Author Archives: eyesvc

Microsoft faces heat from US Congress over cybersecurity

Microsoft President Brad Smith spent more than three hours answering questions from members of the Homeland Security Committee in Washington.

Members of US Congress on Thursday pressed Microsoft to explain a “cascade of avoidable errors” that allowed a Chinese hacking group to breach emails of senior US officials.

Microsoft President Brad Smith spent more than three hours answering questions from members of the House Committee on Homeland Security in Washington, assuring them cybersecurity is being woven more deeply into the technology company’s culture.

“Microsoft accepts responsibility for each and every one of the issues cited” in a scathing US government report about the breach “without equivocation or hesitation,” Smith told the committee.

The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident last year that involved the China-affiliated cyberespionage actor Storm-0558.

“Microsoft has an enormous footprint in both government and critical infrastructure networks,” US congressman and committee member Bennie Thompson said to Smith as the hearing opened.

“It is our shared interest that the security issues raised by the (report) be addressed quickly.”

The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft’s core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.

The report criticized a Microsoft corporate culture that was “at odds with… the level of trust customers place in the company.”

The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee’s compromised laptop following a corporate acquisition in 2021.

It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.

“The Board finds that this intrusion was preventable and should never have occurred,” the review said, pinpointing “the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed.”

‘Lasting change’

The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.

“The real challenge is how you achieve effective lasting cultural change,” Smith said, noting Microsoft has nearly 226,000 employees.

Smith said Microsoft has the equivalent of 34,000 engineers working full time on answering the security shortcomings in “the largest engineering project focused on cybersecurity in the history of digital technology.”

Microsoft’s board on Wednesday approved a change that will tie cybersecurity accomplishments with annual bonuses for senior executives and make it part of every employee’s annual review, according to Smith.

Microsoft detects some 300 million cyberattacks on its customers daily, with most of those coming from China, Iran, Korea, Russia, or ransomware operations, Smith told the committee.

“We’re dealing with four formidable foes in China, Russia, North Korea and Iran, and they are getting better,” Smith said.

“We should expect them to work together; they’re waging attacks at an extraordinary rate.”

While it is inevitable that adversaries will use artificial intelligence for increasingly sophisticated attacks, the technology is already being used to strengthen cyber defenses, Smith added.

Citation:
Microsoft faces heat from US Congress over cybersecurity (2024, June 14)
retrieved 17 June 2024
from https://techxplore.com/news/2024-06-microsoft-congress-cybersecurity.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Maersk wins heavy lift contract with Vestas: Powertrains of one of the largest wind turbines in the world

Copenhagen– Maersk Project Logistics offers not only integrated logistics for containerized and conventional products, but also special cargo shipments. Maersk’s heavy lift capabilities are also demonstrated by a new project undertaken by the leading Danish renewables energy company Vestas.

Vestas, a global leader of renewable energy solutions has awarded Maersk an important contract to transport the extra-heavy powertrains for its largest wind turbine ever built V236. The heart of the 15MW wind turbine weighs 260 tonnes and will be installed into the nacelle at Vesta’s factory Lindo, Denmark. Maersk will handle the transport of the special equipment from the assembly in Lommel, Belgium to the port in Lindo. The powertrain is just one of many large components that make up the nacelle. The final V236 has a total mass of more than 630 tonnes, including the powertrain.

Maersk will later move the V236 engines to a new Vestas plant in Poland. Maersk has built a complete supply chain solution to handle all cargo flows into both production sites, in Denmark and Poland. Maersk also takes care of Vesta’s containerized cargo, as well as air freight and customs services. Maersk offers a fully integrated global logistics solution that includes warehousing, intermodal, and warehousing.

Maersk has been a reliable and efficient partner for us since the beginning of our cooperation. They can meet all of our global logistics needs with just one call. A supply chain solution that is being designed with a strategic partner will add visibility and resilience to our logistic operations. It will also make it easier for us to execute our complex logistics business. We will continue to expand and develop this exciting journey.

Damien Lhors

Vestas Group Senior Vice-President of Global Supply Chain and Transport

Since more than two year, we have worked closely with Vestas to develop exciting heavy lift projects, as well as containerized cargo. We are honoured to be the preferred and trusted partner of Vestas. Transporting the equipment requires complex logistical capabilities and experience. This makes us prouder to be chosen by the world’s leading renewable energy company.

Claus Svane Schmidt

Global Head of Maersk Project Logistics

Maersk offers project logistics services in industries such as renewable energies, power generation, automotive and industrial manufacturing. We also provide government-contracted logistics, as well as assistance and relief. The MPL offering includes a full spectrum of planning and orchestration, as well as end-to-end specialised transport services, to manage the flow project-related cargo in accordance with the unique sequence, schedule, and conditions of each individual project.

