Skip to content

Transport and logistics

Zero Trust access management to protect against cyber risks

According to the Allianz Risk Barometer, published in January 2025, 24% of transport and logistics companies rank cyber incidents among their top risks. This figure clearly reflects these sectors’ increasing reliance on technology and the critical impact that a disruption of their IT services can have on their operations.

In 2023, a Bordeaux-based transport group experienced a complete shutdown of all its IT equipment and operations following a cyberattack. The cause: a problem with access granted to a service provider who was on-site to replace a scanner within the company. This situation highlights the need for businesses in this sector to secure their entire supply chain, with a particular emphasis on Identity and Access Management (IAM).

Various players in the transport (such as road transport and maritime transport companies) and logistics sectors have deployed the cyberelements platform to secure their remote access (ZTNA) and privileged access (PAM) to their IT and industrial systems. They also use it for rigorous management of their identities and access rights (IGA).

This article examines how a Zero Trust IAM platform addresses the challenges faced by the transport and logistics sectors in terms of secure identity and access management. This Zero Trust approach is particularly relevant in the context of NIS 2 compliance, which mandates the adoption of new security standards.

Transport and Logistics: Inherently Critical Sectors

The operations of entities within the transport and logistics sectors are considered highly critical. Malicious cyber acts against them can have significant consequences, both operationally and financially. These can include disruptions in the continuity of transport services, financial losses (for instance, when ticketing systems are affected), the risk of paralyzing a logistics chain, and safety risks for individuals (especially in cases of signaling disruption). Furthermore, there’s a threat to the integrity, availability, and confidentiality of data hosted by these entities (a regulatory concern), as well as damage to reputation and loss of trust.

Due to the critical nature of their activities, these sectors are subject to stringent compliance requirements. Air, rail, maritime, and road transport networks, which handle both freight and passenger transport, are considered essential sectors by the European NIS 2 Directive. This text introduces a number of security requirements, particularly concerning identity and access management. IAM solutions are key tools for NIS 2 compliance, especially for access control, multi-factor authentication (MFA), and identity management.

The ISO 28000 standard, which applies to organizations involved in manufacturing, service, storage, or transport, establishes a framework for identifying and managing security risks within the supply chain, including certain aspects of information security.

Challenges for Transport and Logistics in Security, Identity, and Access Management (IAM)

The transport and logistics sectors face significant hurdles when it comes to security and Identity and Access Management (IAM). These challenges are largely driven by the inherent nature of their operations:

A Distributed Environment That Expands the Attack Surface

By their very nature, transport and logistics sectors operate in a highly distributed IT environment. Think about mobile users, multi-site organizations, geographically dispersed infrastructures, and extensive computer networks. This setup dramatically complicates identity and access management.

Another major challenge is the multiplicity and heterogeneity of platforms, applications, and systems used. Each tool—like a Transport Management System (TMS), Warehouse Management System (WMS), or ERP—comes with its own authentication requirements.

Transport and logistics systems are also seeing a convergence of IT and OT (Operational Technology), where information processing networks interface with industrial networks used to manage operations.

With various systems now interconnected—from embedded software and ticketing platforms to cloud infrastructures, IoT sensors, fleet management, and remote supervision—the attack surface is significantly increased. The growing automation and interconnection of these systems create vulnerabilities and multiple entry points for malicious actors.

Adding to this is the widespread adoption of remote access. This is crucial for accessing and intervening on machines located within transport infrastructures, even in geographical areas where connectivity might be inconsistent (on ships, for example).

Complex and Fragmented Supply Chains

The transport and logistics sectors are also characterized by complex supply chains, full of multiple interconnections and involving numerous interacting parties. For example, in the logistics sector, shippers, logistics providers, carriers, and software vendors exchange data daily through a multitude of heterogeneous tools. This interoperability between different types of systems introduces an additional layer of difficulty.

The sheer breadth and fragmentation of these supply chains lead to a higher risk of attacks. Malicious actors can target vulnerabilities within suppliers, partners, or subcontractors who might have weaker security measures. Managing third-party risks, especially across the supply chain, is a significant concern explicitly addressed by NIS 2.

What’s more, a growing number of external service providers require remote access to their clients’ IT systems for administrative tasks, often needing privileged access. This widespread adoption of remote access makes the management and protection of privileged access an essential security measure for the transport and logistics sectors.

