Watch Now


Editorial: When Maersk catches a cold

The recent “Petya” cyber attack involving Danish shipping giant A.P. Moller-Maersk should serve as a stark reminder to all companies in the global shipping industry to reexamine existing systems protections and contingency plans.

   The possibility of a major cyber attack on the commercial shipping industry has been lurking just beneath the waves for years, and in late June finally reared its ugly head in a massive way when the operations world’s largest container-shipping company, A.P. Moller-Maersk, were nearly paralyzed by the computer virus Petya.
   Once in the door, the “wiper” malware rapidly infected Maersk’s container, terminal and freight forwarding operations. It took nearly five days for the company to clean out and restore its systems from backup, and it may take even longer to restore customer confidence.
   Trade is inherently global and distributed, involving many partners—large and small, sophisticated and unsophisticated—who communicate with each other largely by exchanging emails and attachments.
   “It’s a tough target to harden as a whole because cybersecurity is only as strong as the most vulnerable spot,” explained American Shipper’s longtime IT editor, Eric Johnson. “All it takes is for one unsuspecting person to open a bad attachment, or one failed or forgotten software update, for the virus to take hold.”
   In the immediate aftermath of Maersk’s cyber attack, there will be a lot of attention focused on carriers and their IT security, and rightly so. Maersk’s own investigation into how the Petya virus entered and attacked its system with such swiftness may take some time.
   What is known, however, is that over time many companies become at risk of operating aging systems and software programs that without proper updating are prone to crippling cyber attacks and other types of outages. Johnson, who has personally observed many shipping and logistics industry systems as well as spoken with their gatekeepers over the years, noted that often these systems are maintained by the companies themselves, rather than by third-party IT specialists who rigorously stay on top of systems maintenance and malware threats circulating throughout the cyber world.
   More importantly, the recent cyber attack involving Maersk should serve as a lesson to all companies in the global shipping industry.
   “Emails have no borders. Websites have no borders. Some operating systems function globally. That means global 3PLs are susceptible as well,” Johnson warned.
   There are actions that carriers and 3PLs should already be taking on a routine basis to prevent suffering a similar fate.
   First, reexamine existing systems protections. Are you confident in the ability of your in-house IT resources to protect your systems? Do you need outside help? Should you acquire new software that’s inherently better at protecting systems and data from intrusion?
   Second, reexamine your contingency plans. Do you have a backup system that critical operational functions can be migrated to temporarily? Can you make do with manual processes while a problem is corrected? What’s your plan B, C and D?
   And third, plan to constantly update both those protections and contingencies.
   For years, we have heard corporate executives explain in countless forums that the handling of shipping data has become just as important—more so in some cases—than the physical movement of the freight. If that is indeed the case, then carriers and 3PLs have the utmost responsibility to ensure that their systems are protected as much as possible, and if a future attack should occur, that their customers are minimally impacted.

Chris Gillis

Located in the Washington, D.C. area, Chris Gillis primarily reports on regulatory and legislative topics that impact cross-border trade. He joined American Shipper in 1994, shortly after graduating from Mount St. Mary’s College in Emmitsburg, Md., with a degree in international business and economics.