Mediterranean Shipping Co.’s company website and online booking platform are offline due to a network outage at one of its data centers, the carrier confirmed Friday. The outages began Thursday night, according to customer chatter on LinkedIn.
“While we do not rule out the possibility of malware, we have decided to close down our servers in our headquarters as a first safety measure,” the Geneva-based carrier said in a Friday statement. “We continue to monitor and evaluate the situation, and we're working towards full recovery in the shortest time possible."
MSC said the outage only impacts its IT systems at headquarters, and agency's IT networks are separate to prevent an “issue” in one from affecting the other networks. As the outage won't impact the delivery of cargo, MSC said shipping services can be booked via phone, email, and through Inttra and Infor Nexus.
The outage underscores the fact that advancements in online booking also come with risks, and that like other industries, container shipping is increasingly under threat from cyber attacks — even if few companies publicly disclose such attacks. An exception to this was publicly traded Maersk Line, which told investors the so-called NotPetya cyber attack cost it $250–350 million in 2017.
The attack on Maersk, followed by what appeared to be a smaller-scale attack on Cosco Shipping in 2018, comes amid a broader industry effort to digitize operations and a steady rise in cyber attacks on business in general.
As container lines gradually build their online transactional capabilities, such as quoting and booking, outages present a broader threat to business continuity. The distributed nature of online systems also creates more vulnerability to outside threats than that existed in their previous organizational setups.
However, carriers are inherently exposed to cyber threats by the nature of the myriad external parties with which they work, such as shippers, forwarders, terminals, and governmental agencies, and part of that vulnerability lies in the reliance on older computing frameworks that are not as robust, from a security perspective, as newer, internet-based ones.