narayanan says. “That’s because the rising demands of e-commerce require increased automation and mechanization, like robotics, conveyors, or warehouse control systems. They’re all bringing their computer systems inside your [warehouse].”
In Geodis’s case, those connections add up quickly, as the company operates 160 warehouses and partners with 15 automation providers. Narayanan’s challenge is to get all those automated devices to work together and still be secure. “To protect your systems, you need to have security along with nimbleness and flexibility,” he says. “If you’ve got Fort Knox-level security, then you can’t grow your business because nobody’s coming in and nobody’s going out. So you have to find a balance.”
THE PRICE OF FAME
With supply chain, even your suppliers have suppliers, so you need to identify your third-party and fourth-party risks.
Striking a balance between business agility and cybersecurity has become increasingly difficult in an era when hackers are ramping up their attacks on the sector. “In the past, logistics was flying under the radar. Before Amazon, it wasn’t sexy, it wasn’t in the mainstream, so hackers focused on financial, banking, and medical companies,” Narayanan says. “But now, with how important online shopping has become and the impact of Covid, logistics has been thrust onto center stage, and with fame comes a challenge.”
A recent industry report underscores that point. In a study titled Supply Chain Disruptions and Cybersecurity in Logistics, cybersecurity services company BlueVoyant reported that hackers launched three times as many ransomware attacks on shipping and logistics companies in 2020 as in 2019.
Most of the recent attacks resulted from phishing—where hackers posing as legitimate companies persuade employees to disclose their passwords—or access to unprotected network connections called “remote desktop ports,” BlueVoyant said in the report.
But that’s hardly the only threat. Another rapidly growing vulnerability is the spiraling number of IoT connections, which are forecast to grow to 23.6 billion worldwide by 2026 from 8.6 billion in 2021, according to technology advisory firm ABI Research. While that exponential growth will usher in a new era of connectivity and productivity, it will also result in new threat vectors, ABI says.
CLOSING THE SECURITY GAP
The good news for logistics professionals looking to bolster their digital defenses is that, as relative latecomers to the game, they can learn from other industries’ experiences, says Omnitracs’ Reynolds.
For example, many companies suffered painful hacks in past years because manufacturers of IoT-enabled devices like webcams and digital video recorders (DVRs) had originally released their products without basic security requirements like password protection. It wasn’t long before hackers began taking them over as “botnets,” which are collections of private computers that have been hijacked to send out spam and malicious software.
Those botnet attacks can also be launched from home appliances like printers and refrigerators, which connect to residential internet networks that are typically far easier to hack than their office counterparts, says Chris Sandberg, vice president of information security at freight fleet technology specialist Trimble Transportation.
And that botnet threat matters not merely because a hacker might take over your fridge, but because the ubiquitous kitchen appliance is a node on the internet and can be used as a resource to launch attacks on any target worldwide.
That security gap means that many companies have become far more vulnerable over the past year as their employees started working from home offices during the pandemic. “The more people work from home, the larger your attack surface is,” Sandberg says. “If you push a fence out and can’t see it all, you can’t see what cuts through that fence.”
And the same principle applies to trucks that are increasingly wired with connected devices like infotainment systems, manufacturers’ diagnostic sensors, telematics, and electronic logging devices (ELDs), he adds.
ADDING LAYERS OF CYBERARMOR
As for what companies can do to protect themselves, Sandberg recommends starting with policies where you can rack up some easy wins. His advice: Identify critical resources and vendors, create disaster response plans, train employees not to share accounts, urge them to use multifactor authentication, encourage them to create complex passwords and change them frequently, and add cybersecurity awareness to truckers’ pre-trip checklists.
Other security specialists remind companies to conduct frequent data backups across their entire systems, decreasing the chance they’ll have to pay hackers a ransom to get their data back.
Building better cyberdefenses might sound daunting, but corporations can succeed if they approach it as a business problem like any other, says Omnitracs’ Reynolds.
“Complicated business problems are being solved by these companies every day. So, they just need to treat it like risk management. And there are only four things you can do with risk: Avoid it, reduce it, transfer it to someone else, or accept it,” she says.
Given the mounting threats, Reynolds urges logistics professionals to get out ahead of the problem and ensure they have a comprehensive cybersecurity plan in place. “I think you can’t afford not to; this is a part of doing business,” she says. “But we can learn from other groups that have discovered these realities,” Reynolds adds. “This is an incredibly resilient industry, so I don’t think it’s a challenge that’s insurmountable.”
For more information …
Looking to learn more about cyberthreats and ways to minimize your risk? Here are some links to get you started:
The National Institute of Standards and Technology (NIST)’s cybersecurity framework at the U.S. Department of Commerce
Congestion on U.S. highways is costing the trucking industry big, according to research from the American Transportation Research Institute (ATRI), released today.
