Issue link: https://jocdigital.uberflip.com/i/334529
30 THE JOURNAL OF COMMERCE www.joc.com MAY 26.2014 TOP 100 IMPORTERS AND EXPORTERS THE WORD CAUSES shudders through- out the e-tailing business, and you need to look no further than Target, Michaels and Neiman Marcus for the latest examples of significant consumer data theft. Unfortunately, cybersecurity and the thought of data being compromised haven't caused as much concern among other businesses. For those involved in the movement of goods, but not in e-tailing, cybersecurity is an ever- increasing headache. Consider this recent story from a homeland security investigator with whom I shared a panel on the topic of cybersecurity: The saga begins with containers exported from South America and drugs stowed in with the cargo. The vessel arrives in Amsterdam, and the containers are offloaded. At this point, the drug smugglers hack into the terminal operator's computer system, track where their containers are located and figure out when they can break into the containers. The goal is to retrieve the drugs in a way they are least likely to be observed or caught. This process was used repeatedly before it was discovered. Many companies don't even worry about who has access to their goods or documents. They aren't even sure they know how payroll data for their own employees is protected. There's an oft-stated feeling in the transportation industry that supply chain corruption is only a concern when it involves ship - ments of drugs or high-value goods. Although it's true that drugs have been shipped within furniture and commingled in fresh fruits and vegetables, the reality is that cor- ruption of the supply chain means more than cargo damage or loss. If a container arrives with evidence of someone living in it, your supply chain has been corrupted. If bribes have been paid to foreign officials, or trade secrets have been stolen or the computer code to the design of your latest product is posted on the Internet, your supply chain has been corrupted. You need only read the daily news to see regular evidence of supply chain corruption in the form of theft of trade secrets, misdeclara- tions of goods and other illegalities — and with alarming frequency. When it comes to high-value cargo, the term needs to be defined. The obvious meaning of a multi- million-dollar shipment is clear, of course, but those often travel with additional security. A shipment can be high value because it's the new line for a successful apparel company, or it could be the latest mockup of a construction site. These and many more examples offer situ- ations where competitors or bad guys see a way to gain an advantage if they steal the information. There- fore, the cargo is ripe for theft. In the IT community, the gen- eral feeling is large companies with much to protect usually do a successful job with their elec- tronic infrastructure. Much like the neighborhood thief who avoids the home with an alarm system and looks instead for the open window through which to get into the house, however, hackers are now looking for easier access to highly prized information. So, they're turning to intrud- ing into a service provider's system — the freight forwarder, law firm, accountant or air conditioning/ heating provider. They might also plant malware on your website and use its spread to get into your com- puter system. As the threat of computer hack- ing spreads to companies of all sizes and sorts, here are some questions to consider: l Has the issue of cybersecurity remained with your IT department or do you have involvement from ownership, the board or the officers regarding compliance? l When was the last time you had your computer system checked by a third party as a form of due dili - gence? l If you're a service provider who is required to report about cyber- security measures in a request for q uotation, how can you be sure the steps you say are being taken actually are being implemented regularly within your company? l Just about every company now suppor t s BYOD — br i ng you r ow n dev ice. Th is is genera lly done to facilitate ease of working remotely. How recently did your company review how best to bal- ance the need to keep data secure with enhancing employee working flexibility? How frequently is that issue revisited? l How big is your computer infra- structure budget? Is it adequate? l Do you know the internal report- ing procedures in the event you discover your company has been hacked? l Who handles reporting the hack to management? To outside regulatory authorities? To law enforcement? Is there a procedure in place? At a recent meeting of major com- panies and law firms, an IT security consultant was asked how many of the companies and law firms repre- sented in the room had been hacked. His immediate answer was "all of them!" How is your company prepar- ing for that eventuality? JOC Susan Kohn Ross is an international trade attorney with Mitchell Silberberg & Knupp in Los Angeles. Contact her at skr@msk.com. CYBER-WARFARE CUSTOMS UPDATE Susan Kohn Ross The reality is that corruption of the supply chain means more than cargo damage or loss.