In the Wake of a Suspected June Cyberattack, Brokers Urged to Fortify Defenses
A suspected cyberattack that targeted Livingston International in June underscored the critical need for customs brokers to proactively ready themselves for potential breaches, caution industry experts. Such breaches could disrupt operational continuity and sever communication channels with both clients and CBP (Customs and Border Protection). In interviews, professionals in the field emphasized the necessity for brokers to construct meticulous response plans, which might encompass enlisting subcontractors, informing customers promptly, and swiftly notifying federal agencies.
The Unavoidable Conundrum: Preparing for Cyber Intrusions
Susan Kohn Ross, an authority from Mitchell Silberberg, stressed that if a malicious actor aims to infiltrate a security system, they will inevitably find a vulnerability. “The question is not if, but when,” Ross stated. “If someone is resolute, they will inevitably identify an entry point.”
This truism was starkly illustrated by the recent incident involving Livingston. The company confronted a shutdown of select operating systems on June 21 after detecting a potential unauthorized intrusion threat. Livingston indicated that safeguarding their clients’ systems and data remained of paramount importance, justifying their decisive action.
Recovery and Reflection: Lessons for the Brokering Community
On June 23, connectivity with Canadian and U.S. customs was reestablished by Livingston, who acknowledged the disruptions caused and delays incurred. The Livingston case served as an instructive case study for other brokers potentially facing a similar breach scenario. Ralph De La Rosa of Imperial Freight Brokers highlighted the fundamental step of creating a comprehensive cybersecurity plan, emphasizing the value of maintaining a physical copy.
De La Rosa advised brokers to consider preserving a designated set of entry numbers that could be accessed during a cyber incident. He also recommended having an established communication plan with key points of contact in various ports, emphasizing the need for brokers to contemplate subcontracting work to maintain operations during crises.
Proactive Measures: Responding to Breaches Effectively
Brokers, in anticipation of cyber incidents, should outline a clear strategy for reporting to relevant agencies like TSA, CBP, and potentially the FBI or Secret Service. The timing of reporting is crucial, with initial contact with federal law enforcement potentially being a prudent step.
De La Rosa advised promptly contacting CBP in the event of a cyber incident, as they can provide guidance on downtime procedures based on lessons from prior cases. Establishing alternative communication methods with Customs, such as through backup systems or agreements with fellow brokers, is another proactive measure to consider.
Legal Considerations and Continuous Improvement
Ross underlined the importance of clarifying contractual obligations concerning client notifications following a cyber breach. She also stressed the value of having a well-defined process to identify and rectify problems, citing the National Institute of Standards and Technology’s recommendations.
Having a dedicated response team to tackle cyber issues, especially in predicting potential scenarios and strategizing responses, is critical. Employing “white hatting,” a process of simulated testing, can uncover system weaknesses and allow for their rectification.
Ransom decisions should hinge on a broker’s confidence in closing vulnerabilities, as failure to do so may lead to repeated attacks.
CBP’s Proactive Stance on Cybersecurity
In terms of CBP’s approach to cybersecurity, De La Rosa expressed confidence that the agency recognizes the ever-evolving nature of cyber threats and is actively enhancing their strategies to safeguard both themselves and the industry.
In summary, the Livingston incident serves as a clarion call for customs brokers to bolster their defenses against cyber threats, emphasizing comprehensive planning, proactive communication, and continuous improvement in response strategies.
