dynexo
Book a call
Back to Industries
INDUSTRIES · TRANSPORT & LOGISTICS

KRITIS sector with hard continuity demands.

TL;DR. Dispatch, telemetry, warehouse — we know the stacks and the detection use cases behind them. KRITIS sector with hardest continuity pressure on the market: outage means immediate visible supply-chain impact. Detection isn't audit theory, it's operational necessity.
KRITIS sector Continuity-focused Dispatch/TMS/WMS-experienced
Request industry briefing Back to industries

What this sector typically struggles with

Transport and logistics are KRITIS sector — that means NIS2 §10 (detection & response) is law, not discussion. At the same time, most logistics companies lack control over three things: the dispatch stack, telematics integration, and subcontractor identity governance. A KEP company with 500 vehicles and 200 freelance drivers has an IAM nightmare — accounts, access, offboarding processes fail.

The stacks are diverse. Dispatch systems (Locus.io, Microlise, sometimes legacy green screens). WMS (SAP EWM, Manhattan SCALE, Körber Logistics). Telematics integrations (Webfleet, Geotab, Sennder). Each integration is a potential attack surface. Ransomware on a dispatch solution — and 50 routes are gone. Plus: hub operations (sorting plants, cross-docks) often run on SCADA/control systems that don't differ from OT problems.

Supply-chain visibility is a curse. A ransomware incident at a large logistics provider becomes a customer problem in 24 hours. Insurers immediately demand incident response plans and audit trails. BaFin doesn't wait — NIS2 reporting timelines are measured in hours. At the same time, most logistics companies struggle with legacy HR systems that don't auto-provision or deprovision subcontractor accounts.

How we typically help

Continuity is the red thread. We build detection, but not abstract — for the concrete threat landscape threatening logistics: dispatch manipulation (change routes, shift destination), order anomalies in WMS (unexpected mass cancellations, duplicate shipments), hub control (sorter outages, conveyor anomalies), identity sprawl in subcontractor portals.

Endpoint agents sit on hub workstations, dispatch terminals and TMS clients. The LLM gateway understands WMS and dispatch semantics — not all pick-list patterns are anomalies, but unexpected mass cancellations at 2am are. Business agents automate escalations: if dispatch is down, they call the shift leader or shift to a backup solution. Cloud engagements dominate — but with hub-on-prem layer for sorting plants needing air-gapped control.

Subcontractor identity is its own hardening field: federation with SAML or OpenID Connect, time-limited accounts, audit trail for every driver access to TMS. GDPR telematics data stays in EU, minimized to operational necessity.

Where it usually pays to start

Most logistics companies start with weaknesses in TMS and dispatch stacks. Investment pays off immediately there.

  • WMS/TMS anomaly detection: Uncover unexpected pick-list patterns, out-of-hours order cancellations, duplicate shipments.
  • Hub operations BCM: For each critical sorter plant: failure scenario, fallback route, person alarm in seconds.
  • Identity governance for subcontractors: Automated provision/deprovision of driver accounts, audit trail for regulatory requirement.
  • Telematics API security review: Check Webfleet, Geotab, Sennder integration for injection, unsecured endpoints, token exposure.
  • Cyber-insurance readiness audit: Incident response plans, audit logs for 7 years (NIS2 requirement), GDPR compliance for driver data.
  • Supply-chain continuity plans: Per critical route/hub: recovery strategy, customer communication protocol on outage.
Concrete offerings

What you can hand off

  • WMS/TMS anomaly detection

    Uncover and block pick-list manipulation, order cancellations, routing changes.

  • Hub operations BCM

    For sorter plants and cross-docks: failure scenarios and fallback automation.

  • Identity governance for subcontractors

    Automated account provision and deprovision, audit trail for every transaction.

  • Telematics API security review

    Check Webfleet, Geotab, Sennder for injection, token exposure and access anomalies.

  • Cyber-insurance readiness audit

    Incident response plans, audit logs, GDPR compliance for insurer requirements.

  • Supply-chain continuity plans

    Per critical route/hub: recovery strategy and customer communication on outage.

Regulatory framework

Obligations we address

Logistics in 2026 lies in crossfire of multiple regulatory layers: NIS2 for KRITIS transport, KRITIS order with hard continuity requirements, GDPR for telematics data, plus sector-specific obligations from air freight, maritime security and customs law.

  • NIS2 Transport
    NIS2 Implementation Act · Transport sector (Annex I)

    Logistics hubs with 50+ employees and €10M+ turnover are regularly essential entities — with full §10–§12 obligations. We deliver detection for TMS/WMS/telematics layers, BCM plans for hub operations and reporting workflow to BSI including 24/72-hour timelines.

