Supply Chain Cybersecurity Threats This Election Year
Cybercriminals increasingly ramp up activities during national elections to wield influence across borders and destabilize societies they consider hostile. With half the world’s population voting in at least 61 elections in 2024, critical infrastructures and industries are likely to become tempting targets for cyber threats.
In fact, attempted attacks on communications, manufacturing, utilities, and transportation assets have been on the rise for years. Many countries conducting elections in 2024 have already seen related disruptions.
Supply chain cybersecurity disruptions so far
Figure 1: Cybersecurity attacks were higher in the manufacturing supply chain than other industries from January 31, 2023 to January 31, 2024 (source: Everstream Analytics).
For example, the number of attempted cyber-attacks on Taiwanese infrastructure targets more than doubled from around 1,700 to more than 4,300 recorded incidents in the 24-hour period before the country’s national election on January 13, with at least another 1,000 cyber incidents recorded on election day. According to recent estimates, cyber-related operations targeting Taiwan’s government institutions, technology and critical infrastructure skyrocketed in the months leading up to the election.
LEARN MORE ABOUT GLOBAL ELECTION RISKS IN 2024: GET THE REPORT
By some estimates, just the distributed denial-of-service (DDoS) attacks – which disrupt a targeted system with an overwhelming flood of traffic – increased more than thirtyfold for Taiwan in the last three months of 2023 compared to the same period in 2022.
Historical supply chain port attacks
Last year saw a cyberattack by Russia-linked ransomware group LockBit 3.0 on the Port of Nagoya, Japan’s biggest maritime port. Another unspecified hacker group hit DP World’s terminals in Australia, which handle around 40% of Australia’s sea freight. Both crippled operations out of nowhere and halted the movement of thousands of containers for several days.
Similar incidents on targets in countries like the U.S., the UK or India, all of which run major regional seaports, could have similarly disruptive consequences for the world’s supply chain networks.
Past cyberattacks in aviation
In 2023, a number of notable incidents were confirmed in several of the countries holding elections this year, providing a glimpse into what the aviation sector may have to prepare for in the run-up to national elections in these countries.
In the UK, London City Airport, Birmingham Airport, London Gatwick Airport and Manchester Airport all became the victims of hacking attempts claimed by pro-Russia groups, albeit with no visible impacts on flight operations. Notably, Manchester Airport was reportedly meant to be only the first in a series of attacks on several airports in the country in the fall.
Concerns over potential vulnerabilities in the UK’s aviation-related infrastructure had already been on the rise earlier in the year following a widespread outage of the UK’s flight control system that resulted in the delay and cancellation of hundreds of flights in August. Although authorities later confirmed that the outage was caused by a technical glitch, rather than a cyber-attack, the incident underscored the widespread impact even a short-lived shutdown of a critical aviation control system could have on domestic and international flight operations.
Hackers also targeted a number of airports in India with DDoS attacks last year, including the ones in Cochin, Delhi, Mumbai, Hyderabad, and Goa. In Mexico, the Russia-linked hacker group LockBit successfully stole unspecified data from Queretaro Intercontinental Airport, and subsequently demanded a ransom in exchange for not leaking the stolen data. Queretaro Intercontinental Airport has become an important regional hub for cargo flights within Mexico and to the U.S. and Europe in recent years.
Future supply chain cybersecurity risk to infrastructure
Although hackers have yet to successfully conduct a cyberattack at scale on a national grid, the high-profile nature of power supply disruptions makes them attractive targets in the run-up to national elections.
While it remains difficult to pinpoint the exact targets cyber criminals or state-sponsored threat actors may choose, important transportation hubs, in particular attacks on major seaports or international airports, would be among the most consequential disruptions. Manufacturing facilities are also a likely target.
Table 1: Supply chain cybersecurity risk in selected countries amid the 2024 national elections (source: Everstream Analytics).
Likely port threats
In response to growing concerns over cyber-related vulnerabilities at the country’s ports, U.S. President Joe Biden announced an executive order on February 21 that aims to shield port infrastructure from interference attempts. Last year, the United States Maritime Administration (MARAD) had already warned that the high number of stakeholders needed to keep port operations running made them particularly vulnerable to cyber-attacks.
LEARN MORE ABOUT GLOBAL ELECTION RISKS IN 2024: GET THE REPORT
MARAD pointed out risks connected to facility access, operational technology, including communication and cargo handling equipment, and shared network connections, among other potential vulnerabilities. These concerns followed warnings by the executive director of the Port of Los Angeles in California, the country’s busiest seaport, in the summer of 2022 who claimed that monthly attacks on the port’s facilities had almost doubled since the start of the pandemic.
Going forward, all critical U.S. port infrastructure will have to adhere to international and industry specific safety standards, and port operators will be required to report all cyber-attacks to the Coast Guard Cyber Command. The Coast Guard will be allowed to undertake cyber-specific safety inspections of port facilities and vessels, and has been given the authority to limit the movement of ships that are suspected of posing a cyber-related threat to maritime infrastructure.
With these measures only beginning to go into effect now, it remains to be seen whether they will succeed in shielding critical port systems from cyber-related breaches in the run-up to the U.S. presidential election in November. In the U.S., more than 300 seaports handle over 90% of overseas trade entering the country, contributing roughly $5.4 trillion (€4.97 trillion) to the economy.
Potential aviation threats
Critical infrastructure facilities in the aviation sector have also become increasingly prone to attempted cyber-attacks.
While successful cyber-attacks causing significant operational outages remain rare, the aviation sector’s reliance on complex technology to conduct most airport and flight processes will leave it exposed to further hacking attempts, particularly from threat actors that already attempted to cause turmoil even before key national elections offered a high-profile period in which to cause mayhem.
Supply chain cybersecurity risk in manufacturing
A spike in cyber-attacks in the run up to national elections may cause related effects that could disrupt business activities in the targeted countries and beyond, putting international supply chain at heightened risk of sudden disruptions this year.
Manufacturing industries could face business impacts due to attacks on external power supply or internal company systems. The impact of power outages would likely differ based on how long a company is able to maintain operations with external equipment such as back-up generators. However, if power supply would go out in wider regions or entire cities for a longer period of time, business operations would likely grind to a halt. In the U.S. and the UK, concerns over the security of national power grids have recently re-emerged.
National Grid plc, a multinational electricity and gas utility company that owns the grid in England and Wales, started removing unspecified components from the electricity transmission network in December due to cyber security concerns. The components were reportedly supplied by Nari Technology Co., Ltd., a manufacturer of power and automation solutions based in China.
The latest version of the National Risk Register, a report last published by the Cabinet Office in August 2023, had already warned that a cyber-attack on the UK’s electricity grid may try to encrypt, steal, or destroy data that critical systems relay on. A shutdown of the power grid would cause far greater consequences than other utility failures.
In January, the director of the U.S. Federal Bureau of Investigation (FBI) and other senior officials publicly warned that hacker groups affiliated with the Chinese government are increasingly targeting critical infrastructure facilities in the U.S., including the nation’s electrical grids.
Lastly, a number of key sectors have already seen a notable number of cyber incidents since the beginning of 2023, with the general manufacturing sector being exposed to the highest numbers of reported attacks by far in the last 13 months. With state-sponsored threat actors and cyber criminals likely to step up the number of attempted attacks in the run-up to many of this year’s national elections, industries such as general manufacturing, automotive, electronics, or oil and gas could see a further uptick in cyber-related attacks on their operations in the coming months.