In the wake of the havoc and damage wreaked by the devastating NotPetya cyberattack, shippers and logistics providers are left wondering how they can safeguard themselves against similar attacks in the future. The attack has revealed not only how severe the damage from a virus can be but also how vulnerable shipping systems are to this.
NotPetya hit the world’s largest container line, the A.P. Moller-Maersk Group, with crippling swiftness. The carrier’s APM Terminal in New Jersey was virtually paralyzed for three days and took at least 11 days to return to normal operational levels.
In the express sector, TNT fared little better. The European subsidiary of FedEx was still struggling to clear its backlogs and resume normal operations in late July, a month after it was hit.
Beyond returning to normal activity, it will take some time for the longer-term repercussions to become clear. “We cannot measure the financial impact of this service disruption at this time, but it could be material,” FedEx stated in an update on TNT operations on July 6.
The severity of the problems prompted the US Transportation Security Agency to issue an Indirect Air Carrier System Alert on June 29.
NotPetya was an exceptionally powerful virus. Computer security firm Kaspersky estimates that it affected some 2,000 systems in North America and Europe. Among its victims were Russian oil firm Rosneft and chemical giant Merck, as well as banks and some government agencies.
However, the impact does not stop at the firms whose systems were crippled or disrupted. It also affected other companies in the supply chain as well as shippers and consignees whose business was disrupted. Along the supply chain, companies have been forced to scrutinise their safeguards against cyberattacks.
According to one study published in early July, nearly half of the world’s top 50 ocean carriers have weak cybersecurity set-ups.
To raise awareness of some vulnerabilities, Flexport, which describes itself as a “technology-driven forwarder, highlighted six potentially critical points in a blog. This was based on a programme that has run for about a year under which the company offers rewards for private and professional hackers who find weak spots in its own set-up.
The Baltic and International Maritime Council (BIMCO) released an updated version of its Guidelines for Cyber Security Onboard Ships paper on July 5. This includes guidelines on the segregation of cyber networks, on managing the ship-to-shore interface and on cyber security during port calls and land communications.
BIMCO also updated the chapters on contingency planning and how to respond to and recover from cyberattacks.
“Cyber security threats are dynamic in nature and protection against threats is a continuous ‘catching-up’ task. Regulations tend to be static and the nature of the regulatory process renders the result somewhat outdated when adopted,” BIMCO warned in its comments on the release of the updates.
All of this may not be enough. The severity and sophistication of the NotPetya attack are of a magnitude that indicates that the people behind it were not ordinary criminals but operators at the level of state-sponsored hackers whose equipment and sophistication are lightyears ahead of the security arrangements of commercial enterprises and challenge even national governments.
This suggests that, while all efforts should be taken to boost security and fix identifiable vulnerabilities, companies need contingency plans how to cope with a severe disruption from a cyberattack. Firms have to be prepared for a shutdown of their IT platform and have plans in place how to ramp it back up by gradually reinstalling software to bring back functionality.
In Britain, customs announced that it had formally embraced a fall-back system to prevent a meltdown of air cargo clearance processes. The move was welcomed by the British International Freight Association, which represents the nation’s freight forwarders.
At the same time, there is the issue of data flows beyond proprietary systems. In a blog on his company’s website, Flexport CEO Ryan Petersen brought up the issue of connectedness to other operators and the sharing of data.
“Freight forwarding depends on third-party carriers by nature – so despite whatever security measures Flexport puts in place to safeguard our own data, our partners will always be susceptible to data breaches. To limit risks and protect our clients’ sensitive information, we don’t share any data with carriers or freighter partners except what those parties need to know in order to move our shipments,” he said.
In the same vein, FedEx stressed that no customer data were compromised at TNT during the disruption caused by the cyberattack.
No doubt the crooks will continue to up their game.
By Ian Putzger
Correspondent | Toronto