You are on page 1of 4

Global Shipping Giant Maersk Is Reeling From

the Ransomware Fallout


Global shipping is still feeling the effects of a cyber attack that hit A.P.
Moller-Maersk two days ago, showing the scale of the damage a
computer virus can unleash on the technology dependent and inter-
connected industry.

About 90% of world trade is transported by sea, with ships and ports
acting as the arteries of the global economy. Ports increasingly rely on
communications systems to keep operations running smoothly, and
any IT glitches can create major disruptions for complex logistic supply
chains.

The cyber attack was among the biggest-ever disruptions to hit global
shipping. Several port terminals run by a Maersk division, including in
the United States, India, Spain, the Netherlands, were still struggling
to revert to normal operations on Thursday after experiencing massive
disruptions.

South Florida Container Terminal, for example, said dry cargo could
not be delivered and no container would be received. Anil Diggikar,
chairman of JNPT port, near the Indian commercial hub of Mumbai,
told Reuters that he did not know "when exactly the terminal will be
running smoothly."
His uncertainty was echoed by Maersk itself, which told Reuters that a
number of IT systems were still shut down and that it could not say
when normal business operations would be resumed.
It said it was not able to comment on specific questions regarding the
breach of its IT systems or the state of its cyber security as it had "all
available hands focused on practical stuff and getting things back to
normal."

Get Data Sheet, Fortunes technology newsletter.


The impact of the attack on the company has reverberated across the
industry given its position as the world's biggest container shipping
line and also operator of 76 ports via its APM Terminals division.
Container ships transport much of the world's consumer goods and
food, while dry bulk ships haul commodities including coal and grain
and tankers carry vital oil and gas supplies.

"As Maersk (AMKBY, -0.71%) is about 18% of all container trade, can
you imagine the panic this must be causing in the logistic chain of all
those cargo owners all over the world?" said Khalid Hashim, managing
director of Precious Shipping, one of Thailand's largest dry cargo ship
owners.
"Right now none of them know where any of their cargoes
(or)containers are. And this 'black hole' of lack of knowledge will
continue till Maersk are able to bring back their systems on line."

Back to Basics

The computer virus, which researchers are calling GoldenEye or


Petya, began its spread on Tuesday in Ukraine and affected companies
in dozens of countries.

Maersk said the attack had caused outages at its computer systems
across the world.

In an example of the turmoil that ensued, the unloading of vessels at


the group's Tacoma terminal was severely slowed on Tuesday and
Wednesday, said Dean McGrath, president of the International
Longshore and Warehouse Union Local 23 there.

The terminal is a key supply line for the delivery of domestic goods
such as milk and groceries and construction materials to Anchorage,
Alaska.

"They went back to basics and did everything on paper," McGrath said.
Ong Choo Kiat, President of U-Ming Marine Transport , Taiwan's
largest dry bulk ship owner, said the fact Maersk had been affected
rang alarm bells for the whole shipping industry as the Danish
company was regarded as a leader in IT technology.

"But they ended up one of the first few casualties. I therefore conclude
that shipping is lacking behind the other industry in term of cyber
security," he said.

"How long would it takes to catch up? I don't know. But recently all
owners and operators are definitely more aware of the risk of cyber
security and beginning to pay more attention to it."
In a leading transport survey by international law firm Norton Rose
Fulbright published this week, 87% of respondents from the shipping
industry believed cyber attacks would increase over the next five years
- a level that was higher than counterparts in the aviation, rail and
logistics industries.

Vulnerable

Apart from the reliance on computer systems, ships themselves are


increasingly exposed to interference through electronic navigation
devices such as the Global Positioning System (GPS) and lack the
backup systems airliners have to prevent crashes, according to cyber
security experts.

There were no indications that GPS and other electronic navigation


aids were affected by this week's attack, but security specialists say
such systems are vulnerable to signal loss from deliberate jamming by
hackers.

Last year, South Korea said hundreds of fishing vessels had returned
early to port after its GPS signals were jammed by North Korea, which
denied responsibility.

"The Maersk attack raises our awareness of the vulnerability of


shipping and ports to technological failure," said Professor David Last,
a previous president of Britain's Royal Institute of Navigation.
"When GPS fails, ships' captains lose their principal means of
navigation and much of their communications and computer links.
They have to slow down and miss port schedules," said Last, who is
also a strategic advisor to the General Lighthouse Authorities of the UK
and Ireland.

A number of countries including the UK and the United States are


looking into deploying a radar based back up navigation system for
ships called eLoran, but this will take time to develop.

David Nordell, head of strategy and policy for London-based think


tank, the Centre for Strategic Cyberspace and Security Science, said the
global shipping and port industries were vulnerable to cyber attack,
because their operating technologies tend to be old.

"It's certainly possible to imagine that two container ships, or, even
worse, oil or gas tankers, could be hacked into colliding, resulting in
loss of life and cargo, and perhaps total loss of the vessels," Nordell
said.

"Carried out in a strategically sensitive location such as the Malacca


Straits or the Bosphorus, a collision like this could block shipping for
enough time to cause serious dislocations to trade."

Secretive Industry

Cyber risks also pose challenges for insurance cover.


In a particularly secretive industry, information about the nature of
cyber attacks is still scarce, which insurance and shipping officials say
is an obstacle to mitigating the risk, which means there are gaps in
insurance cover available.
"There has been a lot of non-reporting (of breaches) on ships, and
were trying efforts where even if there could be anonymous reporting
on a platform so we can start to get the information and the data," said
Andrew Kinsey, senior marine consultant at insurer Allianz Global
Corporate & Specialty.

There is also a gap in provision, because most existing cyber or hull


insurance policies - which insure the ship itself - will not cover the risk
of a navigation system being jammed or physical damage to the ship
caused by a hacking attack.

"The industry is just waking up to its vulnerability," said Colin


Gillespie, deputy director of loss prevention with ship insurer North.
"Perhaps it is time for insurers, reinsurers, ship operators and port
operators to sit down together and consider these risks in detail. A
collective response is needed - we are all under attack."