Is Your Black Friday and Holiday Shopping at Risk?

Yoav Levy
November 23, 2023

We are at the beginning of the busiest shopping period of the year. According to the National Retail Federation (NRF), 130.7 million people are planning to shop on Black Friday this year. As consumers eagerly approach this week ready to purchase items and holiday gifts they have been waiting nearly a year for, freight operators and railroad logistic managers have been preparing for months. At the core of the intense planning lies the coordination and safe transfer of billion-dollars worth of shipments. 

Rail freight organizations have jumped on the digitalization ‘train’ to improve efficiency, keep up with demand, and stay competitive. But, the introduction and growing dependency on technology by railroads has weakened the industry’s cybersecurity posture and made it a much greater target for cyber threats. 

Can we confidently say that your Black Friday and holiday shopping are safe this year? That depends on the measures that transportation organizations take to secure their critical infrastructure from cyber-related delays. 

Coordinating a Shipping Spree

Most items we purchase online are first shipped internationally and then nationally via intermodal containers. These containers and trailers can be loaded and transferred between ships, trains, and eventually trucks. Using railroads for shipping has environmental, cost-saving, and long-distance benefits that other methods of transportation do not. According to data from the American Association of Railroads, in October 2023 and in preparation for the busiest shopping month of the year, nearly 370,000 rail carloads of intermodal containers traveled on a weekly basis. 

Freight railroads are an inseparable part of our daily lives. The reliability and consistency of rail operations are why we get to enjoy the immediate satisfaction of having our packages delivered within days. So, the threat of a cyberattack that could disrupt service and cause major shipping delays is a threat that looms over the heads of rail operators worldwide. 

Shipping delays are not only dangerous to a company’s reputation, but can have a significant impact on the national economy, just remember last year’s near-rail strike. It was predicted that a December US freight rail strike could cost the nation’s economy $1 billion in just the first week. The Retail Industry Leaders Association called for action to “avoid a self-inflicted economic disaster.” Analysis showed that the financial impact of losing freight on the first day could have surmounted to $30.9 million. 

Protecting rail critical infrastructure from cyber attacks is not just in the interest of rail organizations, it is a matter of national security. 

Safeguarding a Shipping Spree

With attacks against the transportation sector doubling in the past year, rail organizations and regulation authorities are stepping up their cybersecurity strategy. Even the most minor cyber attack can cause major supply chain disruptions, affect inventory management, increase operational costs, and have financial ramifications that trickle down all the way to the consumer. 

Cybersecurity experts and regulation authorities worldwide, including the TSA which recently renewed its Security Directives for railroads, insist that the best way organizations can protect their rail critical infrastructure is with a proactive cybersecurity strategy. The global shortage of cybersecurity experts has expanded the need for cybersecurity tools that fully understand the needs, vulnerabilities, behaviors, and limitations of the rail industry. The risks rail systems face span from threats to network infrastructure to potential breaches of sensitive data, and an understanding of such risks guides organizations to better prioritize security efforts and effectively allocate resources.

Preemptive measures and robust cybersecurity practices include thorough risk assessments, end-to-end visibility, and asset management based on strict rail cybersecurity policies and protocols that align with the industry’s required security standards, continuous monitoring and threat detection, and an incident response plan customized and prioritized based on an understanding of the rail operational consequences.

To a Happy New Year

A lack of rail cybersecurity protection can have a direct impact on our lives, especially during the holiday season. Railroads have a long way to go to be protected from cyber threats and with consumer trends growing steadily every year, the enticement to attack grows as well. The introduction of cybersecurity regulations specific to rail is a step forward in protecting the integrity and resiliency of the industry. Still, with billions of dollars on the line, more has to be done and the time to do it, is now. 

Cervello is exhibiting at APTA Rail 24! Join us June 2-3.