A new report depicts a hypothetical cyber attack launched via a computer virus carried by ships, which then scrambles the cargo database records at major ports and leads to severe disruption.
Shen Attack: Cyber risk in Asia Pacific Ports says an attack of this scale would cause substantial economic damage to a wide range of business sectors globally due to the interconnectivity of the maritime supply chain.
The report is the second publication from the Cyber Risk Management (CyRiM) project, the Singapore-based public-private initiative that assesses cyber risks, of which Lloyd’s is one of the founding members.
Shen Attack estimates that losses of up to $110 billion would occur in an extreme scenario in which a computer virus infects 15 ports. Transportation, aviation and aerospace sectors would be the most affected ($28.2 billion total economic losses), followed by manufacturing ($23.6 billion) and retail ($18.5 billion).
Ports would be unable to accommodate cargo and cruise ships. Heavy-haul trucks would be stranded and cause backlogs en route to ports. Even the end consumer would be affected as groceries would not be delivered to stores.
Productivity losses would affect each country that has bilateral trade with the attacked ports. Asia would be the worst affected region, set to lose up to $27 billion in indirect economic losses, followed by $623 million in Europe and $266 million in North America.
An increase in cyber attacks in Asia in recent years has led to more companies taking out standalone cyber insurance, with an 87 percent rise in cyber insurance adoption. However, the report writers say the global economy is underprepared for a successful cyber attack, with 92 percent of the total economic costs still left uninsured.
The attack scenario described in the report was created by the University of Cambridge Centre for Risk Studies. The virus originates in a ship management company’s cargo management software, corrupting the manifests of all the ships it manages. The virus then travels through the port management system supply chain to disrupt the first port of call for each infected ship. Once the corrupt manifests are opened at destination ports, the virus spreads through the port’s cargo management network. It works its way through the entire shipping supply chain with even third-party industries experiencing knock-on effects.
The hypothetical Shen virus gets its name from a shapeshifting sea monster from Chinese mythology.
The combination of aging shipping infrastructure and complex supply chains makes the shipping industry vulnerable to attack and consequentially huge losses. While the Shen attack is not a definitive forecast, it does highlight the need for vigilance in an industry that could be brought to its knees by a cyber event originating in Asia and spreading to Europe, America and the rest of the world.