News + Resources

It feels as if hackers are everywhere right now: Co-op, M&S, TfL, and JLR have all been affected. Now the air transport sector has been hit too. 

In response, Astaara’s Chief Cyber Officer, William Egerton, is reminding our ports, shipping, and logistics colleagues of a simple truth: your supply chains are targets, and when they are attacked, the damage rolls downhill to you. You must work closely with suppliers and ensure your incident response and back-up plans are current, tested, and accessible.

A failure with global effects

The recent outage of Collins Aerospace’s MUSS check-in and baggage systems at several major European airports has caused widespread disruption to travellers around the world. Flights were delayed, plans were abandoned, and significant sums of money were lost.

If this outage proves to have been caused by a malicious attack, affected passengers would understandably question the preparedness of Collins’ parent company, RTX (formerly Raytheon), given its long-standing defence and cybersecurity pedigree.

Aircraft systems are typically built with multiple layers of failsafe design. By contrast, supporting systems for booking, check-in, and baggage handling are often treated as less safety-critical. As a result, they may not always be engineered with equivalent security from the outset. Yet today’s threat landscape is unforgiving, and as the old saying goes, “Attackers only need to be lucky once.”

The pain of a supply-chain breach

This type of supply chain attack is particularly difficult for operators to manage. When an organisation depends on a third-party supplier for a critical service, that dependency must be fully understood and properly governed. Both sides need absolute clarity on roles and responsibilities during a cyber incident.

Whether you are an airline or a container shipper, if your system becomes unavailable, your customers will quickly look elsewhere. They may switch carriers or transportation modes, and they will often blame you, not your supplier, for the disruption.

Why this matters for shipping and logistics

For passenger carriers, the aviation parallels are obvious. But the same applies across freight, containers, and logistics, where a small number of global platforms underpin the operations of many companies.

The impact of NotPetya in 2017 is still a vivid reminder: millions of containers effectively “lost” for weeks, and organisations forced back to pen and paper, just as some are doing now.

Shipping and logistics form part of every nation’s critical infrastructure. As a result, authorities are paying increasing attention to the cybersecurity posture of operators and their supply chains. You need to be confident that you understand the cyber maturity of your critical suppliers, and you may wish to use it as a differentiator when evaluating competing vendors.

Outsourcing does not absolve you of responsibility. Owners and operators who rely on third-party systems owe it to customers, shareholders, and regulators to mitigate the risks. You do not need to build everything in-house, but you must have a plan that is better than returning to pencil and paper.

Brands that remain resilient during such events retain customer trust and market value. Contracts with third-party suppliers should be reviewed to understand where risk sits and renegotiated if it falls unfairly or dangerously.

Where Astaara can help

Astaara helps shipping organisations understand what to look for in contracts with critical third parties and develop robust mitigation and response plans. We also offer insurance that covers dependent-organisation risk.

Talk to us directly, or through your broker. Stay vigilant about your third-party suppliers. Large or small, any one of them can harm your business if your reliance on them becomes a single point of failure.