Collateral damage from a wave of cyberattacks targeting Ukrainian government websites may disrupt shipping lines and logistics firms, perhaps reigniting the worst of last year’s supply chain chaos.
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning American businesses to brace for the collateral effects of another round of cyberattacks as Russia ramps up hostilities against Ukraine. History suggests Russian hacks will not stay within the borders of the former Soviet republic.
After Russia annexed the Crimean peninsula in 2014, Russian hackers used malware to create power blackouts across Ukraine in the dead of winter in 2015 and 2016. Then Kremlin-backed hackers launched the NotPetya attack in 2017 sweeping up thousands of unrelated companies around the world and inflicting $10 billion worth of indiscriminate economic damage, mostly outside Ukraine. Among the victims were Maersk, the world’s largest shipping line, and FedEx’s European subsidiary TNT Express.
US and European officials are once again blaming Russia for renewed cyberattacks in Ukraine, a key part of Russia’s efforts to destabilize the former Soviet republic, but this time there is little slack in the world’s supply chains to absorb disruptions. Unlike 2017, freight and logistical operations are near capacity. Shipping lines are still not running smoothly. “A similar cyber-attack [to the 2017 NotPetya attack] could have a devastating effect on global supply chains,” said Lars Jensen, CEO of the shipping consultancy Vespucci Maritime, at a Feb. 14 supply chain conference hosted by Freightwaves.
A major disruption to shipping lines, trucking fleets, and last-mile delivery companies today would have far greater consequences, putting the world on track to relive some of the worst supply chain disruptions of 2021. In a worst-case scenario, current backlogs at ports could continue unabated until the end of the year, growing more acute as the holiday shopping season once again strains supply chains, leading to high freight costs that exacerbate inflation.
Five years ago, Russian hackers accidentally created one of the largest and most damaging cyberattacks of all time when it launched the NotPetya attack to disrupt Ukrainian infrastructure. The malware quickly leaped from a popular Ukrainian tax filing software to computers across the country and eventually businesses outside of Ukraine, inadvertently paralyzing US and European supply chains.
Maersk was among the hardest hit. The attack completely shut down Maersk’s computer networks for two weeks, leaving the world’s largest fleet of container ships unable to accept new bookings and bringing activity at 17 Maersk-controlled ports to a standstill. Maersk estimates the paralysis created $300 million in economic damage. FedEx lost $400 million when the virus infected TNT Express’s computers and its European shipments were paralyzed.
But security officials now also worry about Russian hackers directly targeting key US and European companies in retaliation for economic sanctions. Such an attack could cripple global supply chains still recovering from the chaos of 2021. Ports and warehouses need months to clear out massive backlogs before shipping demand picks up again in September before the 2022 holiday season. Any disruption now might stall those efforts, leaving the world facing the same high prices and shipping delays again.