The group found that traffic congestion on U.S. highways added $108.8 billion in costs to the trucking industry in 2022, a record high. The information comes from ATRI’s Cost of Congestion study, which is part of the organization’s ongoing highway performance measurement research.
Total hours of congestion fell slightly compared to 2021 due to softening freight market conditions, but the cost of operating a truck increased at a much higher rate, according to the research. As a result, the overall cost of congestion increased by 15% year-over-year—a level equivalent to more than 430,000 commercial truck drivers sitting idle for one work year and an average cost of $7,588 for every registered combination truck.
The analysis also identified metropolitan delays and related impacts, showing that the top 10 most-congested states each experienced added costs of more than $8 billion. That list was led by Texas, at $9.17 billion in added costs; California, at $8.77 billion; and Florida, $8.44 billion. Rounding out the top 10 list were New York, Georgia, New Jersey, Illinois, Pennsylvania, Louisiana, and Tennessee. Combined, the top 10 states account for more than half of the trucking industry’s congestion costs nationwide—52%, according to the research.
The metro areas with the highest congestion costs include New York City, $6.68 billion; Miami, $3.2 billion; and Chicago, $3.14 billion.
ATRI’s analysis also found that the trucking industry wasted more than 6.4 billion gallons of diesel fuel in 2022 due to congestion, resulting in additional fuel costs of $32.1 billion.
ATRI used a combination of data sources, including its truck GPS database and Operational Costs study benchmarks, to calculate the impacts of trucking delays on major U.S. roadways.
There’s a photo from 1971 that John Kent, professor of supply chain management at the University of Arkansas, likes to show. It’s of a shaggy-haired 18-year-old named Glenn Cowan grinning at three-time world table tennis champion Zhuang Zedong, while holding a silk tapestry Zhuang had just given him. Cowan was a member of the U.S. table tennis team who participated in the 1971 World Table Tennis Championships in Nagoya, Japan. Story has it that one morning, he overslept and missed his bus to the tournament and had to hitch a ride with the Chinese national team and met and connected with Zhuang.
Cowan and Zhuang’s interaction led to an invitation for the U.S. team to visit China. At the time, the two countries were just beginning to emerge from a 20-year period of decidedly frosty relations, strict travel bans, and trade restrictions. The highly publicized trip signaled a willingness on both sides to renew relations and launched the term “pingpong diplomacy.”
Kent, who is a senior fellow at the George H. W. Bush Foundation for U.S.-China Relations, believes the photograph is a good reminder that some 50-odd years ago, the economies of the United States and China were not as tightly interwoven as they are today. At the time, the Nixon administration was looking to form closer political and economic ties between the two countries in hopes of reducing chances of future conflict (and to weaken alliances among Communist countries).
The signals coming out of Washington and Beijing are now, of course, much different than they were in the early 1970s. Instead of advocating for better relations, political rhetoric focuses on the need for the U.S. to “decouple” from China. Both Republicans and Democrats have warned that the U.S. economy is too dependent on goods manufactured in China. They see this dependency as a threat to economic strength, American jobs, supply chain resiliency, and national security.
Supply chain professionals, however, know that extricating ourselves from our reliance on Chinese manufacturing is easier said than done. Many pundits push for a “China + 1” strategy, where companies diversify their manufacturing and sourcing options beyond China. But in reality, that “plus one” is often a Chinese company operating in a different country or a non-Chinese manufacturer that is still heavily dependent on material or subcomponents made in China.
This is the problem when supply chain decisions are made on a global scale without input from supply chain professionals. In an article in the Arkansas Democrat-Gazette, Kent argues that, “The discussions on supply chains mainly take place between government officials who typically bring many other competing issues and agendas to the table. Corporate entities—the individuals and companies directly impacted by supply chains—tend to be under-represented in the conversation.”
Kent is a proponent of what he calls “supply chain diplomacy,” where experts from academia and industry from the U.S. and China work collaboratively to create better, more efficient global supply chains. Take, for example, the “Peace Beans” project that Kent is involved with. This project, jointly formed by Zhejiang University and the Bush China Foundation, proposes balancing supply chains by exporting soybeans from Arkansas to tofu producers in China’s Yunnan province, and, in return, importing coffee beans grown in Yunnan to coffee roasters in Arkansas. Kent believes the operation could even use the same transportation equipment.
The benefits of working collaboratively—instead of continuing to build friction in the supply chain through tariffs and adversarial relationships—are numerous, according to Kent and his colleagues. They believe it would be much better if the two major world economies worked together on issues like global inflation, climate change, and artificial intelligence.
And such relations could play a significant role in strengthening world peace, particularly in light of ongoing tensions over Taiwan. Because, as Kent writes, “The 19th-century idea that ‘When goods don’t cross borders, soldiers will’ is as true today as ever. Perhaps more so.”
