What does the Maersk Ransomware attack mean for UK logistics?

Petya and WannaCry are not household names, but they recently crippled logistics giant Maersk.

What impact will this have on the UK logistics industry and what lessons must be learned?

Evaluating risk in logistics

Before 27th June, if you’d asked different logistics sectors what their major challenges were, the answer would have looked something like this:

  •    Courier delivery = traffic, tracking device failure, failed delivery/revisits
  •    HGV = Brexit uncertainty, hotspots (Calais etc), working hours
  •    Air freight = drones, international terrorism, 3D printing
  •    Container freight = piracy, low margins, crew disputes
  •    Warehousing = forecasting, inventory accuracy

But a single date changed everything.

The Maersk experience – a case study

When Maersk tweeted on 27th June that ‘Global cyber-attack Petya is affecting multiple businesses’ they understated the case by several orders of magnitude. Within 24 hours it was obvious that all Maersk business units were under attack: the container shipping which is seen as the crux of the operation, but also port and tugboat logistics, oil and gas drilling and oil tankers.

Why Maersk?

It’s important to understand that Maersk made the headlines because it’s a giant, not because the attack was isolated to Maersk. With more than 600 container ships, it’s the biggest shipping business on the planet, handling 25% of all the containers that travel the lucrative Asia-Europe route. The impact of the Maersk attack will affect international trade, which is another reason that it got widely reported.

How does Ransomware work?

The current version of events says systems are being attacked by a strain of Ransomware that locks down computers by encrypting their entire systems with a secret key. The computer user receives a message telling them to pay $300 in bitcoins to restore access. By the 11th July, around £8,000 had been deposited in the bitcoin wallet linked to the attacks and within a week that money had been moved to other anonymous wallets. So somebody, somewhere, is paying to have their systems released. There is a strong suggestion that this particular attack may have been sponsored, if not carried out, by a government rather than a criminal consortium. State-sponsored cybercrime is an increasing element of international business and for the logistics industry this is a serious concern as it could suggest there’s a degree of future risk at any weak point in the global logistics supply chain.

Cyber attacks and global supply chains

While the attack on Maersk was not targeted specifically at the logistics industry, it has the potential to throw the global container supply chain into chaos. The combination of delayed shipments, vessels caught in ports, lost bookings is, in itself, toxic. On top of that there’s the chaos created by the number of shipping lines that have containers aboard Maersk vessels which they cannot access – this could be tens of thousands. Finally there are supposedly third-party terminals that will have piles of containers they cannot remove because there’s a backlog from Maersk’s collapse.

Peak season shipping

Many small shippers are trying to book with other lines, but now the logistics industry has entered peak season there is no space on alternate vessels. Forwarders are saying that it’s a serious issue that indicates an inherent weakness in the shipping industry, which must be handled.

Shipping and resilience

While Maersk isn’t considered to have been a security risk and it’s generally acknowledged that if hackers what to get you, they will, the situation reveals a lack of focus on robustness in the digital products it uses. In a number of cases in recent years there’s been evidence that shipping, and logistics generally, have tended to build programmes to manage businesses and they layered a security system over it. In future it will be vital to build security into systems upfront and will require user training.

UK logistics and incident response plans

According to the UK National Cyber Security Centre, growing disruption to banking and transport could be a feature of the future – there’s no way of judging if this is an isolated incident or part of a pattern of attack that will continue to probe, isolate and attack the vulnerable elements of a logistics chain. One significant factor in the recent attacks has been the varying speed with which organisations were able to get back into business, why could some organisations turn it around in 24-48 hours and not others? The answer, in part, is an incident response plan.

IT reliance in logistics

There is no way around it – digital systems have revolutionised the logistics industry. Unfortunately the revolution hasn’t always been ‘ground up’ which means there can be underlying pockets of weakness in an organisation’s structure which make it over-dependant on outdated technology.

An incident response plan serves two purposes – first it defines who does what, where and when, if your organisation is attacked or simply has an ‘Act of God’ systems failure. Second it can be used a training plan to ensure all parts of a logistics organisation are capable of recognising and responding to threat.

Incident response planning – preparation

Preparation is about reducing the threat footprint that your business creates. While you may spend only a few hours a year looking at your security, hackers spend all day, every day, probing it. Guess who’s going to win that battle? The preparation stage requires regular assessments of vulnerability – you’ll be amazed how many of your staff are able to respond creatively to threat scenarios you throw at them; the gaming industry has given many people a desire to role play computer threat for real. Effective preparation also tracks who has been trained, whether new hires are equipped to recognise threat and respond appropriately and logs what might be potential weakness tests.

Incident response planning – response systems

Whether you need to respond to a weakness test – hackers often push on weak systems to see if a full-scale attack is viable – or to a real cyber attack, it’s vital to have a response plan that identifies what systems you posses, what each system should do when a threat is identified and what communications each system should use to inform others. There are two vital reasons for this. First, slow communication of threat is something that cyber attacks rely on, and a rapid response system is vital as it an keep some parts of the organisation in the clear while others fight off attacks. Second, viruses often hijack communication systems to travel throughout an organisation, so firewalling the virus whilst spreading the news about its presence should be a well-planned response.

Incident response planning – post mortem

One of the greatest potential weaknesses of the UK logistics industry is that it is reactive. Running to keep up is a way of demonstrating how easy you’ll be to attack. The post mortem phase of incident response is vital because it investigates, reports back and critically reviews the response to any threat, whether real or imagined, so that lessons can be learned and the preparation and response phases of the plan can be modified to take on board new information.

Whichwarehouse can assist with your logistics requirements for anything from self-storage to pallet or bulk storage through to a complete supply chain solution for your products, even delivering your products to the end user.

Our members can offer you a full warehouse space and logistics services to run your business efficiently. Use our website today to source the best warehouse to rent in the UK area you require storage and distribution.

Comments Closed

Comments are closed.

Copyright © Which Warehouse Blog