Nanyang Technological University in Singapore has just released a report examining the economic losses expected if Asian port systems, including several in China, were subjected to a major cyber-attack. This report did not assess the cyber vulnerabilities of Asian ports but rather postulated a major attack in order to calculate economic impact, with a focus on losses in the insurance industry. The report concluded that there could be direct and indirect losses as great as US$110 billion spread across the world.
Since the report assumed attacks on Chinese ports, Chinese media were examined to see what kind of attention this report gained in China. It was in fact picked up within a day of its publication by a site called Observer Network which translated major portions of the report and included illustrations from the original. This version was quickly repeated in several other online news services. The report separately made its way into Chinese media via articles written by a site called Security Reference and the trade journal Xinde Marine News, all within three days of the original publication.
While the topic was getting significant coverage in commercial media, no reflection of it was found in the Chinese government press. This may be due to a government reluctance to highlight even postulated cyber vulnerabilities as this might damage confidence in the government’s ability to protect the country from cyber threats.
Further examination of maritime industries media showed that there was already a general awareness of the cyber threat to maritime shipping prior to this report. Besides Xinde Marine News, trade journals such as SoFreight, International Shipping Network, China Ship Survey, and China Ship Services all have extensive sets of articles on the cyber threat. It is difficult to determine if this body of writings means defenses are in place or if the maritime industries are still in the process of gaining awareness on cyber vulnerabilities.
Figure 2. Cover of the CyRiM report
On 29 Oct 2019, the report “Shen Attack: Cyber Risk in Asia Pacific Ports” was published by Nanyang Technological University in Singapore. This report was billed as part of the Cyber Risk Management (CyRiM) project run by NTU’s Insurance Risk and Finance Research Centre, Cambridge University’s Centre for Risk Studies, the insurance companies Lloyd’s and Aon, plus other commercial partners. The report itself describes its purpose as follows:
“What would the impact be on the global economy and insurers if several ports in Asia-Pacific were forced to close as a result of a cyber-attack? This report seeks an answer to this question by exploring the impact of a hypothetical computer virus, Shen—from the Chinese mythological clam monster—used maliciously against a port management system which closes up to 15 ports across several Asia-Pacific countries.
“The scenario presents three variants of increasing losses, with all results reflecting low probability, high impact situations. The S1 scenario variant affects ports located in Japan, Malaysia, and Singapore. The S2 scenario variant adds The Republic of Korea to the affected countries of S1. The X1, scenario variant adds China, the world’s largest shipping export country, to the affected countries in the previous variants for a total of 15 ports affected.”
The key conclusions of the CyRiM report include:
- Economic damage to the world economy from a concerted cyber attack against these 15 Asian ports could range between $40 billion and $110 billion (in the most severe variant, X1).
- Economic losses mount from direct losses due in part to perishables and delayed delivery of goods, with most of the losses stemming from business interruption from port closures. Indirect losses flow through the global maritime supply chain reaching across the world.
- The sectors that suffer the heaviest direct and indirect economic losses are Transportation/Aviation/Aerospace, Retail, Manufacturing, and Real Estate/ Property/Construction. The impacts from port closures will be global.
- The international reach of port closures in China will be experienced throughout the world with the USA, Hong Kong, Japan, The Republic of Korea, and Vietnam suffering highest direct losses from the closures.
Because this report was done in cooperation with the Lloyd’s and Aon insurance companies, the conclusions ultimately focused on the impact on insurers in the maritime industries. The report concluded that the insurance industry loss would be about 9 percent of the total economic loss, highlighting high levels of underinsurance for this type of attack. It concluded that port operators would bear about half of the insured losses.
Red Sky Alliance conducted open-source research on Chinese-language media to assess whether the report was reflected in the Chinese press and how it was treated. As coverage of the report revealed the Chinese entities concerned with cyber security in the maritime industries, these were also reviewed to assess whether the topic was being treated seriously in China prior to the release of this report.
It should be noted that this report did not describe real malicious tools or assess the cyber vulnerabilities of the target networks. It postulated unidentified cyber criminals using a malicious tool and assumed all targets were vulnerable. It described an attack by a virus that originated in a shipping company’s cargo management software and corrupted its cargo manifests. The virus then moved into the port management system at the ship’s next port of call, working through the maritime supply chain by jumping from infected ships to port management systems and then to other ships. The limited objective of the report was to calculate the economic losses (and the insurance losses in particular) if such an attack were to occur.
Figure 3. Observer Network Logo
The initial coverage of the CyRiM report in China appeared at the news service website called Observer Network (观察者网) on 30 October (Beijing Time). This was an extensive article translated directly from the CyRiM report and included multiple illustrations from that report. The article, entitled “Report: Cyber Attack On 15 Asian Ports Could Lead To A Loss Of Up To US$110 Billion,” opened with the following text:
On October 29, a report lead by Nanyang Technological University and Cambridge University, with support from the Lloyd's insurance company in the UK, stated that if 15 ports in five Asian countries (China, Japan, Korea, Singapore, and Malaysia) encountered paralysis from direct cyber attacks, it could create as much as $110 billion in economic losses. The transport, manufacturing, and retail business sectors would sustain the most serious losses, with Singapore and Korea's transportation industries bearing the brunt. Indirect economic losses in the Asian region could be as high as $26 billion, followed by Europe ($620 million) and the USA ($260 million).
