Shipping has 'collective blindness' and must improve its cyber security
Shipping remains blind to the threat posed by insufficient cyber security. And its continuing failure to ...
The cyber attack on Maersk has the potential to throw global container supply chains into chaos, according to Lars Jensen, chief executive of maritime cyber security firm CyberKeel.
Mr Jensen told delegates at the TOC Europe Container Supply Chain conference in Amsterdam today that the attack was likely to spread well beyond Maersk, its terminal operating arm, APM Terminals, and its customers.
According to his calculations, Maersk’s shipping lines – Maersk Line itself, Safmarine, Seago, MCC Transport and Sealand – book 3,300 teu every hour, some $2.7m in revenue.
At the time of writing, that equates to at least some 82,500 teu and revenue of $67.5m – a combination of shipments caught up in ports and on vessels and likely lost bookings.
“But there are other shipping lines that have boxes onboard Maersk vessels – these will not be able to be unloaded; other lines use APM Terminals’ facilities; and even unaffected third-party terminals may well have piles of boxes they will be unable to clear,” Mr Jensen said.
The number of shippers affected could amount to the tens of thousands, he said.
“If this goes on much longer they will be trying to book with other lines. But, guess what, the shippers I spoke to today are being told by other carriers that we have entered the peak season and there’s no space on vessels,” he added.
One forwarder, however, told The Loadstar that due to the attack he was hopeful of getting space on a Maersk ship – next month and at a good rate – that might otherwise have been booked. But another believed it was a “serious issue”.
Mr Jensen said the attack illustrated the inherent digital weakness of the shipping industry.
“No way does this imply that Maersk had insufficient security, if someone wants to hack you they will find a way.
“What it does mean is that shipping needs to build resilience into its digital products. It’s not about building a system and laying a security system over the top, but building security up front when you begin to develop a system – which, I’m afraid, is likely to cost more,” he said.