It seems that the global economy is totally ill-prepared for the potential impact of a cyber-attack on ports in Asia, which include nine out of ten of the busiest in the world...
Earlier this year, Lloyd’s and the CyRiM project tasked the University of Cambridge Centre for Risk Studies with producing a report designed to investigate the potential damage a large-scale cyber-attack on Asia might cause.
Asia was the focal point because it is home to the world’s busiest ports and the report, entitled “Shen attack: Cyber risk in Asia Pacific ports”, revealed some eye-opening findings.
Predicted losses from the report
Transportation, aviation and aerospace - USD28.2 billion
Manufacturing - USD23.6 billion
Retail - USD18.5 billion
Asia - USD27 billion
Europe - USD623 million
North America - USD266 million
(Indirect economic losses; each country that has bilateral trade with the attacked ports would be affected)
In order to generate these results, a hypothetical cyber-attack was ‘launched’ against 15 major ports across China, Japan, Malaysia, Singapore and South Korea via a computer virus carried by cruise ships. In this admittedly extreme scenario, the virus then began to scramble all records held at the ports and due to the inter-connectivity of the maritime supply chain, severe disruption was caused ultimately leading to the report estimating global losses of up to $110 billion.
Lloyd’s went on to declare that just one major cyber-attack of this nature against Asia could cause a similar global economic loss to approximately half that caused by natural disasters in 2018.
The numbers involved are incredible, and they are surely only going to increase in size with the continuing growth and development of technology in the cruise industry?
The insurance aspects of the report notwithstanding, the real worry here is that cyber criminals are becoming ever more bold and ambitious, this a direct response to the fact that the cruise industry is more digitised than ever before both on-shore and off.
Indeed, cruise ships nowadays are often described as ‘cities at sea’, with more and more cruise lines now actively seeking to implement faster Wi-Fi and providing downloadable apps to enhance the customer experience, essentially helping people to feel like they are not a million miles away from the creature comforts of home – ironically at one time in the past a key USP for cruise holidays.
Technology is now so advanced that Royal Caribbean even have a check-in service on their app powered by – drum roll, please... – the dreaded selfie. This of course brings up all manner of IoT-related concerns for those with a cyber security background, whilst also illustrating how one negative side-effect of tech innovation is the fact that it paves the way for cyber criminals in-waiting.
The global economy might be ill-prepared for the scenario which unfurls in “Shen attack: Cyber risk in Asia Pacific ports”, but when it comes to cyber security in the cruise industry, there is a lot that cruise companies can do to ensure they themselves are more than prepared. For example, as part of theICEway ecosystem, we here at CRIBB Cyber Security have more than 20 years’ worth of experience in cruise and our brand new product, CRIBB Maritime Cyber Assurance (CMCA), benefits from every single one of those years.
You can read more about that here but in a nutshell, CMCA is an affordable alternative to ISO27001 that is recognised by the IASME Consortium, with the NCSC’s recent announcement on their partnership with IASME acting as proof (if it were needed) that our experts are always going above and beyond to make sure they have their fingers right on the pulse!
Those experts are more than happy to field any queries you might have so please do feel free to contact them and in the meantime, if you are feeling a sense of anxiety after reading this, just remember that we can only improve collectively once we have conducted research and carried out tests... Meaning that without reports like “Shen”, we would be in a much more precarious position.
CyRiM – The Cyber Risk Management project is a research project that tasks experts in their field with coming together to create an efficient cyber risk insurance market place.
IoT – The Internet of Things, the interconnection of various computing devices via the Internet which then enables them to send and receive data.
CRIBB Cyber Security can help with all your cyber security needs, with a range of products and services including Cyber Essentials, Data Protection Officer as a Service and more pertinently here, CRIBB Maritime Cyber Assurance (CMCA) for the cruise industry...