Hyster-Yale Materials Handling today announced its plans to fulfill the domestic manufacturing requirements of the Build America, Buy America (BABA) Act for certain portions of its lineup of forklift trucks and container handling equipment.
That means the Greenville, North Carolina-based company now plans to expand its existing American manufacturing with a targeted set of high-capacity models, including electric options, that align with the needs of infrastructure projects subject to BABA requirements. The company’s plans include determining the optimal production location in the United States, strategically expanding sourcing agreements to meet local material requirements, and further developing electric power options for high-capacity equipment.
As a part of the 2021 Infrastructure Investment and Jobs Act, the BABA Act aims to increase the use of American-made materials in federally funded infrastructure projects across the U.S., Hyster-Yale says. It was enacted as part of a broader effort to boost domestic manufacturing and economic growth, and mandates that federal dollars allocated to infrastructure – such as roads, bridges, ports and public transit systems – must prioritize materials produced in the USA, including critical items like steel, iron and various construction materials.
Hyster-Yale’s footprint in the U.S. is spread across 10 locations, including three manufacturing facilities.
“Our leadership is fully invested in meeting the needs of businesses that require BABA-compliant material handling solutions,” Tony Salgado, Hyster-Yale’s chief operating officer, said in a release. “We are working to partner with our key domestic suppliers, as well as identifying how best to leverage our own American manufacturing footprint to deliver a competitive solution for our customers and stakeholders. But beyond mere compliance, and in line with the many areas of our business where we are evolving to better support our customers, our commitment remains steadfast. We are dedicated to delivering industry-leading standards in design, durability and performance — qualities that have become synonymous with our brands worldwide and that our customers have come to rely on and expect.”
In a separate move, the U.S. Environmental Protection Agency (EPA) also gave its approval for the state to advance its Heavy-Duty Omnibus Rule, which is crafted to significantly reduce smog-forming nitrogen oxide (NOx) emissions from new heavy-duty, diesel-powered trucks.
Both rules are intended to deliver health benefits to California citizens affected by vehicle pollution, according to the environmental group Earthjustice. If the state gets federal approval for the final steps to become law, the rules mean that cars on the road in California will largely be zero-emissions a generation from now in the 2050s, accounting for the average vehicle lifespan of vehicles with internal combustion engine (ICE) power sold before that 2035 date.
“This might read like checking a bureaucratic box, but EPA’s approval is a critical step forward in protecting our lungs from pollution and our wallets from the expenses of combustion fuels,” Paul Cort, director of Earthjustice’s Right To Zero campaign, said in a release. “The gradual shift in car sales to zero-emissions models will cut smog and household costs while growing California’s clean energy workforce. Cutting truck pollution will help clear our skies of smog. EPA should now approve the remaining authorization requests from California to allow the state to clean its air and protect its residents.”
However, the truck drivers' industry group Owner-Operator Independent Drivers Association (OOIDA) pushed back against the federal decision allowing the Omnibus Low-NOx rule to advance. "The Omnibus Low-NOx waiver for California calls into question the policymaking process under the Biden administration's EPA. Purposefully injecting uncertainty into a $588 billion American industry is bad for our economy and makes no meaningful progress towards purported environmental goals," (OOIDA) President Todd Spencer said in a release. "EPA's credibility outside of radical environmental circles would have been better served by working with regulated industries rather than ramming through last-minute special interest favors. We look forward to working with the Trump administration's EPA in good faith towards achievable environmental outcomes.”
Editor's note:This article was revised on December 18 to add reaction from OOIDA.
Global trade will see a moderate rebound in 2025, likely growing by 3.6% in volume terms, helped by companies restocking and households renewing purchases of durable goods while reducing spending on services, according to a forecast from trade credit insurer Allianz Trade.
The end of the year for 2024 will also likely be supported by companies rushing to ship goods in anticipation of the higher tariffs likely to be imposed by the coming Trump administration, and other potential disruptions in the coming quarters, the report said.
However, that tailwind for global trade will likely shift to a headwind once the effects of a renewed but contained trade war are felt from the second half of 2025 and in full in 2026. As a result, Allianz Trade has throttled back its predictions, saying that global trade in volume will grow by 2.8% in 2025 (reduced by 0.2 percentage points vs. its previous forecast) and 2.3% in 2026 (reduced by 0.5 percentage points).
The same logic applies to Allianz Trade’s forecast for export prices in U.S. dollars, which the firm has now revised downward to predict growth reaching 2.3% in 2025 (reduced by 1.7 percentage points) and 4.1% in 2026 (reduced by 0.8 percentage points).
In the meantime, the rush to frontload imports into the U.S. is giving freight carriers an early Christmas present. According to Allianz Trade, data released last week showed Chinese exports rising by a robust 6.7% y/y in November. And imports of some consumer goods that have been threatened with a likely 25% tariff under the new Trump administration have outperformed even more, growing by nearly 20% y/y on average between July and September.