Cyber-Attack on Logistics Hub Highlights Need to Strengthen Preventive Measures

An unusual situation occurred in which one of Japan’s largest trading ports was brought to an operational standstill by a cyber-attack, although only temporarily. The public and private sectors should cooperate to strengthen measures to prevent a recurrence.

On the morning of July 4, the logistics system that manages in an integrated manner the loading and unloading of containers at Nagoya Port, which handles the largest total volume of cargo in the nation, went down after being infected with ransomware, malware that is sent by attackers who demand money in exchange for data restoration.

Until the system was fully restored on the evening of July 6, no containers could be loaded or unloaded at the port, affecting more than 10,000 containers. At Toyota Motor Corp., headquartered in the nearby city of Toyota, Aichi Prefecture, the loading of parts to be exported overseas was delayed, and some of its affiliated plants suspended operations.

It can be said that a crisis scenario in which an important logistics hub is crippled by a cyber-attack, severely hampering economic activities, became a reality.

The attack was reportedly launched by the Russian-based hacker group LockBit. The attacker brought down the system with a computer virus and demanded money from transportation businesses and others in exchange for restoring data.

The Aichi prefectural police are investigating the case on suspicion of violating the Law on Prohibition of Unauthorized Computer Access.

The logistics system that stopped functioning had just been renewed by an association of transportation businesses using Nagoya Port in March. The system had a dedicated line that could not be penetrated from the outside, and a dedicated terminal was used to confirm the loading and unloading of containers and for other purposes.

However, the association had allowed some of the member transportation companies to access the system from an external terminal that could also be connected to the internet. For that reason, in this case, it is believed that the logistics system itself was infected via the external terminal, which was contaminated by the virus.

The lesson to be learned is that no matter how securely a system was built, it can easily fall victim to cyber-attacks if sufficient measures are not taken on the part of the businesses that use the system.

It can be said that as the use of information systems has expanded in various industries and supply chains have diversified, the number of cyber-attack penetration routes has also increased. Small and midsize companies, which have relatively weak security measures, are more likely to be targeted by cyber-attacks.

Many small and midsize firms are reluctant to invest capital in equipment intended to counter cyber-attacks. The government needs to encourage the use of “information technology introduction subsidies,” which provide up to ¥1 million in subsidies for security measures, and work to expand such funding.

According to the National Police Agency, there were 230 cases of damage caused by ransomware last year, up about 60% from the previous year. It is important for the government to act as a command center to share information about actual situations surrounding cyber-attacks among various industries and prevent the spread of damage.

(From The Yomiuri Shimbun, July 13, 2023)