If you were a US truck company expecting to load a container from an American port last week, you could have woken up facing the headache of your trucks being turned away at the port gates. If you were a retailer expecting a fresh delivery of stock 24 hours later, you might have found yourself with empty shelves.
The reason? Ransomware in the form of Petya which struck the systems of Maersk Line shipping, alongside a raft of other industries. So serious was the disruption that as much as 15% of all shipping movements were affected. “If you shut down Felixstowe or Southampton, that will stop global trade,” said Jody Cleworth, CEO of Marine Transport International (MTI) in an interview with DataIQ. “An attack like that shutting the port gates is a real concern for the future.”
With Maersk Line prevented from accessing data in its business-critical ERP systems, it was unable to release any containers to clients with significant knock-on effects. “In shipping, there are demurrage and detention charges for getting containers in or out early,” pointed out Cleworth. Credit agreements in the supply chain are usually reconciled on the release of goods from the supply chain - the delays caused by the ransomware will have had direct financial impacts and could ultimately lead to lawsuits and claims for damages.
“The attack poses the bigger question - are we using the right technology in our supply chain? It is not just Maersk, but customs, tracking services, shippers, load points. It is very thought-provoking because shipping is critical infrastructure and what if it happens again?” he asked. While the ransomware seems to have focused on cyber-security flaws in ERP systems, the cyber-physical nature of supply chains make the takeover of a crane or even a ship a possibility.
“This is supply chain’s Y2K moment,” said Cleworth, referencing a critical flaw in the Microsoft operating system identified in 1999 which it was feared could have led to major failures, including planes falling from the skies. A massive preventative upgrade was pursued globally and there were few reported issues as a result.
MTI is advocating a similar effort to modernise supply chains through the adoption of blockchain and dsitributed ledger technology (DLT). It has already stood up a live blockchain for the International Maritime Organisation-mandated verified gross mass certificate which every container has to gain. Since then, it has been working on ensuring interoperability with other core technology components in the supply chain.
“We have the ability to integrate with ERP systems that load sites rely on. In the shipping industry, 99% of systems use EDI for administration, commerce and transport (EDIFACT), so I challenged our programmers to enable integration. With our ledger, applications can scroll back in time to when the container was loaded, how it got there, all the events along the chain, even pictures of the container,” he said.
The University of Copenhagen has published a whitepaper signing off on the ability of MTI’s DLT to integrate with ERP systems and, as a result, to bring about a value-driving benefit - the ability to trigger pre-shipment payments against bills of lading, rather than the post-shipment and credit reconciliation which is currently used. This value-driving benefit could be the tipping point for adoption. “It creates a singe source of truth and creates real-time value for people in the supply chain, which would improve profitability,” said Cleworth.
The defensive benefit of blockchain would also have been significant last week. If Maersk had been running on the system when one of its servers got infected with ransomware, it could have simply unplugged what would have been a node in the DLT, put a fresh server in place and all of the data would have been restored cleanly from the blockchain through its “self-healing” nature.
MTI is now working with Cranfield College in the UK and a Dutch consortium of ABN Amro, the Port of Rotterdam and Flora Holland, called Dialog, to push for adoption of blockchain across the shipping and supply chain sector. “We’ve invested in it and have got to a pilot stage where we have a viable model that can scale. Now we need to bring in other partners,” said Cleworth.
Legacy systems and rivalries between companies may get in the way. But if the experience of last week’s ransomware attack has taught the industry anything, it should be how vulnerable its legacy technology really is and why, unless it is updated, global trade itself could be threatened by bad actors. As Cleworth put it: “Outside of social media, supply chain is what connects all of us.”