Back to the drawing board
Last week’s massive cyber attack by the Ransomeware WannaCry is a real wake up call for the shipping industry. With over 200,000 individual computers known to have been affected in 150 different countries it would seem that these days no corporate or individual system is safe. The attack locked down the computers and demanded the quite trivial sum of $300 for their release. Arguably the biggest problem was caused to the UK’s National Health Servcie and resulted in cancelled operations and appointments as patient records could not be accessed. Elsewhere, the Russian Interior Ministry, FedEx, railway systems, the Spanish telecom giant Telefónica, and the French automaker Renault were all affected to some degree. This attack was apparently activated by users clicking on email attachments but this year alone there have been other instances where printers and other connected network devices have been the source of attacks during firmware upgrades. Discussing the issue on UK TV, one IT specialist said that the problems could easily have been avoided if the operating systems on the computers affected had been regularly updated – a service that is offered free by software providers. The specialist also said that many corporate IT departments often overlooked this simple task. Whether that is true or not of all companies it is something that shipowners, operators and indeed any other organisation or individual to be fully aware of. Redundancy of ship equipment is something that in recent years has become desirable or even mandated for but in the IT field, many organisations have come to rely on a single system. It may be backed up frequently allowing for a restart from an earlier point but from personal experience this can sometimes take several hours to achieve. In a large number of shipping organisations, key members of staff work in the field using tablets, laptops or even smart phones and have their equipment updated by head office only infrequently. If the information they need to access is held on a remote server or cloud rather than on the device itself, they may have the possibility to access it using a second device but that may not always be possible. The question of cyber attacks is something that is only just getting mass exposure in the shipping sector and while there may be plenty of consultants willing to offer their services, some shipowners are happily expanding their networks ashore and at sea without giving much thought to the issue. Maybe it is time they now thought a little more about the problem. We have all got used to the ease of accessing documents on a screen when necessary and paperless offices are now in vogue. But in the recent attack, in order to bypass the problem of not being able to access operating lists and keeping track of patients, some of the UK hospitals affected found it necessary to revert to pen, paper and photocopiers. It may seem a retrograde step but perhaps, keeping hard copies of important documents such as charter parties or Bills of Lading in offices or the manuals for ships’ machinery on board may be a good idea.