Maersk

A.P. Moller-Maersk is a integrated logistics company that works to connect and simplify the supply chains of its customers. The company is a leader in global logistics services and operates in over 130 countries. It employs approximately 100,000 people. Maersk aims to achieve net zero emissions across its entire business by 2040 with new technologies, green fuels, and new vessels.

For more information, please contact the following:

Daimler, Volvo, Mack issue recalls over wheel, steering, battery issues

The National Highway Traffic Safety Administration has announced a number of recalls affecting heavy-duty trucks across several OEMs for a variety of issues.

The recalls are as follows:

Daimler Trucks North America is recalling approximately 285 Western Star, Freightliner and Freightliner Custom Chassis (FCCC) trucks for an issue related to the wheel hub fasteners. Affected trucks include model year 2025 Western Star 47X, 49X and 57X; Freightliner 108SD, 114SD and Business Class M2; FCCC MC, MT45, MT45G, MT55, S2C 106, S2RV 106, XBS, XCM, XCP, XCR, XCS; and Thomas Built Buses Saf-T-Liner C2 transit buses, cabs, and chassis.

In the affected units, the wheel hub fasteners may loosen and cause the wheel to detach, which can result in a loss of vehicle control.

The remedy is currently under development. Owner notification letters are expected to be mailed July 30. Owners may contact DTNA customer service at 800-745-8000 with recall number F1002. NHTSA’s recall number is 24V-393.

In a separate recall, Daimler is also recalling approximately 540 trucks for an issue related to the front axle tie rod. Affected units include model year 2025 Freightliner Cascadia, 108SD, 114SD and Business Class M2; Western Star 47X and 49X; and Freightliner Custom Chassis S2RV 106, and S2C 106 transit buses, cabs, and chassis.

The recall states that the front axle tie rod ball joint studs may crack and break, which can result in tie rod separation. Tie rod separation can cause a sudden loss of steering control and increase the risk of a crash.

The remedy is currently under development. Owner notification letters are expected to be mailed Aug. 3. Owners may contact DTNA customer service at 800-745-8000 with recall number D24R6. NHTSA’s recall number is 24V-402.

Volvo Trucks and Mack Trucks each issued a recall of certain model year 2025 trucks due to an issue with the drag link in the steering system.

Volvo’s recall includes approximately 488 VN, VNR Electric and VHD trucks. Mack’s recall includes approximately 790 Granite, Anthem and TE models.

In the affected units, the drag link may contain an improperly heat-treated ball stud that can fail, resulting in a sudden loss of steering control.

Owners are advised not to drive their vehicles until the remedy has been completed. Dealers will inspect and replace the drag links, as necessary, free of charge. Owner notification letters are expected to be mailed Aug. 2. Mack owners can contact Mack customer service at 1-800-866-1177 with recall number SC0465. NHTSA’s recall number is 24V-398. Volvo owners can contact Volvo customer service at 1-800-528-6586 with recall number RVXX2402. NHTSA’s recall number is 24V-396.

A separate Volvo Trucks recall affects approximately 424 model year 2025 VN and VHD trucks in which the steering gear may have an improperly seated plug in the valve housing, which can result in a sudden loss of steering control.

Dealers will inspect the plug and replace the steering gear as necessary, free of charge. Owner notification letters are expected to be mailed Aug. 2. Owners can contact Volvo customer service at 1-800-528-6586 with recall number RVXX2403. NHTSA’s recall number is 24V-397.

Yet another Mack Trucks recall also affects the steering system. Approximately 24 model year 2024 Mack MD Electric trucks are being recalled because the battery management system software may cause the high-voltage battery to shut down, which can result in a sudden loss of steering control and drive power.

Owners are advised not to drive their vehicles until the remedy has been completed. Dealers will update the battery management system software, free of charge. Owner notification letters are expected to be mailed Aug. 2. Owners can contact Mack customer service at 1-800-866-1177 with recall number SC0464. NHTSA’s recall number is 24V-399.

Spain’s Kfund Raises 75 Million Euros for AI and Data Projects

The Spanish venture capital firm Kfund raised $75 million for the funding of tech projects.

The company announced Monday (17 June) the new fund, saying it would support founders working in Europe “with foundational technology” defined as “data play,” “platform layers,” or artificial intelligence (AI).

Kfund stated that “with a target of EUR70m, we will continue to make investments in southern Europe alongside the most promising founders to help them lay the groundwork for future growth. Our experience as founders and executives in technology companies and our unique ability to support them in the region from pre-seed through to Series B, thanks to our family of funds, will allow us to do this.”

