Zero Trust in cargo transport
Never trust, always verify
Last Wednesday, during the TAPA conference, our colleague Manolo de la Fuente gave a presentation on the Zero Trust model. The Zero Trust model comes from the IT industry and is based on the principle “never trust, always verify”. And what applies to IT definitely applies to freight security too. This means that the model doesn’t trust anything either inside or outside of the fence; so you don’t just need to build a fence around the goods that are being transported, but also around the people who have access to the goods. That doesn’t sound pleasant. After all, you trust your employees, don’t you? But people make mistakes and you want to protect them from themselves.
Zero Trust freight security model
When you want to start implementing Zero Trust in freight security, you first need to set out the cargo security arrangements in your company policy. Which people are able to access certain goods using which devices?
Examples of questions a carrier should ask themselves include:
- How do I give access to the cargo remotely, for example via the planning department?
- How do I check that the person wanting access is also actually the person that he says he is?
- Do I have the right people working for me? Part of the company policy could also include that everyone must apply for a certificate of conduct (VOG).
The carrier should also consider what is known as adaptive access control – an access control where the level of trust is weighed up against the risk. You can take this relatively far: by requesting unlock codes remotely and making every unlock code unique for every time a trailer is locked or unlocked.
Transport security based on access control
If you transport cargo in a secured trailer, that doesn’t guarantee that it’s also secure. Some electronic locks are not secure in the slightest. They have the same codes throughout transportation to the destination, so that different drivers can open the lock. But these drivers can therefore also easily pass on these codes to others (i.e. unauthorised individuals).
Example how some electronic locks work:
Electronic locks based on the Zero Trust principle don’t have this problem, as they are built on the basis of access control. When you fit locks based on the Zero Trust principle, the security of your goods is guaranteed. Only pre-determined individuals may open the lock at a particular moment during transportation by means of personal authentication and verification. The codes are therefore always unique and personal.
Example how electronic locks can work: