In June 2017, hackers launched a major global cyberattack using NotPetya malware. Shipping giant Maersk was one of the many European businesses affected, resulting in worldwide outages of its computer systems and forcing some port terminals to shut down. Considering this was one of the biggest disruptions of global shipping in history, Maersk restored all of its major systems quickly, but the delays and backlogs cost the company as much as $300 million in profits.
Pharmaceutical giant Merck was another target of the NotPetya attack and, two months after the incident, reported that the malware had affected its manufacturing, research, and sales operations worldwide, and continued to affect “certain operations.”
NotPetya is a clear example of how cyberattacks can impact the entire supply chain, from manufacturing (Merck) through shipping (Maersk), and pose a serious threat to everyone in the maritime industry.
Vulnerable Shipping Operations
Because nearly 90 percent of world trade is transported by sea, hackers will always target the marine shipping industry. Vessels, ports, and global supply chains increasingly rely on interconnected technologies to run operations smoothly, but are behind the curve on cybersecurity. The combination of being a persistent target with limited protections leaves shipping operations vulnerable — any digital disruptions are likely to cause significant logistical problems and financial losses.
How vulnerable? There is no denying that the threat is real.
Shippers’ computer systems contain a wealth of sensitive data, and hacking into those systems gives attackers access to information such as which crates and vessels contain valuable cargo. Cyberattacks have also targeted email systems. A virus can monitor all inbound and outbound communications and change the text of an email — such as replacing a bank account number when a supplier is requesting a payment.
On-board technologies are also vulnerable. Hacking a switchboard will wreak havoc on all of a ship’s activities — for example, cutting off power to a propeller and other connected machinery. Breaking into electronic navigation systems, such as the Electronic Chart Display (Ecdis) and Global Positioning System (GPS), allows hackers to change a ship’s coordinates or jam signals.
Yet arguably the greatest risk is the threat to interconnected systems. Malware can spread from one computer to every other computer in the network; infecting operations using block-chain technology will disrupt the entire supply chain.
Protection from Cyberattacks
The response to these cyberattacks should not be to shun technology and revert back to paper-based operations. Rather, the shipping industry needs to adopt more sophisticated technology and best practices to protect itself from attacks.
Last July, the International Maritime Organisation published guidelines on how to manage maritime cyber risk. Cybersecurity teams can also be brought in to perform investigative tests on a shipping network’s level of security, and advise on how to strengthen it.
Educating employees and contractors is important, but shouldn’t be the only line of defense. There are many technologies available to help reduce a company’s susceptibility to an attack such as multi-factor authentication (MFA). Adding an additional level of security could be the difference between a failed attack and a hijacked system.
“The key is to be proactive and not reactive with cybersecurity,” says Matt Rebello, vice president of information technology at Falvey Insurance Group. “A cybersecurity policy needs to be developed and implemented that includes annual tests to expose any system vulnerabilities. And it’s critical to take action on those test results and quickly fortify the system.”
Shoring up defenses against cyberattacks is a continual effort that must be prioritized by everyone operating in the marine shipping industry. Investing in cybersecurity technology and experts will pay off in the protection gained.
Contact Falvey Cargo Underwriting to learn more about how to proactively protect and prevent losses.