In early October 2023, one of the busiest providers of less-than-truckload (LTL) services in the United States announced that it had been affected by a cyber attack that crippled most of its IT infrastructure. Estes Express Lines did not go into detail about the incident; however, executives posted updates on the X social network (formerly known as Twitter), indicating that drivers could still communicate with terminals through backup SMS channels, thus allowing them to continue picking up and delivering cargo.
The Estes cyber attack unfolded just days after the United States Cybersecurity and Infrastructure Security Agency (CISA) kicked off National Cybersecurity Awareness Month, which the Department of Homeland Security has been observing every October since 2004. The American freight industry has always been a critical aspect of the national infrastructure, thus making it a target for various cybercrime groups, but it had not been actively targeted by hackers until 2018 when the operations of the expedited carrier Forward Air were brought down by a ransomware gang. Since then, major carriers have also been impacted by cybersecurity issues.
Understanding the Attack Surface of the Freight Industry
Information security specialists refer to the attack surface as all the points at which a system or network can be attacked. This can include both physical and digital assets such as computers, smartphones, tablets, network printers, telematics sensors, and even online accounts that establish some level of connection to enterprise servers.
The freight industry’s cybersecurity is large and complex. Think about all the systems accessed by companies that operate on the level of Estes: Transportation management systems, enterprise resource planning servers, and telematics hubs. Think about all the devices that connect to these systems; they range from the sensors and GPS trackers installed on vehicles to the Delivery Information Acquisition Devices (DIADs) and smartphones used by drivers. Each of these endpoints has inherent vulnerabilities that hackers invariably try to exploit; they are attack vectors within the large attack surface.
The Reality of Modern Cybersecurity
Gone are the days when a freight operator or a broker could simply install a firewall plus antivirus software to keep most hackers at bay. The modern reality of cybersecurity is not how you will be attacked; it is a matter of when it will happen and what you can do in terms of mitigation. This is the only philosophy that must be adopted by the entire industry.
If we look back at the 2018 ransomware attack on Forward Air, we can see that the IT department took immediate steps to mitigate. The cybercrime gang that infected the Forward Air servers used the Hades payload, which encrypted most files and locked users out by establishing an unbreakable key used for extortion. A secondary attack involved capturing data packets, so the company took down all servers to stop hackers from stealing customer information. The company was back in business after a week, more than likely through restoring from secure data backups.
In the end, protecting the data networks that the American freight industry runs on comes down to the mitigation and disaster recovery strategies that freight operators can establish.