The company notes that as the market matures successful companies tend to focus more on B2B than consumers.

In the U.K. Germany and France, between 2012 and 2017, only 28% of unicorns – startups valued at over $1 billion – were “tech enabled” B2B companies. In the next five years, this figure grew to 60%.

Kfund’s announcement follows news earlier this week that tech investments were experiencing a turnaround following a long downturn.

The Financial Times (FT), in a report, notes that private tech investors Creandum have unveiled a $544-million fund. They have invested in Klarna, Spotify, and other companies. Creandum’s $544 million fund was created “in record time,” according to general partner Carl Fritjofsson.

He said that there was a dramatic shift in the industry’s attitude, appetite, and activity.

Last year, the investment in Europe’s tech sector dropped dramatically. In its State of European Tech report, published in late 2023, British venture capital firm Atomico predicted that the funds raised by Europe’s tech startups in 2023 would be around $45 billion. This compares to $82 billion in 2022.

PYMNTS has recently examined how AI is assisting VC firms in making investment decisions. This is done by quickly analyzing massive data on startups and the market trends.

The founder and managing partner at growth equity firm Alpha Partners and Steve Brotman told PYMNTS that AI is useful in venture capital because it allows humans to be more precise and weed out the noise.

He added: “With AI, we are able to analyze market trends, startup metrics, and other crucial data points at a speed and scale that is simply unattainable by a team of analysts alone.” “This improves efficiency, and fundamentally enhances our ability to make informed strategic decisions by providing a level of insight into potential investment that was previously unimaginable.”

See More In: AI (artificial intelligence), EMEA, funding and investments, Kfund, News PYMNTS News. Startups, Technology, Venture Capital funding, What’s Hot.

EC-Council’s Industry-First AI Toolkit Course Empowering Singaporean Cybersecurity Professionals

EC-Council’s Pro-Bono Cyber AI Toolkit Sets New Standards for Cybersecurity Training in Singapore for its Certified Members.

KUALA LUMPUR, Malaysia, June 14, 2024 /PRNewswire/ — EC-Council, creator of the iconic Certified Ethical Hacker (CEH)® credential, is introducing a first of its kind Cyber AI Toolkit free for all of its certified members. Designed to empower its membership base of certified cybersecurity professionals, the Cyber AI Toolkit equips members with cutting-edge AI-enabled cybersecurity courses at no cost, helping them be better prepared for today’s evolving cybersecurity landscape in the advent of AI. This highlights EC-Council’s commitment to driving standards and advancing global cybersecurity readiness.

EC-Council’s Industry First Free AI Cybersecurity ToolKit for its Certified Members.

The Cyber AI Toolkit which features 14 hours of online learning, 74 premium videos, and 90 assessment questions, provides EC-Council members practical insights and hands-on experience in tackling AI-driven cyber threats. This innovative program provides real-world scenarios and lessons curated to advance an organization’s cybersecurity readiness while enhancing the skills and rapid response for cybersecurity professionals.

In Singapore, cybersecurity remains a critical concern amidst rapid digital transformation and increasing cyber threats. The country is facing a growing number of cyber incidents, with sectors like finance, healthcare, and government being prime targets. According to the reports, in 2023 alone, there were over 50,000 cyber incidents reported, highlighting the urgent need for robust cybersecurity measures and skilled professionals.

The Singapore Cybersecurity Market size is estimated at USD 2.28 billion in 2024, and is expected to reach USD 4.82 billion by 2029, growing at a CAGR of 16.14% during the forecast period (2024-2029) (Mordor Intelligence). Government initiatives, such as the Safer Cyberspace Masterplan, emphasizes on Singapore’s commitment to strengthening cybersecurity capabilities across sectors.

Jay Bavisi, Group President, EC-Council, highlighted the importance of equipping cybersecurity professionals with AI knowledge, “As threat actors increasingly weaponize AI to develop more advanced attack techniques, it is imperative that we provide our community of members with the necessary tools and knowledge to counter these threats. By offering this toolkit for free we are bridging the AI Chasm by enhancing global cybersecurity standards and advancing continuous skill development.”

The Cyber AI Toolkit responds directly to findings of the latest EC-Council C|EH Threat Report 2024 based on transformative insights gathered from more than 1,000 industry professionals. The report revealed that 83% of cybersecurity professionals have observed significant shifts in cyber-attack methodologies attributed to AI. 80% of organizations have embraced multi-factor authentication as a cornerstone of their defense against escalating cloud threats. Equally crucial is the report’s emphasis on continuous training, recognized by 82% of respondents as pivotal in enhancing incident response readiness, and over 70% of participants identify zero-day exploits and social engineering as primary threat vectors.

