The report “Shen attack: Cyber risk in Asia-Pacific ports” presents a hypothetical scenario on what could happen if a virus attacked a number of ports in the region from an insurer’s perspective and how the ports’ operations would be affected. The scenarios are based on the “Shen Attack”, which was firstly issued by the University of Cambridge Centre of Risk Studies (CCRS) as a fictionalized account of a catastrophic cyber event targeting the maritime industry.
Under the possibility that several Asia-Pacific ports would close because of a cyber attack, the report highlights that it would disrupt operations, and lead to economic losses, as it has already happened in other ports.
Although many are the ports that have been hit and affected by cyber attacks, an attack on systemic vulnerabilities across ports on this scale has never been seen.
Yet, the ageing shipping infrastructure along with the complexity of the supply chains makes the shipping industry prone to attacks and more vulnerable. The report presents three variants of increasing losses with all results reflecting low probability,high impact situations.
The S1 scenario variant affects ports located in japan, Malaysia and Singapore.
The S2 scenario variant adds the Republic of Korea to the affected countries of S1.
The X1 scenario variant adds China to the affected countries in the previous variants for a total of 15 ports affected.
Direct economic losses after an attack:
- Port closures in Japan will directly affect the USA, China, the Republic of Korea, the Republic of China and Hong Kong special administrative region of the people’s of republic of China.
- Malaysia’s top maritime trading partners, Singapore, China, the USA, Japan and Thailand will be affected by any restriction to day-to-day shipping functions.
- The closure of Singapore’s port will affect China, Hong Kong, the USA, and Indonesia.
- The shut down of ports in the Republic of Korea will affect China, the USA, Vietnam, Jong Kong and Japan.
Indirect economic losses:
Although “Shen virus” has negative impact in the Asia Pacific region, economic losses are seen and experienced globally because of the global nature of the maritime supply chain.
Insurer’s Lloyd’s report highlights that all the indirect losses are estimations; Although they have been extensively modelled, they are not modelled through all levels of the supply chain.
Although that technology has improved the maritime industry, the ageing of ships still remains a challenge. Many vessels sailing in the sea are more than 30 years operable, and were not designed with cyber features.
The report adds that the current insurance gap for the marine industry were 92% of the economic losses in the extreme version of the scenario are uninsured. Yet, there are also opportunities for insurers to grow their business in the insurance classes associated with the shen attack scenario.
For instance, Asia is one of the most fast-growing markets on cyber insurance matters. Specificlaly, the market experienced a 87% rise in cyber insurance take-up rates in Asia in 2017.
#How the virus works:
The study notes that the virus originates in a ship management company’s cargo management software, affecting the cargo manifests of the ships it manages. Then, it works its way through links in the port management system supply chain to disrupt the first port of call for each of the infected ships. Once the attacked cargo documents are opened in destination ports, the virus spreads through the port’s cargo management network.
Following, the time the vessel calls its destination port, the management services and logistics companies linked with each port authorities are infected. The data base records are seriously attacked, making managers shut down all port operations in order to manually sort through and identify cargo contents, spoiling perishable goods, and losing revenue from business interruption.
The report highlights that the Shen attack is not a prediction of the future, but it is a hypothesis in understanding the holistic effects of a catastrophic malware event.
To explore more click on the PDF herebelow