High Staff Mobility Complicates Employee Lifecycle Management (Onboarding and Offboarding)

The transport and logistics sectors are characterized by significant staff mobility and constant movement, which is inherent to the nature of their operations. Drivers, delivery personnel, flight crews, and mobile maintenance technicians are constantly on the go, accessing information systems from multiple locations and in contexts not fully controlled by their organizations.

The use of temporary and seasonal employment is frequent and dependent on activity fluctuations. Turnover rates are also high, with very regular inflows and outflows of personnel. This situation generates a constant stream of user account creation and deletion, where inefficient management can create significant vulnerabilities.

All these factors compel businesses to pay particular attention to Identity and Access Management (IAM)—ensuring the right rights are assigned to the right roles, and systematically revoking access rights when employees leave. This must be done while maintaining operational agility. Regulatory requirements for identity and access security are also strong. For example, the NIS 2 Directive mandates that accounts be active only when necessary and that inactive (orphan/dormant) accounts be eliminated.

Achieving NIS 2 Compliance for Identity and Access Management with Systancia's cyberelements Platform

The NIS 2 directive mandates that affected entities—especially those in the transport sector, whose activities are deemed essential—strengthen their security. This requires action across governance, management, organization, processes, practices, and more. Technologies that secure access to regulated information systems (SIR) can directly help these organizations meet the protection requirements of the European NIS 2 directive.

Learn more about the NIS 2 directive

cyberelements, a Zero Trust and Identity-First access platform, provides secure access and identity management capabilities for remote and on-site employees, service providers, and all other stakeholders who need to access an organization’s information system. It helps transport and logistics companies address their challenges in accessing both IT and industrial systems through several key functionalities.

Distributed Environments and Extended Attack Surfaces

The transport and logistics sectors operate within highly distributed IT environments, which inherently expand their attack surface. Cyberelements addresses the specific challenges posed by this distributed nature with features like:

  • Advanced architecture: It supports multi-tenant, multi-site, and multi-VLAN setups.
  • VPN-less access: You don’t need a VPN to access different sites.
  • Flexible deployment: Simple gateway deployment with automatic pairing makes setup easy.
  • Double-barrier architecture: This ensures no resources are exposed to the internet.

To tackle the challenges of IT/OT convergence, cyberelements offers:

  • Extensive use cases: It supports new uses such as remote access to ICS applications on engineering workstations, remote use of manufacturer applications via the bastion, and secure file transfers.
  • Web access (HTML5) with protocol break: This guarantees no direct connection between the endpoint and the OT environment, enhancing security.

Fragmented Supply Chains and Vendor Access Management

The cyberelements platform offers several features designed to manage the inherent complexity of fragmented supply chains:

  • Least Privilege Access Policy: Access is granted only after a thorough check of the access context and strictly for the tasks to be performed. This significantly minimizes the risk of unauthorized access.
  • Privileged Access Management: High-privilege access is managed using a password vault, ensuring that authentication secrets are never directly revealed.
  • Multi-Factor Authentication (MFA) and Third-Party Integrations: The platform integrates various options for implementing MFA to verify the vendor’s identity. It also supports integration with third-party authentication protocols, such as SAML and FIDO2.

Rigorous Staff Access Management in a High-Mobility Context

Cyberelements offers the following benefits for managing staff access in environments with high mobility:

  • Centralized User and Identity Management: This enables automated management of the entire identity lifecycle.
  • Automated Assignment and Revocation of Access Rights: Ensures the right person has the right access at the right time, preventing orphaned accounts.
  • Easy Multi-site Context Management: Provides granular access management by considering organizational structure (OrBAC model).
  • Detailed Audit and Report Generation: Allows for the identification of expiring rights and orphaned accounts.
  • Rapid and Consistent Modification of Identities and Authorizations: Adapts quickly to changes in organizational structure, such as mergers, acquisitions, or expansions.

In Summary: Balancing Regulatory Compliance, Security, and Mobility

The NIS 2 directive requires entities in the transport sector to elevate their standards for Identity and Access Management (IAM). The cyberelements platform empowers transport and logistics companies to streamline and secure their IAM practices, while effectively addressing their unique challenges, such as distributed environments, complex and fragmented supply chains, and high employee mobility.

Quick to deploy and simple to use, the cyberelements platform secures both the IT and OT systems within the transport and logistics sectors. It encapsulates complex cybersecurity measures into tangible and physical safeguards, all while maintaining the operational efficiency crucial for these industries. By streamlining and securing access to various systems and applications, this IAM platform effectively meets the security and process efficiency needs of businesses in these vital sectors.