This stark reality revealed by EC-Council Threat Report 2024 often referred to as the “AI Chasm,” highlights the disparity between advancing AI-driven cybersecurity solutions and the evolving tactics employed by threat actors.

With the Cyber AI Toolkit , EC-Council is committed to shaping the future of the cybersecurity industry. From the inception of the CEH program to the introduction of AI-enabled courses and now the Cyber AI Toolkit, EC-Council remains dedicated to democratizing cybersecurity education and equipping professionals worldwide with the skills needed to safeguard digital landscapes effectively.

For more information on the Cyber AI Toolkit and enrollment details, certified members are encouraged to visit the ASPEN portal.

CISO Corner: Apple’s AI Privacy Promises; CEOs in the Hot Seat

Welcome to CISO Corner, Dark Reading’s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we’ll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We’re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.

In this issue of CISO Corner:

Apple’s AI Offering Makes Big Privacy Promises
Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks
DR Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season
The CEO Is Next
Why CIO & CISO Collaboration Is Key to Organizational Resilience
Rockwell’s ICS Directive Comes as Critical Infrastructure Risk Peaks
4 Ways to Help a Security Culture Thrive

Don’t miss “Anatomy of a Data Breach: What to Do if It Happens to You,” a free Dark Reading virtual event scheduled for June 20! Speakers include Verizon’s Alex Pinto, plus execs from Snowflake, pharma giant GSK, Salesforce, and more — register today!

Apple’s AI Offering Makes Big Privacy Promises

By Agam Shah, Contributing Writer, Dark Reading

Apple’s guarantee of privacy on every AI transaction — whether on-device or cloud — is ambitious and could influence trustworthy AI deployments on device and in the cloud, analysts say.

Apple’s announcement of Apple Intelligence and plans to integrate AI across its devices and applications comes with a commitment to guarantee privacy on every AI transaction. This sets a high bar on zero-trust infrastructure that competitors may try to match.

Because of Apple’s walled garden model, rival providers don’t have nearly the same level of control over their AI infrastructure. Unlike Apple, they can’t lock down security as queries pass through various hardware and software layers. For example, OpenAI and Microsoft process queries through GPUs from Nvidia, which handles vulnerability discovery and patching.

“If Apple sets the standard, the effect will be ‘why I should buy Android if I don’t care about the privacy,'” says Alex Matrosov, CEO of security company Binarly.io. “The next step will be Google following up and trying to maybe implement or do the similar thing.”

Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks

By Nate Nelson, Contributing Writer, Dark Reading

Face scans stored like passwords inevitably will be compromised, like passwords are. But there’s a crucial difference between the two that organizations can rely on when their manufacturers fail.

Biometric security is more popular today than ever, with widespread adoption in the public sector — law enforcement, national ID systems, etc. — as well as for commercial industries like travel and personal computing. In Japan, subway riders can “pay by face,” and Singapore’s immigration system relies on face scans and thumbprints to allow travelers into the country. The fact that even burger places are experimenting with face scans suggests something’s brewing here.

But researchers have found two dozen vulnerabilities in a biometric terminal used in critical facilities worldwide could allow hackers to gain unauthorized access, manipulate the device, deploy malware, and steal biometric data, which highlights the risks that come with implementing these systems.

The critical nature of the environments in which these systems are so often deployed necessitates that organizations go above and beyond to ensure their integrity. And that job takes much more than just patching newly discovered vulnerabilities.

Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season

By Robert Lemos, Contributing Writer, Dark Reading

While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise.

The final month of the Islamic calendar, Dhu al-Hijjah, began on June 7, marking the countdown for millions of Muslims to the Hajj pilgrimage, and also a time when cybercriminals and cyber-espionage actors see increased opportunity amid reduced vigilance and slimmed staffing.

While many of the cyberattacks are focused on pilgrims as consumers of travel services, a variety of businesses — from banks to e-commerce sites — are at greater risk of data theft and denial-of-service attacks, according to experts. On June 3, for example, cyber-threat actors announced a data leak on an underground forum that allegedly contained the personal information of 168 million users from “The Hajj and Pilgrimage Organization in Iran,” according to cybersecurity firm Kaspersky.

The attacks highlight the two aspects of how cyberattackers see the Hajj season: as an opportunity to take advantage of pilgrims, but also as a time of reduced resources for security teams, making business and government agencies vulnerable.

The CEO Is Next

Commentary by Joe Sullivan, CEO, Ukraine Friends, & CEO, Joe Sullivan Security LLC

If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity.

One day soon, a government agency will very publicly seek to hold a corporate CEO personally liable for a failure to ensure their organization invested sufficiently in cybersecurity. The surprising thing won’t be that it happens, but rather how many people who work for and look up to the CEO will be happy when it does.

