Most security failures in the freight industry don’t start with a dramatic, action-movie-style breach of physical security or a sophisticated “zero-day” exploit. Instead, they start with a small mistake in a handoff, or a gap between security controls.
For example, a trailer leaves the yard with the right paperwork — but then it’s re-routed along the way by a bad actor, who is playing the role of a broker. A customer rep trusts information from a “known” trading partner and clicks a download link to access the rate confirmation without confirming the destination of the link.
Events like this occur every day in our industry, and they are often the first stages of either a cargo theft incident or a cybersecurity incident.
Each step in the process may appear fine inside the workflow of one team; the driver knows that loads change destination sometimes, the customer rep knows that loads often have associated rate confirmations sent from trading partners. The problem arises in the seams between processes and teams.
This is the core issue with a siloed approach to security.
Physical security teams focus solely on protecting facilities and assets from direct threats. Operations teams focus on uptime and throughput, and cybersecurity teams work specifically to protect systems and data. Each group may be fully competent — excellent even — at their role. And still, theft and cyberattacks succeed.
The problem is that security threats don’t respect organizational responsibilities or boundaries. They exploit weaknesses with ruthless efficiency.
It’s not that the attackers are of superior intelligence than our defensive teams; it’s a function of coordination that makes them successful. They blend physical access, breakdowns in operational processes and digital deception into a single attack chain.
When a company has separate siloes of defense, each team is, in effect, “working with one hand tied behind” them from the start.
What exactly is a security incident?
If we consider the term “security incident,” we see that organizations often define an incident as a breach in a specific domain, such as a break-in, a click on a malicious email, a compromised account.
The problem is that real-world attacks are far more complex than these examples. Real-world attacks are not restricted to the box they start in. They move; they adapt to the weaknesses found in an organization’s defenses.
Here’s a simple example:
A criminal group decides to target a specific high-value shipment. They’re not going to focus only on hacking a telematics platform or dedicate all of their resources to picking a lock and stealing the trailer from a drop yard.
Instead, they’re going to target employees with sophisticated social engineering attacks, try to re-route the shipment in transit by posing as a broker, and use a driver with falsified paperwork or a stolen identity to pick up the shipment.
Cyber criminals may use all of these methods — and more — to target the seams between controls and the weak points where one team hands off responsibilities or information to another.
When is a company most vulnerable?
The highest-risk moments occur when control passes from one person, team or system to another. For example:
- When a load tender is accepted;
- When a carrier is onboarded or a driver verified;
- When a rate confirmation is revised; and/or
- When an urgent exception bypasses normal security checks.
Each of these examples should have operational processes that prescribe a set of steps. They also should be designed to include security checks, both operational and technical, that serve to put roadblocks in front of an attacker.
It’s time to break down those silos and take responsibility.
When we break down the silos between physical security, operational security and cybersecurity, we can start to reduce or eliminate the gaps between controls and between areas of visibility.
Verification can begin to replace assumptions that “another team will handle it.” Instead of simply trusting that information is verified because it’s found somewhere in an internal system, teams will verify that upstream identity checks have been performed.
Security controls will begin to reflect the real-world workflows that are required in the organization. Exceptions will be expected, and processes will be designed to handle them and stymie attackers’ attempts to exploit confusion during a last-minute change or abnormal request.
Warning signals seen by one team will be passed to the other teams as part of a converged approach to incident response and threat-detection readiness: When cybersecurity sees credential resets or unusual logins, they notify operations. When physical security issues are detected, operations and cybersecurity are notified that an incident may be unfolding and they coordinate their investigations.
Security is everyone’s responsibility.
Perhaps the single most impactful change that a converged approach to security brings is the sharing of responsibility for security throughout the organization. No longer is anything “another team’s problem.”
This promotes a culture of security across the organization.
This isn’t a simple rebrand of security awareness. It’s a structural change in the way the organization handles security, from incident response to readiness drills to awareness training.
We’ve seen time and again in transportation the power of teams working together to tackle complex challenges, from safety programs that meaningfully reduce safety incidents, to preventative maintenance programs that dramatically increase uptime and reliability.
Creating a converged security program that fundamentally changes the security culture in an organization is no exception. It’s an attainable goal and will have a meaningful and lasting impact on the success of the organization.
To help the trucking industry protect against threats, the National Motor Freight Traffic Association Inc. (NMFTA) has developed a number of resources and made them freely available to help with this process, from the new Freight Fraud Prevention Hub to the Road to Resilience Cybersecurity Guidebook series.
We believe that the goal of creating a culture of security in your organization is not simply within reach; it’s an imperative that will serve to bolster the success of your organization and support and enable your business in ways that a siloed approach to security never will.
Start breaking down the silos between your security teams today. Start with where you are and build a stronger, converged security program that closes the unnecessary gaps, empowers your team and promotes a culture of security across your organization.
To access cybersecurity resources at no charge, visit nmfta.org/cybersecurity.
Ben Wilkens, CISSP, CCSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association Inc. (NMFTA).
In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners and government agencies to advance cybersecurity practices and knowledge.
Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats.
Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices.
With a rare combination of CISSP, CCSP and CISM certifications — alongside an active Class A CDL — Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.
