All that rises converges
In the always expanding universe of global supply chains, competition for growing markets has prompted sudden adoptions of technology in which the demand for advanced connectivity now brings with it more questions than answers.
Retaking the future in our flawed, present tense understanding of the technological innovations required of it looms as the major challenge confronting industries made vulnerable by the new blockchains of supply.
Unforeseen disruption without precedent, according to Isuzu Australia Limited Chief Andrew Harbison, is the only factor likely to upset population growth and basic economics as the perennial forces driving future directions of the road freight industry.
Even as the demands borne from the ongoing challenges of satisfying consumer economies yield new solutions to the problem of increasing productivity, industries embedded with growth obligations from the boom time 1960s are having to adjust to the shifting tectonic plates of digitisation, to borrow a phrase from mathematician Eric Weinstein, in environments made increasingly unstable by what is shaping, for the moment, as an unholy alliance.
The information superhighway has fundamentally changed the global landscape. Where systems integration for supply chain processes and infrastructure security is currently concerned, however, it runs at an uttermost limit, which is to say only as far as the horizon.
Thereafter, from the vantage of this point in time, we cannot see beyond the edge even as our connected global industries driven by an interminable undertaking of global trade advance ever closer to it.
Imagine a conveyer belt on a peninsula shrouded in fog.
In July an ASPI report found organisations were looking to automate and integrate their IT (Information Technology) and OT (Operational Technology) systems prompted by increasing demands from stakeholders looking for convergence.
Given critical national infrastructure providers are under pressure to deliver services more efficiently and at lower cost, market competition, technological change, reduced government funding and price regulation has opened the door for digital freight start-ups whose services offer instantaneous quotes while tracking shipments through an online or mobile interface.
In order to keep up, the report confirmed, organisations have sought to automate and integrate more of their IT and OT systems as stakeholders expect a rapid increase in convergence over the next two years.
Launched in Canberra, the report surmised that increasing connectivity via the Internet of Things (IoT) has brought both “benefits and new risks that Australia is not yet prepared for”.
These risks include a rise in cyberattacks on critical infrastructure that have stricken provider systems and rendered them non-functional in the last two years.
(Freighliner Cascadia with SAE Level 2 autonomous rating).
Adopting a common risk framework is now imperative for IT/OT convergence as increasing threats, including automated transport networks, were on the rise as nation states moved into hybrid cyber warfare.
Major threat actors in this expanding area, according to Richard Clarke, former US Government Counterterrorism Official, were now predominantly recognised as governments and military organisations, somewhat putting to rest the once prevailing image of blackhat online rogue agents long synonymous with nefarious backend activities. In an interview earlier in the year, Clarke told NPR that he was no longer optimistic regarding the United States and some of the major cyber powers avoiding a cyber war.
“We've had shots fired several times, including by the United States,” he said. “We have lowered the barrier. It is easier to imagine cyber war initiating and, once it initiates, getting out of control.”
Oil giant Saudi Aramco, often regarded as the most profitable company in the world, had its imposing oil reserves attacked by a drone strike as recently as September. Not for the first time it had been the target of an unmanned aerial vehicle attack. The fallout was immediate, spiking the price of oil per barrel by 20 per cent – the highest it has ever been in history. In 2012 the site was subject to a cyberattack in which 35,000 computers were disabled, crippling its operations.
(Artist rendition of a Saudi Aramco site on the Arabian Peninsula).
Natural resources, in new millennium economies, increasingly attract unnatural disasters.
Because OT is a cyber-physical system that controls electricity generators and valves that mix chemicals in vats or transfer gas through pipelines, the system devices are built to last.
As an asset its lifetime use greatly exceeds that of the IT which it manages via updated software. Using legacy OT technology that still works in itself is not an issue, providing that same technology is separated from other systems.
But as the IT and OT worlds are converging to enable remote control and access to real-time plant operating data, greater tensions between priorities of confidentiality and availability are emerging. It’s this very convergence that opens up OT vulnerabilities to attack. A freight network of operational heavy vehicles, it goes without saying, would be particularly susceptible.
In 2015, an alleged attack by Russia breached the control systems of a Ukrainian electricity distribution company. Outages affected a quarter of a million people. Two years later the country’s judicial system was subject to further attacks.
NotPetya, now believed to be the worst cyberattack in history, hit as a precursor to the US midterm elections last November, spread worldwide, affecting critical infrastructure, communications and government industries. Many news reports, including Reuters, pointed to the Russian military as the origin of the malicious malware attack as part of a strategy to destabilise Ukraine.
US intelligence has also linked Russian cyberattacks on US energy, nuclear and water sectors as recently as last year. Back in February NotPetya was described by then White House Press Secretary Sarah Sanders as an "indiscriminate cyberattack that will be met with international consequences."
Using a penetration tool known as EternalBlue, originally created by the US National Security Agency (NSA) to exploit vulnerabilities in a Windows protocol, it facilitates the uploading of code run by hackers on unpatched systems.
At present there is an estimated 400,000 machines in the US thought to be vulnerable to EternalBlue, which was first leaked following a breach of the NSA’s ultrasecret files in 2017,
with over 100,000 of these located in California – the global home of the big tech industry.
As the big tech social media networks are increasingly recognised as data harvesting platforms, such a breach is of particular concern for those government officials afforded security clearances who handle sensitive information on private non-secure servers. The practice is both illegal and not infrequent, leaving political machinery compromised and security systems across widespread sectors exposed.
En masse disruptions like those caused by NotPetya are acts of aggression at once invasive and damaging.