  • KRITIS
    BSI KRITIS Order · Transport sector

    For operators exceeding TR-03182 thresholds, strengthened state-of-the-art obligation applies. We deliver state-of-the-art proof in BSI-accepted format, operate the ISMS and conduct biennial proof obligation — including audit accompaniment.

  • TR-03182
    BSI TR-03182 · KRITIS thresholds transport

    Defines thresholds for transport operators above which KRITIS obligations apply — number of transported persons, tonnage, hub throughput. We assess your position relative to thresholds and pre-build compliance model for next threshold period.

  • GDPR Art. 32
    GDPR · Art. 32 for telematics and driver data

    Driver location and driving behavior data are personal data per Art. 4 GDPR — pseudonymization, data minimization and purpose limitation are mandatory. We build privacy policies for TMS/telematics API integrations and lead the works council coordination process with templates.

  • GDPR Art. 35
    GDPR · Art. 35 data protection impact assessment (DPIA)

    Extensive telematics monitoring requires DPIA before rollout. We deliver DPIA template with logistics-specific risk scenarios and countermeasure catalog. Authority-compliant documentation.

  • AEO
    Authorized Economic Operator (UCC Art. 38)

    Customs-certified logistics companies have strengthened IT security requirements — access controls to customs-relevant systems, documented supply-chain security. We deliver AEO IT security proof and integrate customs-system hardening.

  • ISPS
    International Ship & Port Facility Security Code

    For maritime logistics with port operations: ISPS Level 1–3 with IT components (access control systems, manifest security, surveillance). We deliver the cyber component — detection for port IT systems and BCM for ISPS Level 3 scenarios.

  • AI Act
    EU AI Act · Art. 6 for route optimization and predictive maintenance

    Algorithms for autonomous dispatch, predictive maintenance and driver rating fall under high-risk AI. Governance, documentation, audit trail mandatory. We build the AI governance stack on LLM gateway and knowledge base basis.

  • ISO 27001
    ISO/IEC 27001:2022 · ISMS for logistics

    Insurers and large shippers increasingly demand ISO 27001 as minimum standard. We build the ISMS with logistics-specific Annex A controls (hub security, subcontractor identity, supply-chain reviews) and prepare certification — 12–18 months typical.

Sector facts

As of 2026-05-27 · Source: dynexo Operations + BSI KRITIS data
Typical engagement size200–5,000 employees · multiple sites (hub clusters, regional hubs)
Most common triggersKRITIS supervisory audit, hub incident/ransomware, cyber-insurer requirement, NIS2 reporting obligation
Typical deployment modelEU cloud (dispatch, TMS) + hub on-prem (sorter SCADA, control) · Reason: real-time requirement, air-gap at critical plants
Core regulationNIS2, KRITIS (TR-03182), GDPR, DORA (if insurance-relevant)
Nova9 modules in useEndpoint agents, knowledge base (TMS/dispatch semantics), observability, message bus (hub routing), business agents (escalation)
Typical onboarding30–60 days (stack mapping, baseline, detection tuning, subcontractor IAM setup)
Audit mirrorFully in EU · Retention: 7 years (NIS2/KRITIS)
Clone handoverAvailable · Critical for shift staff and hub operators
Asked often

Asked before the briefing

  • Which WMS and TMS do you support?
    SAP EWM, Manhattan SCALE, Körber Logistics natively. For others: API onboarding is standard. Dispatch systems (Locus, Microlise, Geotrack) via event stream or log integration. Modern stacks have data interfaces.
  • How fast are we productive after a hub incident?
    Engineer arrival 30 min, detection baseline 7 days, full engagement with subcontractor governance 30 days. With existing engagement: incident escalation is automated — shift leader is in loop in seconds.
  • Can you process telematics data (vehicle GPS, driver IDs)?
    Yes, GDPR-compliant. It's personal data per Art. 4 GDPR — we minimize to operational necessity, pseudonymize driver IDs and set short retention. API requests are logged, subprocessors are contractually bound.
  • How do you manage subcontractor identity?
    Federation (SAML/OIDC) to your HR system, time-limited accounts (e.g., 6 months for seasonal drivers), automated deprovision. Every access to TMS/dispatch is audited. Audit logs are 7-year retained.
Next step

How do we make your logistics infrastructure outage-proof?

The industry briefing analyzes your dispatch, TMS and hub stacks, shows continuity gaps and sketches an incident response plan that's BSI-compliant and protects your supply chains.

Request industry briefing Book a security briefing