The new year began for Aida, as if it had ended the old one: the cancellation of voyages. Instead of a corona alarm on board or new travel restrictions, the massive IT failure on the “AidaMar” and at Rostock’s headquarters forced the shipping company to cancel several New Year’s Eve trips in the Canary Islands.
The Mecklenburg-Western Pomerania Criminal Police Office and the Rostock Public Prosecutor’s Office are currently investigating this. “Our IT specialists and Aida are looking for what happened,” a spokesman for the prosecutor said. All of this can be inconvenient and costly for passengers for the shipping company, but in addition, the damage caused by a suspected hacker attack is limited.
The situation is different with attacks on freight companies, which are part of most supply chains. The four largest container lines, which together account for about half of world trade, have all fallen victim to large-scale cyber attacks. It’s like trying to press the “pause” button in globalization. World market leader Maersk fought with Petya malware in 2017 for several weeks, later Chinese Cosco and the Mediterranean were hit.
The French CMA CGM caught it only in the autumn, when supply chains were already under pressure. World number four was occasionally offline. It took several days for “all offices to be reconnected to the network to improve booking and documentation processing times,” the company said at the time. Almost at the same time, there were cyber attacks on the United Nations Maritime Organization (IMO), which spoke of a “sophisticated attack” on its internal network.
The hacker attack cost Maersk $ 300 million
Maersk chief Søren Skou called the hacker attack a “shocking experience” that cost the company $ 300 million and temporarily paralyzed ports and ships. All IT systems had to be shut down. The CEO managed crisis management through WhatsApp, because the e-mails didn’t work either. Then the group set itself the goal of becoming a digital pioneer in world trade and today employs only 3,000 software specialists – also for its own protection.
Cyber defense should also ensure the supply of Covid-19 vaccines in the coming months. Over the next year, Maersk wants to bring one billion doses of vaccine to destinations in developing and emerging countries for the US pharmaceutical company Covaxx and will take over complete logistics from secure packaging to storage and transportation of ships, planes and trucks to hospital distribution.
The Maersk shipping company has also experienced a cyber attack. Photo: REUTERS
Interpol is already warning the world that vaccines could be the target of organized crime. Mel Buitendag of the insurance broker Gallagher therefore considers it necessary to fully monitor the supply – a type of digital escort protection. Manufacturers and logisticians must also protect themselves against cyber attacks that are not covered by ordinary transport insurance.
“If systems on land are not available for reserving containers, ships cannot be loaded and no revenue can be generated.” Targeted attacks on shipping companies are therefore lucrative for ransomware operators, “said cyber protection expert Ken Munro of Pen Test Partners, Bloomberg. The incident in Maersk “clearly attracted the attention of fraudsters and cybercriminals, who acknowledged that the shipping industry was in acute danger.”
Since the beginning of the year, there have been new specifications for cyber security
The situation is currently tense not only due to supply chains. “Given that 400,000 seafarers are currently stranded at sea worldwide, any further disruption, whether cyber or otherwise, should not only be a concern for the shipping industry, but for all those involved in the global value chain,” he urged. John Stawpert International Maritime Chamber (ICS).
While large corporations have long been committed to protecting their networks and data flows, the United Nations Transport Organization (IMO) is now also demanding that thousands of smaller transport companies be more resilient to IT. New specifications for cyber security on board ships have been in force since the beginning of the year.
To this end, international rules for the safe operation of ships have been extended and cyber risk management has been introduced. IT systems would have to be protected by “technical and organizational” measures. In Germany, the Federal Office for Information Security (BSI) assists in the protection of critical infrastructure.
“We still see a lot of catching up in terms of implementing the necessary IT security measures on board and on land,” said BSI President Arne Schönbohm. “The vulnerability of this logistics system, which is so important to all of us, has manifested itself in cyber attacks with NotPetya malware, which has also affected large logistics companies.” Medium-sized transport companies without a large IT department can implement a security concept model by authorities.