When the Chartered Institute of Purchasing & Supply released its Risk Index for the for the first quarter of this year, it highlighted the conflict between Ukraine and separatist rebels in the east of the country which was hindering both physical and digital supply chains.
In a prescient statement, it said: “A power cut in Kiev in December 2016 is now widely believed to have been the result of a cyber-attack…”
Last week on 27th June, the Ukraine was hit by a massive cyber attack, named Petya, on government and corporate networks that quickly spread to hit supply chains globally.
Maersk, the world’s largest container shipping line, was the most notable casualty, as its booking systems were knocked out. It accounts for some 16 per cent of all the containers moved in the world so the potential impact on retail and manufacturing supply chains is huge.
The TNT network was also affected, though not parent company FedEx.
Other corporations hit by Petya included Mondelez, parent of Cadbury’s, and WPP, the world’s largest advertising and PR company.
There has been discussion in the IT community about the exact nature of this attack. At first sight, it appeared to be a “ransomware” attack and those affected reported seeing a screen demanding payment for restoration of service.
However, some security professionals have argued that this is an out-and-out cyber attack designed to destroy or damage networks for political reasons.
Whichever of these alternatives proves to be correct, it will have profound implications for managing risk in the supply chain.
The scale and speed of the attack has been shocking and the potential for disruption has been enormous. The evidence, so far at least, is that the disruption to supply chains has been contained.
However, it would be foolish to assume that this will be the last such event. The lessons of Petya need to be learned and IT security across supply chains improved.