These are the dogs, in Clarke’s words, that don't bark. To this degree cyberwarfare means a new way of exerting influence on rival states without having to endanger the lives of soldiers.
Closer to home, the Royal Australian Air Force requires urgent recapitalisation following comments in which the new F-35 Joint Strike Fighter, now entering service, is, likely according to recent comments from former top military brass, to be inadequate for defending airspace capabilities beyond 2030.
In a rush to join the F-35 program back in 2002, the delayed project which has delivered to date two F-35s with a further nine Lot15 aircraft on the way, all of which will require costly modernising, has brought the viability of an eventual fleet of 72 aircraft into question long term.
At a cost of $17 billion, the program has been subject to many delays and a shortage of spare parts, as the budget has since blown out by an estimated 70 per cent.
The threat environment has evolved considerable since the Australian Government committed to the program sold in part on Lockheed Martin's high-tech stealth aircraft, a kind of flying software platform designed to interface with armed forces, naval vessels, combat helicopters and command and control aircraft like the E-7 Wedgetail.
It's this type of future e-mobility road transport companies are moving towards in which freight operators, logistics hubs and end users are all joined in an ecosystem with access to satellite-assisted navigation, inventory, real-time performance data and maintenance alerts.
In the case of the F-35, having the potential to equip allies on the battlefield with more information was viewed as one way for which data sharing could prevent fatalities in real-time. But the complicated weapon systems on board that includes an estimated 8 million lines of code, makes it also, in this day and age, vulnerable to cyberattack.
At the urging of the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, pilots of small planes have been urged to restrict physical access to their aircraft following revelations by a Boston-based cybersecurity firm known as Rapid 7.
In a report to DHS, Rapid 7 claimed that a malicious actor with physical access to the aircraft would be able to attach a device to the Controller Area Network bus systems on a plane, delivering the unaware pilot, false readings of engine compass, altitude, airspeed, and angle-of-attack data, potentially endangering the lives of all on board.
Trojan horse threats such as these might be said to converge from the mutual reliance of cyber on the physical realm and vice versa.
Federal agents, just last week, arrested six current and former executives of Aventura Technologies, a Long Island tech firm charged with selling Chinese equipment to the US military it claimed had been made in America.
The defendants have been alleged to falsely claim that the surveillance and security equipment it sold as part of lucrative contracts was manufactured in Long Island.
Chinese made electronics with known cyber vulnerabilities are considered a risk to national security.
According to Justice Department information, more than 80 per cent of economic-espionage cases brought by federal prosecutors have involved China since 2012.
(Lockheed Martin F-35 Joint Strike Fighter).
This follows an explosive report published on Bloomberg late last year after a year-long investigation into Super Micro Computer, a computer parts distributor using outsourced manufacturing in China, who sold server circuit boards that were found to contain a hidden tiny chip that could detect data once activated with servers at up to 30 large companies.
Of those affected Apple, Amazon and the CIA all had been reportedly compromised.
US warships were also among the end destinations that housed the computers.
Despite denials from Amazon and Apple, whose stock price at the time of the revelations was falling, Bloomberg said it had relied on, aside from company insiders, the testimony of several current and former national security officials.
Two decades of outsourcing tech manufacturing now crucial to government infrastructure would have, it seems, neared a critical mass.
On trucks third parties are often employed to install telemetry as an adjunct to the connectivity of the various electronics.
With each pathway into the system another cybersecurity risk might also be enabled.
It’s now commonplace for OEMs to encrypt data and software as a preventative measure to close openings that might allow outsiders to reverse-engineer it.
Partitioning the systems devised by telematics providers poses real challenges for hackers as there are many layers of security that help to separate critical systems from the less critical.
Technology is a crucial link between organisations and suppliers. As industries become more complex with increasing pressures to expand their reach to third parties and gain exposure to greater markets, around the world, the risk increases.
An operation shutdown undermines the supply chain.
But a software bug, eventually discovered, is one thing.
Penetrating the grid to disrupt operations in nuclear, defence, energy and financial sectors can have lasting consequences of devastation for customers across databases and well beyond borders.
According to Accenture, between 2016 to 2017 there was a 22.7 percentage increase in cybersecurity spending in Australia as ransomware damage costs exceeding $5 billion in 2017, 15 times the cost in 2015.
The Australian Bureau of Statistics has reported that one in ten Australian businesses suffered a data breach last year.
Major businesses across ecommerce, banking, government, health and education have all been affected in 2019.
These include Westpac, Australian University, Medicare, Canva and the entire Queensland Health System.
The highly anticipated House of Representatives is inquiring into Automated Mass Transit Response is due later this year. Minister for Cities, Urban Infrastructure and Population, Alan Tudge, has asked for a Committee Inquiry focusing on road and rail mass transit systems and point-to-point transport where automated vehicles cover the last mile of delivery.
It will include the role of hydrogen power in land-based mass transit. Cyber resilience, now more than ever, should be mandatory for critical national infrastructure providers and those who manage them.
In March China’s Ministry of State Security was responsible for an attack on Australian Parliament the Australian Signals Directorate (ASD), our cyber intelligence agency has since concluded.
The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing.
China is Australia’s largest trading partner.
In a consumer economy with a flatlining GDP that puts us in something of a precarious position.
It was exiled Jesuit priest Pierre Teilhard de Chardin who said the most empowering relationships are those in which each partner lifts the other to a higher possession of their own being.
For the moment our supply chain appears to be dispossessed.