Compromising vital infrastructure: transport and logistics

Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam.

Rotterdam is one of the major ports in the world and consequently, there is a lot of traffic coming in and out. The roads around the city can handle normal traffic, but they get congested during rush hours and when accidents happen. If you live or work near a city, you’re probably also stuck in a traffic jam on a regular basis.

In our series about vital infrastructure, this time we’re looking at transportation. And if you think transport is not that vital, you are underestimating the logistical processes that make getting to and from different locations possible.

In this post, we will focus on the main skeleton of our logistics infrastructure: the mass transportation of goods over the surface of the earth. How do the goods that we use every day make their way into the warehouses, stores, or factories that need them? We will deal with air and public transportation separately, as they use completely different infrastructures in order to function.

Shipping by sea or ocean

A lot of the goods we consume are manufactured a long way from home. The first leg of their journey is typically transported by ship across international waters. When you realize that the largest container ships can carry over 20,000 20-foot containers, you can also imagine the amount of paperwork and computing needed to get every one of those containers to the correct destination. And every one of them must go through customs—usually twice. Customs will want to know exactly what is in them or they will delay transporting the containers until they do.

Throwing a wrench in an otherwise well-oiled machine like that can have dire consequences as Maersk, one of the largest shipping lines, learned the hard way when their organization was hit by NotPetya. Estimates of the damages done due to a “serious business interruption” were around $300 million. This interruption also caused a massive supply delay, ranging from hours to several days.

Critical information systems used during these processes could be targeted as a means to disrupt the logistics network, which can slow down or even bring to a halt an entire country’s economic system.

Trains and river shipping

Depending on existing connections and infrastructure, goods will be transported in masses from harbors to inland destinations typical by train or boat. Unlike driving, these modes of transport allow for few ways to maneuver around a blocked part of the route to the destination.

Since train or river transport are mainly used for larger amounts of goods, they are also viable to attacks on the administrative side. In addition, physical attack vectors can hinder transport and mess with logistics. Some examples include:

  • Cutting the power to a rail-track
  • Disabling the railway signals
  • Disabling rail traffic management systems
  • Gaining control over sluices or other means to control the water level in rivers and canals
  • Jamming radars, so ships will have to slow down to avoid collisions

Road transport

Although one truckload is small compared to the transportation modes we have discussed so far, attacks on major delivery firms like FedEx can be highly effective. In fact, the damages due to the NotPetya infection at their TNT division were in roughly the same region as those estimated by Maersk after the same infection.

Even though trucks have more options to avoid roadblocks than trains and riverboats, huge slow-downs can be caused by tactically-employed attacks at important infrastructures, such as tunnels, bridges and highway intersections. And you don’t need to cause accidents to accomplish this. Hacking traffic control systems is much less dangerous and possibly more effective means of disruption if you are able to implement it on a large scale.

red traffic light

Special parts of the logistics infrastructure

The first part we need to consider is the container terminals. The average daily yard utilization of large container terminals in Europe is about 10,000–20,000 containers, resulting in about 15,000 movements per day. Handling a container ship of the Post Panamax size requires about 150 moves per hour, which means using five cranes that are able to handle 30 moves per hour each. Planning and keeping track of all these movements is heavily computerized and therefore vulnerable to cyberattacks.

Of the thousands of ports worldwide, only about one hundred have a global importance. These ports are an attractive target for attack.

The second part is bunkering, which is an essential part of transport. Electric trucks and ships are still a rare commodity, so most of them will need to refuel at regular intervals. Cutting off oil supplies to a country that does not have the capacity to produce enough of its own is a sure way to stifle transport and bring its economy to a standstill.


Most of the cyberattacks we have seen to date that have had a major impact on transportation systems are ransomware attacks. These infections are hard to predict and, in some cases, hard to stop. But you can be sure that the logistics infrastructure will be a target in the case of a full-scale cyberwar.

So far, awareness of this fact alone hasn’t been enough to implement adequate countermeasures—at least not adequate enough to counter a ransomware infection like NotPetya. And let’s not forget that WannaCry threw Germany’s rail network into chaos, disrupted FedEx’s delivery unit, and wreaked havoc among many others.

If this much damage can be done by a mindless ransomware attack, can you imagine what kind of destruction a targeted APT could cause? If you can hinder the enemy’s ability to move goods, supplies, and troops, that is a big advantage in warfare. This fact about military logistics was known and implemented as far back as the American Civil War (1861–65), where both armies used railways extensively for transport of personnel, supplies, horses and mules, and heavy field pieces. Both sides tried to disrupt the enemy’s logistics by destroying trackage and bridges.

Paying the price

In a line of business like logistics, where every penny counts, cybersecurity may be one of the last things managers care about. But that doesn’t make it any less important. The damage done by an organization-wide ransomware infection can put companies out of business. Having to rebuild your network while the core business has to be conducted by hand (and memory) is not just frustrating; it’s costly. Recovering from a cyberattack requires time and attention that cannot be spent on other tasks.

Keeping transportation infrastructure itself safe and secure is a government task, since it is also a matter of national security to protect these assets during a cyberattack. The technology behind our infrastructure plays an important part in determining both the logistical capabilities and the control we have over them.

Spending on critical infrastructural improvements should include cybersecurity as an important consideration. Companies in logistics, from the major shipping lines down to the local trucking companies, are aware of the important task they are fulfilling, and should not shy away from taking a good hard look at their existing security measures. Do they reflect the importance of their business to the overall economy of the region? Are they prepared to survive a ransomware attack? Is their staff trained to recognize phishing attempts? Are their computer systems protected against malware and targeted attacks?

Trust us, the first time you need the protection, a strong cybersecurity policy, training program for employees, and technical solution will already have paid itself back a thousand times.

Stay safe, everyone!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.