The BOC Blast 251 – Cosco Cyber Attack UPDATE

Cosco Cyber Attack UPDATE: Notifications, releases, arrival notices, and pick up number information all are still being severely impacted by this attack. BOC will continue to provide updates as we see them.

Cosco cargo moving slowly via US ports post cyber attack

Bill Mongelluzzo, Senior Editor | Jul 25, 2018 5:04PM EDT

As Cosco continues to guide its customers through email transmissions for the booking of cargo, there was good news on Wednesday.

Terminal operators at a half-dozen North American ports said Wednesday they are processing documentation and delivery orders from Cosco Shipping vessels more slowly than usual, but they’re getting the job done, during the second day of the cyber attack on Cosco’s operations in the Americas.

“The delivery process takes longer because it’s being done with emails rather than computers,” Ed DeNike, president of SSA Containers, said Wednesday. SSA handles Cosco’s vessel calls at its terminals in Seattle, Oakland, and Long Beach.

Cosco continues to guide its customers through email transmissions for the booking of cargo and in dealing with service issues, following Tuesday’s cyber attack on its operations in the Americas. “We’re talking to the customers, giving them the work-arounds,” said Howard Finkel, senior vice president of trade. “We’re not frozen out of doing business.”

In a bulletin Tuesday to its customers, Cosco said all of its vessels are operating normally, and its main business operations systems are stable. “The business operations in the Americas are still being carried out, and we are trying our best to make a full and quick recovery,” Cosco stated.

Cosco North America ships pretty much on schedule

Cosco vessels are calling at terminals throughout North America pretty much on schedule. Prince Rupert, Canada, was finishing work on a Cosco vessel Wednesday, and the next vessel is due in on Friday, said Brian Friesen, director of trade development. The Port of Charleston has taken steps to facilitate Cosco’s cargo movement, and the South Carolina port has encountered no major issues, said Barbara Melvin, senior vice president of operations and terminals. Ship tracking data showed just one Cosco ship in port in the United States as of Wednesday afternoon, with a second waiting at anchor, according to AISLive, a sister product of JOC.com.

DeNike explained that vessel documentation is usually transmitted electronically days before a ship reaches a North American port, so the manifest information for vessels currently at West Coast ports was received at least several days before Tuesday’s attack. Since Cosco’s systems are down, however, information required by beneficial cargo owners (BCOs) and truckers to take delivery of containers when they are cleared by Customs is now sent via email rather than electronically, and that slows down the process.

Terminals also implementing anti-cyber attack measures

While they are addressing the immediate need of processing vessels and delivering containers, the terminals are taking steps to protect themselves against any malware associated with the cyber attack. “Our security team is creating a safe email exchange facility that will allow inbound Cosco emails to be extensively screened prior to their relay to operations,” said Rich Ceci, senior vice president of technology and projects at Virginia International Terminals. The new email facility will address the processing of inbound ship files, while other electronic data interchange needs, including bookings and freight releases, are being handled verbally, Ceci said.

This is the second major cyber attack on the shipping industry in the past year. Last year’s attack on the Maersk Group reverberated throughout its global network and cost the company $250 million to $350 million, CEO Søren Skou said at the time.

Despite these major incidents, the international shipping industry is not doing enough to guard against future attacks. Phil Tinsley, head of maritime security at BIMCO, told a London International Shipping Week event last year that the size and scope of the threat is largely unknown, in part because of shipowner reluctance to share experiences.

Two ocean carriers have now been attacked

Two significant cyber attacks against two of the largest global shipping lines should be a wakeup call to BCOs about how they interact with ocean carriers for cargo bookings, confirmations, and container status events. Is it best practice to have individual connections with each carrier, or is it better to go through a platform or a transportation management system provider to aggregate the back-and-forth communications?

The exposure of carriers to attacks is occurring just as ports on both US coasts are encouraging vendors and service providers to share information on shipments in order to improve cargo velocity throughout the supply chain. Demands by BCOs, logistics providers, and other stakeholders for more visibility into cargo shipments requires the sharing of information among a number of parties, Dustin Stoker, chief operating officer at the Northwest Seaport Alliance, told the JOC’s Port Performance Conference in Elizabeth, New Jersey, in December. The risk that is involved in the interaction between a BCO, a carrier, and a terminal operator through a port information portal is therefore magnified because it now involves an entire network, Stoker said.

What is needed, Los Angeles attorney and cyber security expert Su Ross told the conference, is that companies throughout a supply chain, as much as possible, should demand that a “robust cyber security system” be deployed by its vendors and customers. While this may be easier for Fortune 500 companies to pull off, even smaller companies must consider such steps, she said.