We’re experiencing a movement toward regulation by enforcement. Look no further than the National Cybersecurity Strategy, which, at its core, demands that corporate America do more to protect citizens from cyberattacks. There’s also the Securities and Exchange Commission’s (SEC) action against the software company SolarWinds and its head of security. The case has raised eyebrows, specifically because the security leader was held personally responsible.

But with very few exceptions, the CISO or senior-most security leader is simply not the “responsible corporate officer.” It’s the CEO. Security leaders rarely, if ever, get the budget needed to do their job well. CEOs and boards that do control the corporate budget rarely invest the time to understand their cyber-risks, and instead allocate resources in other directions.

Why CIO & CISO Collaboration Is Key to Organizational Resilience

Commentary by Robert Grazioli, Chief Information Officer, Ivanti

Alignment between these domains is quickly becoming a strategic imperative.

Gartner forecasts that the world will spend $215 billion on risk management and cybersecurity in 2024. That’s a 14% increase over 2023. But many workers are feeling spread thin, with more data and endpoints than ever and not enough qualified talent to be found. It’s time to finally break down the silos between IT and security.

That starts by fostering alignment between the CIO and chief information security officer (CISO).

Individually, CISOs and CIOs are powerful forces with a lot on their plates — and a lot on the line. Together, they could be unstoppable. However, historically, organizational structures have relegated CISOs and CIOs to separate domains with distinct — and occasionally contradictory — objectives.

Here’s how to foster alignment: Why CIO & CISO Collaboration Is Key to Organizational Resilience

Rockwell’s ICS Directive Comes as Critical Infrastructure Risk Peaks

By Tara Seals, Managing Editor, News, Dark Reading

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

Industrial control systems (ICS) giant Rockwell Automation’s recent directive to customers to disconnect their gear from the Internet showcases not just growing cyber risk to critical infrastructure, but the unique challenges that security teams face in the sector, experts say.

CISA is warning that increased threats to could lead to various catastrophic attacks, including denial-of-service (DoS) efforts that take down electrical grids; privilege escalation and lateral movement to burrow deeper into the operational technology (OT) environment in order to control it; modifying settings to, say, change safety thresholds for power generators; remotely compromising programmable logic controllers (PLCs) to halt water sector operations; or even conducting destructive Stuxnet-style attacks that can obliterate a site’s ability to function permanently.

Yet thousands of devices are exposed online with weak authentication and riddled with exploitable bugs; and there’s an endemic lack of security team participation in site design and asset/infrastructure management. All in all, it’s not an ideal situation.

4 Ways to Help a Security Culture Thrive

DR Technology commentary by Ken Deitz, CSO/CISO, Secureworks

Creating and nurturing a corporate environment of proactive cybersecurity means putting people first — their needs, weaknesses, and skills.

A good cybersecurity culture trusts and empowers teammates to make good decisions. In turn, that trust fuels a more productive relationship between cybersecurity and the business. Culture is a living entity that needs to be continuously nurtured. Give it the dedication it needs, and your businesses will be safer as a result.

Here are some core pillars for establishing an effective security culture:

1. Establish the Right Mindset: Focus on the positive actions that people can and should take.

2. Engage with Empathy: A productive and inclusive security culture is one that shuns blame. Instead, focus on what you can collectively learn from the incident to enrich your cyber strategy for the future.

3. Communicate, Communicate, Communicate: When it comes to cybersecurity, there’s no such thing as too much communication. People have a lot going on in their jobs and lives. Meet people where they are, and you’ll have much better results.

4. Stay on Your Toes: New and emerging technologies bring opportunities and challenges. Generative artificial intelligence (AI), for example, can offer teammates productivity gains, but they also need to know the risks.

As capacity concerns increase, Asia Pacific air cargo rates are on the rise.

According to the latest WorldACD Market Data weekly figures and analyses, air cargo demand and rates continue to rise well above levels from last year. In particular, spot rates from Vietnam into Europe have risen even more in the last two week, with rates from Vietnam to Europe in particular spiking in the last couple of weeks.

Based on more than 450,000 weekly trades covered by WorldACD, the tonnages of goods and rates for Asia Pacific origins have increased by 20 percent (YoY), and by 16 percent (YoY), respectively, over the last two weeks (weeks 22 & 23), based upon a full-market median of spot rates and contractual rates.

“Looking at spot prices on their own highlights big differences in the last few week between the main Asia Pacific origin country, especially to Europe as shippers face significant shortages both of air and ocean freight capacities due to strong demand, and disrupted services for sea freight.” The disruptions to container services, which were partly caused by the attacks against vessels in the Red Sea have been exacerbated in recent weeks because of port congestion and vessel shortages in certain important markets, driving more cargo owner to air freight solutions.

