Cosco Shipping Lines was able to contain the damage from last week’s cyber attack to its operations in the Americas, but even in the United States, Canada, and South America cargo handling at its marine terminals was largely unaffected because Cosco isolated its internal networks across its global operations.
“There is reason to think that Cosco was aware of what happened to Maersk and they took steps to minimize their risk. They didn’t have everything on one server,” said Susan Kohn Ross, a Los Angeles attorney who specializes in cyber security.
Cosco on Monday notified its customers that the cyber attack, which occurred on July 24 and caused a failure in its networks in the United States, Canada, Panama, Argentina, Brazil, Peru, Chile, and Uruguay, was over. “All of the areas have been totally recovered,” Cosco stated in a Q&A document. The notice included specific instructions for submitting cargo booking requests, booking confirmations, and booking amendments, as well as shipping procedures such as bill of lading instructions, cargo tracking, arrival notices, and the pick up of empty containers. Most of the procedures had returned to normal, with a few changes.
The relatively manageable impact of the cyber attack on Cosco followed, by less than a year, a more extensive attack on the Maersk Group that the company stated cost it $300 million in its global operations and lasted for more than two weeks. The NotPetya virus forced Maersk to shut down all communications with its customers and within the company, and affected not only Maersk Line but also APM Terminals and the freight forwarder Damco.
Maersk experienced vessel delays that pushed on-time reliability down from 74 percent to 55 percent. Although the impact on many of the terminals operated by its sister company APM was limited, the fully automated Maasvlatke II terminal in Rotterdam was shut down and could not accept vessel arrivals from June 29 to July 6, 2017.
Cosco commended for quick response, notifications to customers
Two days after the attack on Cosco, Itai Sela, CEO of Naval Dome, commended Cosco for its quick response and notifications to customers, although he told JOC.com sister publication Fairplay that the virus may have been dormant for some time, and it was possible that other shore and ship-based operations may have been breached. “We strongly recommend to whoever discovered the attack to thoroughly verify the breach has been contained and has not infected any ships in the Cosco fleet,” he said last week.
Terminal operators in the United States and Canada said last week that cargo handling continued without disruptions, although the process of communicating with customers and with Cosco was more time consuming because it was accomplished via emails and phone calls, rather than electronically through the Cosco network. Cosco established the “work-arounds” to prevent the virus from spreading.
Ross said that the cyber attacks last year on Maersk and last week on Cosco are a clear sign that others could occur because transportation logistics is a collection of many companies, and the industry requires a comprehensive plan of action. “There has to be a more sophisticated approach,” she said.
Contact Bill Mongelluzzo at firstname.lastname@example.org and follow him on Twitter: @billmongelluzzo.