COSCO's cyber attack and the importance of maritime cybersecurity — FreightWaves
July 27, 2018 https://www.freightwaves.com/news/technology/coscos-cyber-attack-and-the...
COSCO shipping has been at the receiving end of a cyber attack this week that saw its operations being hit across the world. The attack started out in the early hours of Tuesday in its U.S. office, with systems going down and certain email services getting affected. The problem spread out across the Americas over the next few days, with Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay being affected.
News spread and various news outlets raised the possibility of COSCO being held up by a ransomware attack. Though COSCO's official press releases never substantiated the claims, they neither seemed to put the concerns of a ransomware attack to the ground. The initial statement that came out on Wednesday made no specific mention of the countries that were affected, painting them under the “America regions” and in what can be called a plain-worded explanation at best, called the issue a “local network breakdown”.
The statements that followed mentioned the countries that were affected, but there still has been no word on the type of attack that the company has come under. Over the last two days, COSCO has been working with customers through its social media page and had also mentioned that the communication lines like its website, emails, EDI, and CargoSmart that remain open to the users had not been compromised.
“So far, all the vessels of our company are operating as normal, and our main business operation systems are performing stably,“ said the statement. “We have and will continue to assess developments and take corresponding measures to minimize the impact of current events on business.”
Following the course of events, it can be seen that though the cyber attack had spread to different centers of COSCO, it has not inflicted major damage as the company’s shipping operations go about unhindered. Then again, the larger issue at hand isn’t this isolated incident, but the frequency of such attacks in the logistics world.
A year has passed since the NotPetya cyber attack on Maersk, which disrupted the company’s operations for many weeks, thus costing the shipping major a loss of about $300 million. What makes this worrisome is the fact that Maersk was not a target, but an accidental victim to an attack targeted at the Ukrainian government. This begs the question - had Maersk been targeted, how much bigger would have been the impact?
Pro-actively building on cybersecurity of systems would help in the longer run, and so would having a contingency plan to tackle situations that go haywire. COSCO shipping seems to have one, as it mentioned that it would be conducting its operations via remote access, ensuring uninterrupted service to the Americas.
Add to this the prospect of autonomous shipping, which could be commonplace in the maritime industry in a decade. Though this looks to be a huge ask, the core technology that drives autonomous vehicles on the road is not entirely different from what could steer ships in the high seas.
Rolls-Royce, a pioneer in engine manufacturing, had recently opened an autonomous maritime research facility at Turku, Finland, to accommodate technologies which the company believes would shape the future of the maritime world. Rolls-Royce hopes to put autonomous ships in the water by 2025, and envisions fully-autonomous vessels carrying cargo across the ocean by 2035.
Ports are not far behind in the quest for automation. FreightWaves covered the port of Rotterdam is great detail, where the daily operations of the port have been fully automated. This includes equipment like forklifts and container cranes, to processes like loading of boxes onto the chassis, movement of boxes, and battery swapping at the yard.
Maritime operations cough up millions of data points every week, and it is crucial for shipping lines to have them stored in a secure database, as data theft is a likely scenario when there is a cyber attack. In essence, it is essential for companies to have a cybersecurity plan afloat, and consciously take steps to bolster its firewalls to stop attacks like the one with COSCO or Maersk from happening.