This Week in Logistics News (July 23-27, 2018)

Cyberattack and hacker threats.

Robots and self-driving cars.

Same-day delivery.



Just another typical week in the world of supply chain and logistics. Here’s the news that caught my attention:

Makes You WannaCry Again

Heading into 2017, one of my predictions was that we would see a rise in cyberattacks, with supply chain and logistics operations becoming new targets. Less than five months later, in May 2017, news broke about the WannaCry cyberattack that impacted FedEx, Renault, and many other companies. A few weeks later, another cyberattack — via a computer virus dubbed Petya that apparently infected a Ukrainian tax software product — disrupted supply chains around the globe, including operations at FedEx and Maersk (the latter ultimately lost $300 million as a result).

The hackers are back at it again, this time targeting Cosco Shipping Holdings. As reported by the Wall Street Journal, “Cosco Shipping Holdings Co. was hit by a cyberattack that has disabled the Chinese state-run company’s U.S. website and email systems, but the company said the incident hasn’t disrupted its global shipping operations.” The company issued the following update yesterday:

After the network security problem in the Americas [had] been detected, to protect the interests of our customers, we have taken proactive measures to isolate internal networks to carry out technical inspections on global scale. With the reliable confirmation from the technical experts that the networks in all other regions are secure, the network applications were recovered at 16:00 (Beijing Time) on 25th July in all the regions except the Americas. As of now, all the business operations have been back to normal in the regions with network recovered.

Meanwhile, we are trying best to investigate and fix the network problem in the Americas, and it is expected that the network applications will be gradually back to normal soon. We have started contingency plans, such as transfer of operations and conducting operation via remote access, to ensure continuous service in the Americas. During the network failure period, there could be delays in service response in the Americas, and we are expecting your kind understanding.

This could just be a minor breach or it could be the tip of the iceberg. “If shore-based and ship-based IT systems are linked, it could open a gateway to the COSCO ships, leaving them highly susceptible to an attack,” said Itai Sela, CEO of Israel based maritime cyber security firm Naval Dome, in a MarineLog article. “Vessels do not need to be attacked directly but an attack can arrive via the company’s shore-based IT systems and very easily penetrate the ships’ critical OT systems.”

We’ll just have to wait and see.

In related news, in case you need yet another reason why you should upgrade or patch your enterprise systems in a timely manner, Reuters reported that “The Department of Homeland Security issued an alert citing [a] study by security firms Digital Shadows and Onapsis that highlights the risks posed to thousands of unpatched business systems from software makers Oracle and SAP…[that] can enable hackers to steal corporate secrets.” Here are some excerpts from the article:

Systems at two government agencies and at firms in the media, energy and finance sectors were hit after failing to install patches or take other security measures advised by Oracle or SAP, security firms Onapsis and Digital Shadows said in the newly published report.

[Oracle and SAP] release regular patches to known security bugs in their software. However, customers are often reluctant to make fixes out of fear doing so might disrupt their manufacturing, sales or finance activities.

Risks also arise from installation mistakes or growing moves to link traditionally back-office business systems to the cloud in order to reach mobile or online users.

In their latest research, Onapsis and online monitoring firm Digital Shadows identified some 17,000 SAP and Oracle software installations exposed to the internet at more than 3,000 top companies, government agencies and universities. They did not name the affected organizations, but data seen by Reuters shows many of the world’s best-known firms at risk.

These news items are yet another warning for supply chain executives to stop being complacent when it comes to cybersecurity threats. What can you do? Read the recommendations I provided last year in The WannaCry Cyberattack: Another Warning for Supply Chain Executives. Also check out the following posts for related commentary:

And with that, have a happy weekend!

Song of the Week: “Nevermind” by Dennis Lloyd