The 2017 AP Moller-Maersk cyber-attack showed how vulnerable ports, shipping and terminals are in an age of cyber-reliance. NotPetya malware infected Maersk’s systems and shut down every laptop and mobile device connected to it within seven minutes.
The attack affected 76 ports, 800 vessels, tens of millions of tonnes of cargo and reportedly cost the company an estimated $300m.
It could have been an awful lot worse, but fortunately Maersk effectively managed and recovered from this malicious attack.
Increased automation and growing use of autonomous systems have brought untold benefits to intermodal transportation, but they also magnify risk and liability. So what does this mean for companies, and what should they be doing to mitigate the risks?
The issue of how to optimise productivity at ports and terminals has never been greater. The impact of mega-ships — with capacities of up to 24,000 teu — combined with the effects of Covid-19, which has concurrently reduced workforces and increased volumes, has greatly increased dwell times and delays in the supply chain.
Automation helps and most ports are familiar with automated handling systems. Increasingly, we are seeing the adoption of autonomous systems. Equipped with sensors such as cameras, radar and LiDAR and guided by machine-learning algorithms, cranes and guided vehicles are able to operate in a changing, dynamic environment.
These machines recognise patterns and experiences and adapt behaviour to suit.
The benefits to all of this are obvious. Operations can be continuous, employees are protected from dangerous tasks and efficiency is maximised. Further, there is greater visibility of the supply chain as real-time container status allows cargo flow to be optimised.
Since everything runs on data, there are many insights that can be used both to improve productivity and reduce operational costs.
As always, there are downsides too, though, and these are not limited to the high set-up costs.
Firstly, all that data — and all that machinery — is now vulnerable and not only to malicious action. Machines are brilliant at many things, but they are not good at processing new or unexpected information.
When presented with a new situation or an emergency, a human being will try to deal with the situation; find help, help others or solve the problem. A machine can only stop working and this can in itself be a catastrophe. It can be made exponentially worse if automation has led to a process known as de-skilling, by which highly skilled labour is eliminated by the introduction of new technologies.
The question then becomes how to account for liability when things go wrong?
The main impact of automated and autonomous systems on liability will be the introduction of new potential parties to claim damages from, such as for example software and IT providers, equipment manufacturers and telecommunication and connectivity infrastructure providers.
Ultimately, liability will be determined by the relevant contractual terms entered into with stakeholders and users of the port.
How, then, can port operators best limit their liability?
The first step is to understand the potential risks. As well as malicious action, there is potential for incidents caused by poor systems maintenance, inadequate design or insufficient procedures. The complex eco-system of ports may mean numerous teams are responsible for maintaining and securing data and different systems and this is not necessarily done consistently.
Security by design is essential for defence, but it is also important to recognise that at some point it will fail. It is essential to have plans in place which are immediately activated in the event of a breach, incident or threat. As we learned from the Maersk experience, every minute counts.
As a controlled environment, ports provide ideal conditions for the development of ever more sophisticated automated and autonomous systems. The automation of ports offers exciting opportunities to increase efficiencies, while protecting the workforce not only from dangerous tasks, but also from current and future threats such as Covid.
As the technology continues to change and develop, so will the legal frameworks surrounding it and companies will need to continue to develop plans to mitigate their risks and exposure.
Dr Jo Pattinson, automated systems consultant, and Ton van den Bosch, partner, both work at international law firm Addleshaw Goddard
Do you have an opinion to share? Email: news@tradewindsnews.com
