Cyber Safety in the Shipping Industry


Two major international ports fell victim to cyber-attacks within the span of a week.

The Port of Barcelona and the Port of San Diego both suffered the attacks, leaving some to worry that the shipping industry will continue to be threatened by cyber-attacks. Luckily, no major issues have arose from these two recent cyber-attacks, but next time, ports may not be so lucky. Both ports reported that these attacks did not affect ship movements and have had very minimal disruptions in land shipments.

Despite minimal effects from the cyber-attacks, they have forced these ports to take a step back and wonder just how vulnerable they are, and how to address these issues in advance. Cyber-attacks are undoubtedly a question of public safety, as well as the safety of the hundreds of businesses that use these ports daily in one way or another. In these recent attacks, hackers requested a ransom payment in the form of bitcoin. However, not all cybercrimes are created equal. Some hackers just want information, while some threaten to shut everything down. Either way, cyber-attacks are likely have to negative effects on the business affected.

Back in July, one of the world’s largest shipping firms, China Ocean Shipping Company (COSCO), was the target of a cyber-attack.

Initially, the incident was reported to have affected the entire Port of Long Beach. However, it later became clear that the cyber-attack was isolated to COSCO’s internal network. The company faced ransomware that threatened their communications, and a shutdown of their overall systems. Although the ransomware used disrupted the company’s internal network, the company was able to manage the situation with very little damage to their network. Some companies aren’t so lucky. Some companies do too little, too late, but can provide clues to help prevent companies from future cyber-attacks in any form.

In June 2017, Maersk faced serious setbacks as a result of a cyber-attack that spiraled into losses of around $250-$300 million.

The attack was a real game-changer, since these high-volume losses and their effects on the lives of those affected prompted the shipping industry to realize change was needed. Nevertheless, change is a slow process, so further damage is definitely possible.

This time around, the damage done in Barcelona and San Diego was very minimal in comparison to the losses felt by Maersk last year. It’s possible that the Maersk cyber-attack prompted lessons to be learned by the shipping industry. For example, in April 2018, the Port of Barcelona posted an article to their website wondering aloud as to the vulnerability of their digital infrastructure, and others around the world in major port cities, to cyber-attacks.

So far, all potential cyber-attack scenarios mentioned in the port’s article were quick and straight to the point – a fast attack that leaves lasting damage in its path. But, some cyber-attacks happen over time. Starting in June 2011 and continuing for nearly two years, The Port of Antwerp fell victim to a very sophisticated cyber-attack. An organized group based out of Belgium were said to have infiltrated computer networks within the Port of Antwerp. They hacked into them in order to know the locations of shipments, seeking to smuggle illegal goods into the country. Not all cyber-attacks are as overtly disruptive, but they have helped raise awareness of the importance of giving ports functional and innovative ways to prevent future cyber-attacks and their ultimate negative impact.

Government and law enforcement agencies, along with ports and companies, are looking to the future of the ever-changing cyber world.

We all have to explore a future that is more dependent than ever on digitalization and digital systems. Governments specifically are looking for ways to keep points of entry safe, and secure a country’s ports, to allow companies and cities to operate as efficiently as possible.

Finally, companies are spending more on preventive measures in the case of a cyber-attack. They are taking the possibilities of attacks much more seriously. If they don’t, they are liable to find themselves in a digital rainstorm with no shelter in sight.