The update said that spot air cargo rates from Vietnam to Europe were more than twice their equivalent levels this time last year. They averaged $4.19 per kilogram in the last seven week, the update added. “Analysis of this week shows that they have increased for the last six weeks to $4.47/kilo (June 3-9). This is up by 143 per cent YoY (with tons up 28 per cent YoY).

In week 23, spot rates to Europe were up significantly from the major Asia Pacific origin markets, including +32 percent for China and +18% for Hong Kong. These are the two largest origin markets of the region.

The transpacific market is also experiencing higher demand and rates compared to last year. In week 23, the average spot rate for the USA from Asia Pacific origins and China was $5.23 (up 51 percent YoY), and $5.30 (up 38 percent YoY).

Middle East, South Asia boom continues

The update said that the demand and rates for products from Middle East & South Asia origins continued to rise – particularly to Europe. Spot rates from MESA origins were more than double their equivalent levels last year, and this was mainly due to the high spot prices from India & Bangladesh. “Overall average MESA origins rates to destinations worldwide were up by 50 percent YoY in weeks 22-23, helping average worldwide rates hold steady at $2.52 per kilo, despite YoY drops in prices from Europe and North America.”

The update noted that the total worldwide chargeable weight flown during weeks 22 and 23, compared to the two previous weeks (2Wo2W), had decreased slightly (down by one percent), but that worldwide tonnages increased by 12 percent year-over-year.

Liquidity is down -50% for Private Equity. What This Means for Startups.

So the Wall Street Journal had a great piece summarizing the “liquidity crunch” in private equity. Liquidity (cash from exits — M&A and IPO) is down so much, many are being forced to take out loans to generate cash.

As you can see below, liquidity last year was down 50% from the historical average of the past 10 years, and way, way down from the crazy 2021 peak:

Now to some extent, this is to be expected. Private Equity overall and Venture Capital in particular had an insane amount of “exits” for high dollar amounts in 2021. An IPO a week, and seemingly, a billion+ exit every week as well. From Slack selling for $27 Billion to Salesloft for $2.5 Billion and so, so many more.

It just makes sense there would be a hangover after that era. And indeed there is.

But while Venture Capital and Private Equity are overall built to be patient, and wait 10+ yeas for returns from any given investment — in exchange for higher returns — they aren’t build to be all that patient in the aggregate.

PE and VC expect a steady stream of returns each year to, at a minimum, recycle back into new VC and PE funds.

Right now, that’s at a decade+ low. And it’s looking like 2024 is much of the same.

Perhaps a string of IPOs in 2025 will unleash liquidity, from Databricks to Canva to Plaid and more. But even there, with a lot of big M&A for now being blocked (see, e.g., Adobe and Figma), it’s just plain harder.

In the end, a liquidity cycle is what creates the endless treat of venture capital to invest in startups. Right now, it’s down -50%. It will bounce back. But founders should at least understand the stresses at the input levels for funding. When liquidity is at a decade+ low for private investments.

And a bit more here:

Down Markets And the Evaporation of Liquidity

Congress considers creating a task force to combat fraud and cargo theft

Trucking News and Briefs for Thursday, July 13, 2024:

Homeland Security Appropriations Bill includes funding for an anti-fraud/cargo-theft task force

The U.S. House Appropriations Committee approved a funding measure for the Department of Homeland Security on Wednesday. This funding includes funding for a Task Force that would address supply-chain fraud and cargo theft.

A report detailing the bill states that the Appropriations committee “remains worried about the alarming increase in supply chain fraud and the theft of goods through interstate commerce. This includes attempted burglary, theft or possession of stolen merchandise from a motor carrier and/or railcar.”

The bill contains a provision that allocates $2 million for the establishment of a “Supply Chain Fraud Task Force (SCFTTF),” within DHS.

The committee stated that Homeland Security Investigations and the FBI, as well as other major theft task-forces, would consult with state and local law enforcement agencies, tribal, territorial, and federal agencies to ensure the task force “employs an integrated, multi-agency approach, intelligence-based and prosecutor-led, to identify, disrupt, and dismantle organizations that are primarily responsible for theft and theft-related violent acts in the American supply-chain.”

The bill was passed by the Appropriations committee with a vote of 33-26 and will be voted on by the full House.

The Owner-Operator Independent Drivers Association has said that it is “long concerned about the spike of all types shipping fraud and its devastating effects on our member.”

