Maersk took just 10 days to replace 45,000 PCs wiped by NotPetya attack

  • Liam Tung (CSO Online)
  • 26 January, 2018 09:40
Maersk chairman Jim Haggeman Snabe: "we had to reinstall our entire infrastructure"
Maersk chairman Jim Haggeman Snabe: "we had to reinstall our entire infrastructure"

AP Moeller-Maersk, the world’s biggest shipping container company, has revealed the gigantic effort it undertook to recover from the June NotPetya cyber attack and lessons from having "average" cybersecurity. 

Speaking at the World Economic Forum in Davos on Wednesday, Maersk chairman Jim Haggeman Snabe recounted being woken by a call at 4am and told it had been struck by a cyber attack he would eventually learn had flattened its IT systems. 

In the weeks after the attack, Maersk revealed the extent of damage as it informed customers about systems being restored, including email, invoicing, systems for sharing shipping rates, online track and trace, and customer service phone lines that its transport and logistics operations depend on. 

“The impact of that was that we basically found that we had to reinstall our entire infrastructure. We had to install 4,000 new servers, 45,000 new PCs, 2,500 applications and that was done in a heroic effort over 10 days,” he said.

“Normally — I come from the IT industry — I would say it would take six month. It took 10 days,” said Snabe in a nod to his former role as SAP’s co-CEO. 

It would be a long 10 days for the company, which manages a network of ships that dock at ports around the world every 15 minutes each bearing 10,000 to 20,000 containers.

“Imagine a company where you have a ship that comes into a port every 15 minutes and for 10 days and you have no IT. It’s almost impossible to even imagine,” he said. 

But according to Snabe, “human resilience” helped the company navigate the tech blackout with surprisingly little disruption.  

“We only had a 20 percent drop in volumes so we managed 80 recent of that volume manually and customers were great in contributing to that,” he said.  

Many security researchers came to the conclusion that NotPetya was a Russian attack aimed at Ukraine organizations. Initial infections spread through a compromised update from MEDocs -- one of two accounting packages that firms doing business in Ukraine must use. 

Though NotPetya may have been intended for Ukraine businesses, it rapidly spread through networks of several global firms that have offices in the country, including Maersk, Merck, FedEx, Mondelēz International, and others. In August, Maersk reported the attack wiped $250 million to $300 million off its earnings. Known damages to others impacted by it exceeded $1 billion. 

Snabe said the company was “probably collateral damage of a state-attack situation”. 

With the incident in the rear view, Snabe said Maersk had drawn important lessons from the incident, including the pitfalls of management being "naive" about cybersecurity. 

“This was a very significant wake up call for AP Moeller Maersk. We could say a very expensive one… Yet I argue that it was a very important wake-up call,” he said.  

At the time of the attack Maersk had “basically average” cybersecurity management, but post-NotPetya it’s aiming to turn its learnings into a competitive advantage. 

“It is time to stop being naive when it comes to cybersecurity. I think many companies will be caught if they are naive. Even size doesn’t help you,” he said. 

He also warned that upgrading cybersecurity capabilities was a matter of urgency because of the growing dependence on the internet, autonomous technology, and electronic documents. Earlier this month Maersk announced a new blockchain joint venture IBM to create a digital trading platform that will replace document-based systems for tracking cargo and exchanging shipping information.       

In a few years, human resilience probably won’t cut it in a similar incident, he said. 

“The next level of dependency is everything will be digital — all the documents will be digital, the boats will be autonomous and hence the criticality of the infrastructure becomes even more urgent and you cannot overcome with human resilience anymore.”

Given the rapid adoption of these new technologies, he called for “a radical improvement of infrastructure and understanding and a collaboration between companies, tech companies, and law enforcement.”