What should the shipping industry do after the Maersk cyber-attack?
Cyber-attacks are spreading globally and are signs of a new era for all businesses.
As the shipping industry takes the digital transformation curve, supply chains will become even more dependent on functioning IT systems and automated processes, increasing the exposure to and impact of cyber-attacks.
So, what lesson should the logistics sector learn and what action should we take?
– First, we need to acknowledge that cyber criminality is a new large-scale threat which can create unprecedented damages in shipping operations, impacting the whole supply chains. No one is 100% safe. Risk is real. This is not an IT issue to be handled by IT specialists only.
– Second, the shipping industry has been active at addressing effectively many types of other risks, with special working group, regulations and cooperation. Whether this has been navigation risks, physical damages, dangerous cargo risks, anti-terrorism “advanced declarations”, green lanes or piracy threats, stakeholders, regulators, industry association have been able to curb these threats at international level, while insurers have developed policies for these risks and IT and other specialists have introduced new risk management and audit tools.
Shipping knows how to adapt to new risks. More recently the Hanjin collapse raised concerns about the financial bankruptcy risk of carriers; shippers and others are now using provider risk measurement indices like the Drewry “Z scores”. “THE Alliance” has announced a bankruptcy contingency plan in case of an alliance partner’s failure.
In Drewry’s view, the same general cooperation needs to happen with cyber security along 3 axes:
– Ocean carriers, terminal operators, forwarders and other providers must develop a robust contingency plan based on human and organisational responses. Maersk has reportedly been helped by its alliance partner MSC in the current extreme situation.
– Data aggregators or platforms must provide instant assessments of the exact situation and alternatives and share the required information: Where is my cargo? Which vessels and ports are impacted? If Maersk cannot book, which Maersk vessel-sharing partner could take bookings?
– A cross-functional working group backed by experts with expertise in IT, organisation and knowledge of the digital shipping ecosystem could evaluate the digital resilience of the supply chain and publish its findings. A further exercise should lead to mapping the electronic interconnectivity of players including which data is being transmitted and automated.
Cooperation between carriers, port operators, port community systems, governments as well as B2B platforms will be decisive to face and overcome such cyber threats in the years to come.
Drewry’s e-business in transport consultants would welcome comments and replies from stakeholders.