IT security ensures autonomy

While some logistics professionals may breathe a sigh of relief that they are not part of the affected sector, it is still worth taking a look at the new laws. “NIS2 broadens the scope of the issue, as it encompasses many different economic sectors. Furthermore, it contains many practical guidelines for implementing standardized IT security,” explains Niels Martens, who began his new role as Chief Security Officer (CSO) at DAKOSY this April. 

For DAKOSY, the requirements of NIS2 have been standard practice for over a decade. Starting in 2014, the company had its Information Security Management System (ISMS) certified for the first time in accordance with the international security standard ISO 27001. Since then, external surveillance audits and re-certifications have been conducted on a regular basis. Martens is currently preparing for the re-certification, which takes place every three years and which he views as a valuable tool: “Compliance with the ISO standards for ISMS underscores our commitment to providing stable, secure, and trustworthy information technology that our customers can rely on.”

In addition, DAKOSY is classified as part of the critical infrastructure (KRITIS) in Germany, the company being of central importance for logistics operations. As a result, since January 1st, 2022, DAKOSY has been required to demonstrate that it meets all state-of-the-art requirements for maintaining information security. Under the new NIS2 Directive, “particularly important” and “important entities” that are not classified as critical infrastructure are now also legally required to demonstrate a functioning ISMS. The focus here is on risk management and resilience. 

The catalogue of NIS2 requirements for risk management specifically covers ten areas of action. This overview can also serve all companies as a guide on which aspects to consider when establishing and maintaining a robust IT security framework. From Martens’ perspective, the ten-point list is a useful outline that should be tailored to individual needs. For implementation, he recommends seeking out an accepted and widely-recognized standard, such as ISO 27001. “And then it’s important to just get started. Because even the smallest measure is an improvement,” Martens encourages.

The lightning speed of digitalization intensifies the constant pressure to keep pace with technological advancements while maintaining strong IT security within a company. AI plays a significant role, both in a positive and a negative sense. On one hand, it has become an established tool for increasing productivity. On the other hand, it is being used to generate and professionalize cyberattacks. Martens illustrates how the landscape of threats is expanding with one example: “Cyberattacks are already being offered in ready-made shop models with hotline support on the dark web.” 

To counteract this kind of environment, Martens raises the key question: How can we shrink the attack zone as much as possible? Among the most effective defense measures, he prioritizes encrypted communication and robust authorization systems that strictly adhere to the principle of least privilege. This means that every user, every system, and every application is granted only the minimum access rights strictly necessary to perform the respective task. For software companies, up-to-date and vulnerability-free products with regular patches (updates) that fix bugs and close new security gaps are also imperative.

The IT infrastructure forms the backbone of software architecture. DAKOSY’s business model is based on a setup featuring its own high-performance servers, which the software company has deployed in a redundant configuration across two locations in Germany. “For us, digital sovereignty is one of the cornerstones of our concept. This includes control over our own data and that of our customers, as well as our technologies and infrastructure. Furthermore, we operate within the German legal framework in accordance with the GDPR and are independent of cloud service providers, which has a positive impact on our customers’ risk management.”

However, robust IT systems and professional software alone do not provide complete protection against cybercrime. The underlying processes can also contain vulnerabilities. This is particularly important for logistics companies. The industry is vulnerable to security breaches because cross-company data exchange is standard practice for functioning logistics processes. The business is characterized by extensive networking with many external interfaces. This creates numerous points of vulnerability for cyberattacks, data loss, and misuse of confidential information.

DAKOSY has the expertise to systematically identify such process loopholes and close them using digital solutions. The company recently demonstrated this with its German Ports project. In collaboration with the software company dbh logistics IT, DAKOSY successfully implemented a new process for container imports at German North Sea ports and replaced the manual PIN-based process with a secure digital pick-up authorization. 

Overall, the growing demands on information security make it clear that IT security is no longer merely a technical issue, but rather a key prerequisite for stable and reliable logistics processes. With certified security frameworks, its own high-performance infrastructure, and the expertise to digitalize critical security processes, DAKOSY lays the foundation for resilient, self-reliant, and future-oriented logistics.