Figure 4. Chart from the CyRiM report as it appears in the Observer article (Chinese subtitles added by Observer Network)
The Observer article contained details translated straight from the CyRiM study. It was reprinted the same day on the Tencent (qq.com) news portal. It was then picked up verbatim by the Sina.com news site with the same time stamp but actually published the next day. The article was also copied at a number of minor news aggregator sites in China such as qeog.cn, pttnews.cc, and meitu211.com.
The CyRiM report came into China by a second channel, an apparently private network security enterprise called Security Reference (安全内参, www.secrss.com). Their article, published on 1 November and entitled “Major Cyber Attack On Asian-Pacific Ports Could Cause Losses Of $110 Billion,” covered the CyRiM report in roughly the same depth and included a link to Lloyds.com for downloading the original report. The text from this article was repeated more or less verbatim at Kanxue.com, a cyber security site with a hacker history. Excerpts from the Security Reference article were also found at general news sites such as Asia Register and Yunxi.
Figure 5. Xinde logo
Another reflection of the CyRiM report showed up on 2 November in a professional maritime transport journal called Xinde (信德, “Trust”) Marine News. The headline here was “One Cyber Attack Could Create $100 Billion In Losses For Asian Ports,” and it started with a focus on the insurance aspects of the report: “A Cambridge University research report said that critical insurance coverage is insufficient, and a cyber attack could force Asian ports to bear billions of dollars in losses.” This version was repeated at a transport industry site called Logistics (物流) and at general news websites such as Wangyi.
These instances of coverage of the CyRiM report over a period of a few days indicate moderate interest in its contents from both cyber and insurance points of view. The first coverage was within a day of the report’s release, and it spread across several media outlets in another day. Xinde Marine News seems to have been the only maritime industries portal to do its own reporting on the CyRiM report.
The search for coverage of the CyRiM report in Chinese media did produce one other notable result: there was no coverage found in Chinese government media. For example, a search for any reflections of the Shen attack at People’s Daily, the official Chinese Communist Party news outlet, returned no results. Likewise, searching for the Chinese term for Shen attack at any Chinese site with “gov.cn” in the address (a standard domain element for government websites) showed no references to the CyRiM report. Chinese English-language media were likewise silent about the CyRiM report. Searches at the Global Times and the China Daily websites for the terms CyRim or for Shen attack returned no results.
CHINA MARITIME INTEREST IN CYBER SECURITY
One remaining question about Chinese perceptions of the CyRiM report is whether the idea of cyber threats to maritime transportation or ports, is a familiar concept for the Chinese. A review of Chinese media for the maritime transportation industry showed that cyber security has recently been receiving attention in shipping industry media, but it is difficult from these media to know how seriously they consider or have responded to the threat.
Xinde Marine News, in particular, has carried an extensive series of articles on the cyber threat to the maritime industry over that last two years. Articles found include “Hackers Have Found A New Way to Attack The Shipping Industry,” “Hackers Altering Of Payment Accounts Has Created Millions In Losses For The Shipping Industry,” and “What Does Cyber Security Mean In The Shipping Industry?"
Figure 6. Sofreight logo
Another industry site called SoFreight (搜航网, literally “Freight Search”) has also carried many articles on cyber threats, with titles in the last two years such as “Why Has The Shipping Industry Become Such A Preferred Target For Hacker Attacks?” and “Having Seen Hacker Attacks Over And Over, Shouldn’t The Shipping Industry Decide That Network Security Is A Critical Weak Spot?” In late 2018 this site also reported in detail on overseas cyber events such as the hack conducted against the Port of San Diego.
Similar articles were found at several shipping industry websites. The Chinese website International Shipping Network (www.eworldship.com) carried the largest volume of cyber security articles, followed by China Ship Survey (cssponline.com) and China Ship Services (cnss.com.cn). Some articles disseminated security guidelines such as “Evaluation Guide for Maritime Network Systems Requirements And Cyber Security” (2017) and
"Risk Assessment Method for Maritime Network Security" (2019).
Again, it is difficult to assess whether the articles found reflect serious effort in the shipping industry on the cyber security problem or if the articles just highlight the problem while security fixes remain neglected. Some publications show surprisingly little interest in the topic. For example, a look at articles on port security at Chineseport.cn over a three-month period in 2019 showed only one of 39 articles were on cyber security.
The coverage of the CyRiM report in China was all a type: exposition without commentary. The report was neither endorsed or critiqued; it was just recapitulated. No argument was made against the assumption of cyber vulnerability for the Chinese or other Asian ports. No defense was mounted about the strength of Chinese cyber defenses.
This approach is not unusual for Chinese media when drawing on foreign sources. Unless there is a political issue, the important thing appears to be to pull the information into the Chinese language environment and make it known in their world.
It is curious that, despite Chinese commercial news services picking up on the CyRim report, official media has remained silent about it. This may reflect an official position that talking about Chinese port vulnerabilities would not be conducive to confidence in the government or to economic stability.
Contact Red Sky Alliance for more information: 603-606-1246, or firstname.lastname@example.org.
Link to Full Report PDF: IR-19-323-001 Chinese Coverage of CyRiM Report 191119.pdf