Lewie Pugh is the executive vice president of OOIDA. He added that the organization was looking forward to “providing relevant and timely input from the perspective of small-business drivers, [who] are the majority of truckers and the safest on the highways. We should do everything we can to eliminate bad actors who not only compromise the trucking business, but also highway safety.

Pugh also highlighted OOIDA’s support for Household Goods Shipping Consumer Protection Act. This act would require freight forwarders and brokers to provide a valid primary place of business prior to receiving operating authority, and allow FMCSA civil penalties to be enforced against entities who violate its regulations.

The American Trucking Associations stated that the provision in the DHS financing bill, championed and supported by Rep. David Valadao, (R-California), will “counter the sharp increase in cargo theft and broader fraud in the supply chain, addressing ATA’s strategy priorities.”

Henry Hanscom is ATA’s Senior VP of Legislative Affairs. He commended the California representative for “directing Homeland Security Investigations (HSI) to leverage its unique, cross-border authority to address this alarming pattern.” This provision will strengthen the relationship between the government, motor carriers, law enforcement and our supply chain partners in order to take a strong stand against these organized crime groups.

In recent years, segments of the trucking industry and members of Congress have asked the federal government to create a task force.

Hank Seaton, a transportation attorney, said in comments made to the Federal Motor Carrier Safety Administration 2022 that “there is no effective cop protecting shippers, carriers, brokers, and intermediaries against unauthorized operations and frauds, scams and identity theft involving abuses of intermediaries involved in regulated truck transport.” Seaton’s comments were endorsed by the National Association of Small Trucking Companies.

Seaton added that DOT or the FMCSA should “establish and staff a task force to monitor complaints regarding fraudulent and intentional breaches of regulation by regulated brokers and carrier and establish a proactive prosecution staff to discharge their statutory and regulatory obligations to enforce existing rules of trade, including civil and criminal sanctions available to the Department of Transportation.”

Deadline for nominations of the Military Veteran Rookie Trucker Award

The nomination period for Transition Trucking: Drive for Excellence, which recognizes the nation’s top veteran rookie truck drivers, is coming to an end. The deadline for nominations is June 20.

Kenworth will be providing the grand prize as part of the program for the ninth consecutive time. This year’s winner is a T680 with a 76″ sleeper and a Paccar Powertrain, which includes a Paccar MX-13 engine with 455 horsepower and a Paccar TX-12 automatic transmission.

A panel of experts will determine the top driver. To qualify, drivers need to be legal residents in the continental United States, military veterans or current/former National Guard or Reserve members; they must also have graduated from PTDI certified, NAPFTDS or CVTA Member driver training schools. Qualified candidates also must hold a valid CDL, and must have worked for a private fleet or for-hire carrier that has pledged hiring veterans after January 1, 2023.

The semi-finalists for the award will be announced August 1. Finalists will then be invited to Columbus, Ohio to tour the National Veterans Memorial and Museum, attend a reception and tour the Kenworth Chillicothe Manufacturing Plant, where the winners will be announced. The public will vote on the finalists from November 1-11. The final award will be announced on Dec. 13 at the U.S. Chamber of Commerce.

The winner will be driving home in a Kenworth T680.

Driver recognized for helping after witnessing crash

Roy Chandler, a Diamon Transportation System truck driver from Rockport, Texas was named a Highway Angel for helping a woman who had crashed into a tractor trailer on a rainy road.

Roy Chandler
Chandler was driving in heavy rain on I-30 around 2:30 pm on April 20th in Morris County, Texas. He saw a young lady pass on the right, but visibility was very low.

She passed him and he saw that she was trying to merge back into the left lane. She could not see or was not aware of another truck in her lane due to the spray and rain on the highway. She hit the rear end of the trailer, and flipped into the median multiple times.

Chandler said, “She hit her back tire and the momentum from her tire moving forward and his tire launched her into midair.” “She went about 20 feet in midair.”

Chandler immediately pulled over to the side to help the woman. She was trapped in her car, with minor injuries but she was still conscious. He called 911, stayed with her and consoled the truck driver who was visibly shaken.

Chandler cleared the road and stayed at the scene until the state trooper arrived. He also provided the dashcam footage of the incident to law enforcement.

Chandler, a second-generation trucker who has been driving since 1937, has seen his fair share of accidents.

“It’s what we’re always supposed to do,” said he. “As a Christian, and as a driver of a truck, I am supposed to help wherever possible. “To me, it was just another workday.”

Is risk transfer essential for motor carriers?

Trucking is a bustling industry, where the movement of goods is constant and motor carriers are responsible for delivering freight efficiently and on time. These factors naturally create risks and can expose motor carriers to potential losses. Business interruptions associated with vehicle accidents, workplace injuries, and roadside inspections are often top of mind, but they represent only part of the picture when it comes to calculating the total cost of risk.

