Industrial action at Felixstowe could offer a window to the world of supply chain-focused cyber attacks

The potential disruption caused by seven days of industrial action at one UK port is making headlines all over the world. This single point in the UK supply chain handles approximately 48% of the containers coming in and out of the UK.  

Supply chains operate on such tight levels of efficiency that there is minimal slack, and even a disruption of seven days will have a long lasting impact. Some sources are talking about the ripple effects from Felixstowe being felt until Christmas.  

The impact of such disruption reinforces the opinion that a debilitating cyber attack against the logistics sector would cause significant pain to not just the logistic companies themselves but also countries at large. If a seven-day strike can be this disruptive, what would a month-long cyber attack cause? What would the impact be if capacity was reduced by 50%?

Securing the cyber security of logistics is a huge, complex problem. Getting goods from A to B at the right time, in the right condition, and for the right price requires a complex chain of different organisation, facilities, technology and people. Organisations are interconnected in a way that many do not consider, and a disruption to one is potentially liable to affect the whole logistics chain, the sector, or indeed the country. If your logistics provider, your competitor, your supplier, your suppliers' suppliers, or potentially someone you have never heard of has weak security, you could expect to suffer at least some of the impact.  

Simply requiring logistics and supply chain companies to have security is not enough.  

Organisations must model the impact of disruption to supply chains from cyber attacks, taking action to minimise the risk and manage the impact when it happens.  

Business-to-business collaboration is key. Organisations need to work together, model threats, share countermeasures and threat intel and above all audit, test and discuss, and protect the full supply chain. Managing supply chain risk through questionnaires and protecting your organisation alone is not good enough. Questionnaire responses are too often about individual intent and not collective capability - we need to work much more closely together as a community to repel the risks posed by cyber attacks targeted at supply chains.