The June 2017 Cyberattack on Maersk affected shipping terminals worldwide and even led to the shutdown of the Port of Los Angeles, one of the largest cargo terminals, in the world for a few days.
Operations were disrupted, ports had to be closed, and Maersk had to go return to conducting business on paper just to get goods moving from ships to the shore again. The attack cost the Danish shipping giant $200-300 million, and it has definitely changed the way the shipping industry looks at cybersecurity.
Yet it is interesting to note that Maersk still reported a net profit. And it is pertinent to examine what our industry has learned from this.
Maersk Gets Hit
On 27 June 2017, Maersk’s three global businesses - Maersk Line, Damco and APM Terminals, were affected by the NotPetya worm which was able to block access to all the major systems that Maersk uses to operate its shipping terminals around the world.
The cyber hack happened just a month after the ransomware WannaCry attacked several computers in British health clinics and other government agencies. While NotPetya looks like a ransomware on the screen and uses the same break-in technique as WannaCry of exploiting the vulnerability of unpatched Microsoft Windows OS, it's a worm and its main purpose is not to seek ransom, but to create havoc.
Traced back to a compromised tax accounting software which is widely used in Ukraine, NotPetya started spreading late June, and Maersk was one of 7,000 companies affected globally. The company’s operations were severely affected since the worm made all the data and applications unavailable for a while. Since Maersk is about 18 percent of all container trade, the attack understandably caused panic among cargo owners all around the world. It took the company two whole weeks to fix their systems and get their operations running again.
The Fallout and Lessons Learned
With its major terminals getting shut down, not only did Maersk lose business during the two week period, but the company also lost a lot of money as it tackled to operate without its digital systems. As expected, Maersk is now rebuilding their complete IT systems to prevent a situation like this from happening again.
With the average freight rates at Maersk up by 14 percent in Q3, the company was able to grow revenue to offset the financial loss caused by the cyber attack easily.
The cyber attack led to a loss of the company’s transport and logistics division by $200-300 million. The majority of the impact was related to the Maersk line which reported a total underlying profit of $211 million and 4.3% Return on Invested Capital.
The company has already announced that its hardening up its systems and increasing the ability to isolate hacker attacks and at the same time, rebuild their systems faster. None of the customers deserted Maersk, and the bookings were restored back when the system came back up.
One of the key learnings from this incident was that authorities, suppliers, and customers actually helped the company get through since they understood cyberattacks are a global problem and this could have easily been them.
What can we learn from this?
The fact that a large shipping and logistics company such as Maersk was affected by a major cyber attack has definitely rung bells in the entire shipping industry. This has led to owners and operators being more aware of cybersecurity and taking steps to strengthen it.
According to a 2017 study by Futurenautics, 44% of ship operators think their company’s IT systems aren’t equipped to handle cyber attacks effectively and 39% of them have been hit by a cyber attack in the last one year.
Here are some of the ways the shipping industry can better learn from this and make sure it doesn’t happen to them:
1- Upgrade IT systems on large vessels
The mindset in maritime and shipping is that, once you build a ship, it should easily last you for 15 to 20 years without any need for upgrades. Large vessels also have digital systems built in them, but they cannot be treated the same way. There are two main issues companies need to tackle:
The digital systems aren’t built keeping security in mind. Instead, security is an extra add-on. Most systems are too old to be able to support the latest antivirus technologies
Companies need to take steps to mitigate these two points by implementing advanced IT systems which have security at their very core.
2- Build Defences
It’s crucial that now companies implement cybersecurity solutions to minimize attacks and repel them even before they have affected the systems in any way. The idea is to isolate cyber attacks so that even if they affect one system, they do not affect the rest.
At the same time, the crew on board should be trained to handle and understand these systems, apart from the support provided by IT teams offshore. After all, there are IT systems on ships as well, and if a crew clicks on a malicious email link or inserts a virus infected USB, the repercussions could be big.
3- Follow best practices
Shipping companies can no longer wait to get attacked to do something about cybersecurity; they have to put their guards up to ensure their systems are safe and operations aren’t affected anywhere in the future. This can be done with a risk assessment for every vessel to identify its vulnerabilities and following best practices.
Just this year, the International Maritime Organization (IMO) issued a set of guidelines to safeguard the shipping industry from current and emerging cyber threats. Similarly, the UK government too issued a set of cybersecurity practices for ships.