Generally, the total cost of risk involves four key areas: risk control costs, administrative costs, retained losses, and transfer costs. The focus of this article is on risk transfer, meaning the transfer of a specific risk from one party to another. Insurance is the most common form of risk transfer, so let’s examine three compelling reasons insurance is an essential part of every motor carrier’s overall risk management strategy.

PROTECTION AGAINST ACCIDENTS AND LIABILITY

The consequences can be severe when a commercial motor vehicle is involved in an accident. Insurance provides a crucial layer of protection for trucking companies in such scenarios. Liability insurance is particularly important for trucking companies. It may cover costs associated with bodily injury and property damage that the company may be responsible for in an accident. This may include medical expenses, vehicle repair or replacement costs, and legal fees. Without liability insurance, a trucking company could face financial ruin from a single accident-related lawsuit.

Additionally, insurance can cover other types of liability, such as environmental liability. If a truck carrying hazardous materials is involved in an accident that results in pollution, the costs of cleanup and environmental damage can be astronomical. Insurance helps mitigate these risks and helps to ensure that the company can continue operating even in the face of a significant liability claim.

COMPLIANCE WITH LEGAL REQUIREMENTS

Operating a trucking company without insurance is not only financially risky but also illegal in most jurisdictions. Federal and state laws require commercial trucking companies to carry a minimum level of insurance coverage. Failure to comply with these requirements can result in hefty fines, the suspension of operating licenses, or even the shutdown of the company.

The Federal Motor Carrier Safety Administration (FMCSA) sets minimum insurance requirements for trucking companies based on the type of cargo being transported. According to 49 CFR Part 387.9, motor carriers transporting non-hazardous goods must have a minimum of $750,000 in liability insurance, while those meeting certain carriage and commodity specifications, must be insured up to a minimum of $5,000,000 in coverage. Compliance with these requirements is non-negotiable for trucking companies.

Furthermore, insurance requirements can vary from state to state, so it’s essential for trucking companies to stay informed about the specific requirements in each jurisdiction where they operate.

“Without liability insurance, a trucking company could face financial ruin from a single accident-related lawsuit.”

PROTECTION AGAINST UNFORESEEN EVENTS

Motor carriers are susceptible to a variety of risks beyond vehicle accidents and liability claims. Workrelated injuries, natural disasters, vandalism, and equipment breakdowns are just a few examples of unforeseen events that can disrupt operations and cause financial losses for trucking companies. Insurance can help provide protection against these risks, allowing motor carriers to recover and resume operations more quickly.

Damaged, spoiled, and stolen freight are additional risks trucking companies must contend with, but Great West’s cargo insurance can help protect trucking companies against the loss or damage of goods being transported. This type of insurance can be particularly valuable for companies transporting highvalue or sensitive cargo. Without insurance, the cost of replacing this freight could be prohibitively expensive.

Additionally, insurance may cover the cost of repairing or replacing trucks and equipment that are damaged or destroyed in unforeseen events. This is crucial for keeping operations running smoothly and minimizing downtime. By having insurance coverage for these risks, trucking companies can protect their assets and maintain their financial stability.

As a bonus, consider using the risk control tools provided by Great West. From our award-winning Safety Talk publication and the online Learning Library to our in-person seminars and decades of experience our risk control representatives bring to the table, Great West’s safety products and services can help you manage your risk more effectively.

Note: These lists are not intended to be all-inclusive.

CALL TO ACTION

Review your operational risks and ensure you have sufficient insurance coverage.

The information in this article is provided as a courtesy of Great West Casualty Company and is part of the Value-Driven^® Company program. Value-Driven Company was created to help educate and inform insureds so they can make better decisions, build a culture that values safety, and manage risk more effectively. To see what additional resources Great West Casualty Company can provide for its insureds, please contact your safety representative, or click below to find an agent.

© Great West Casualty Company 2024. The material in this publication is the property of Great West Casualty Company unless otherwise noted and may not be reproduced without its written consent by any person other than a current insured of Great West Casualty Company for business purposes. Insured should attribute use as follows: “© Great West Casualty Company 2018. Used with permission by Great West Casualty Company.”

This material is intended to be a broad overview of the subject matter and is provided for informational purposes only. Great West Casualty Company does not provide legal advice to its insureds, nor does it advise insureds on employment-related issues. Therefore, the subject matter is not intended to serve as legal or employment advice for any issue(s) that may arise in the operations of its insureds. Legal advice should always be sought from the insured’s legal counsel. Great West Casualty Company shall have neither liability nor responsibility to any person or entity with respect to any loss, action, or inaction alleged to be caused directly or indirectly as a result of the information contained herein.