Building Digital Vigilance
Yingli Wang, co-author of E-Logistics, discusses the recent hacking attack of the NHS and the lessons learned as it applies to the logistics and transport industries
The recent global cyber attack on the NHS is a wake-up call about our cyber world getting increasingly insecure and dangerous. The ransomware, which locked users' files and demanded payment to allow access, spread to 150 countries, including Russia, the U.S. and China. In the UK, NHS services across England and Scotland were hit the hardest. The big lesson is that a simple delayed update to information systems could lead to devastating effects.
Organisations are increasingly becoming vulnerable when there is a patch in their digial ecosystem. The patches do not have to be technological. It could be: a vulnerable point where organisational policy and procedures are not fully established; individual misconduct; or, at a larger scale, lack of regulative measures against hackers.
Data integrity and security are fundmental to the logistics and transport sectors. Information flows are the central nerve for effective supply chain management. Once they break down, the physical movement of materials will undoubtly be disrupted. Key players need to identify potential patches, at least, at supply chain level, which will require collaborative efforts from different stakeholders in the sector. Industry executives need to work closely with their technology service providers to keep updated with technology trends and existing patch solutions.
But in reality, different priorities often compete for limited financial and human resources within an organisation, a supply chain or network. This mindset can often be a barrier to sharpen digital skills, given that transport is a traditional industry where people talk mostly about warehousing, trucks, supply chain, etc. This lack of awareness, if coupled with organisations’ inability to find suitable channels to gain knowledge and expertise on cyber security, could further compound the problematic siutation. Unfortunately, not many professional bodies offer certification on cyber security and cyber risk management.
Another reality is that, despite the best efforts, hacker disruptions are inevitable due to the speed of technological development that often exceeds that of security and legal developments. Cyber security issues will exist because of this lag, but doing nothing is not an option.
Despite these hindrances, individuals, organisations and industries need to devote the much needed attention to find ways of building digital and cyber security capabilities into day-to-day operations. This dynamic capability is referred to as digital vigilance.
How do we build digital vigilance? For organisations well into their digital journey, they need to create an enterprise digital vulnerability map by placing various threats in a framework. This framework could be a simple two-by-two quandrant that categorizes threats according to their disruption probability and their impact consequences (Sheffi and Rice 2005). Many large organisations use comprehensive scenario planning to model the direct and indirect efects of disruptions in order to anticipate the potential impact, and derive reaction mechanisms accordingly.
For others, they need to start with the basics, i.e. building appropriate IT infrastructure and systems; setting up the right process for information sharing; and equiping the workforce with adequate IT skills. The next step would be to establish an appropriate IT security structure.
Figure 1: IT security framework (Laudon and Traver 2007)
As depicted by Figure 1, a layered approach should be in place. With data at the core being protected by internal measures (anti-virus software, firewalls and encryption) and external measures (legislation and industry standards).
Cyberspace is increasingly intertwinned with our physical space of living and working. Yet we know so little about how to protect ourselves and our businesses from any dark forces. While our industry continues to embrace emerging technologies, we become more exposed to the outside world and to cyber criminals because of the same. It is time that our transport and logistics sector takes cyber security seriously.