Following the massive after-effects of the faulty CrowdStrike update, we take a look at the lessons learned so far in this ongoing situation.

What Happened? 

On July 19, a faulty software update from cybersecurity technology company CrowdStrike affected approximately 8.5 million Microsoft devices globally causing chaos across multiple industries globally as key systems were disabled. The faulty software update only impacted Microsoft because the update for CrowdStrike’s enterprise security platform was specifically designed just for the Windows operating system. The update caused a ‘logic error’, leading to widespread system crashes and blue screens of death (BSOD).

The worst cyber event in history (so far), it has surpassed the scale of the 2017 WannaCry attack and highlighted significant vulnerabilities in modern cybersecurity frameworks.

What Is CrowdStrike? 

CrowdStrike, founded in 2011 and headquartered in Texas, provides the Falcon platform, a cloud-based endpoint protection solution used by large businesses and organisations globally.

Lessons Learned from the CrowdStrike Event 

Although (at the time of writing this), some of the after-effects are still being felt, the scale and severity of the event have already taught us some valuable lessons. For example:

– Businesses may have an over-reliance on the Cloud. The CrowdStrike incident has starkly highlighted our over-reliance on cloud services. Many businesses have embraced the cloud for its scalability, cost-effectiveness and convenience, often integrating critical operations and data storage into cloud platforms. However, this event demonstrated the potential risks of depending heavily on a single cloud provider or a homogeneous cloud environment.

– A re-evaluating of business cloud strategies may now be necessary. For example, the disruption caused by the faulty update has already led to some reconsidering their cloud strategies. Many businesses are now re-evaluating their cloud-first approaches to avoid single points of failure. Strategies being reported include moving away from a platform-centric approach to a more tailored, nuanced strategy which balances performance, costs, and security, and enhances efficiency and reduces risk. Also, adopting workload-specific strategies and determining the best platform for each application, e.g. a private cloud, industry cloud, on-premises data-centres, or a multi-cloud architecture, may now be a more attractive and less risky strategy.

Broadly speaking, building resilience through diversity (e.g. diversifying cloud providers and also implementing hybrid and multi-cloud strategies) plus ensuring all eggs aren’t just in one basket may now be the way forward (controversially) for some businesses. This approach could mitigate the risks associated with single points of failure, ensure greater operational continuity, perhaps even reduce (long-term) costs, and hopefully contain any cloud chaos in future.

– There is a need for rigorous software testing. The CrowdStrike incident emphasises the critical importance of thorough testing before deploying software updates, especially on a Friday! This event demonstrated that even minor configuration changes could have catastrophic consequences if not properly vetted. Comprehensive testing protocols must now be implemented to prevent such incidents from occurring in the future. Robust incident response plans are necessary. Businesses need to ensure they have comprehensive strategies in place to quickly address and mitigate the impact of IT failures. This includes regular drills and updates to incident response protocols to stay prepared for various scenarios.

– Enhanced employee security training and awareness is important. Increased vigilance against phishing and other cyber threats is crucial in the aftermath of such incidents. Businesses must invest in continuous employee training to recognise and respond to cybersecurity threats effectively. This proactive approach can significantly reduce the risk of successful cyberattacks exploiting the situation. For example, some of the reports of how cyber-criminals have already taken advantage of the situation include:

– Phishing campaigns, pretending to offer fixes and updates for the CrowdStrike-related issues. These campaigns are aimed to trick users into clicking on malicious links, leading to malware infections. The US The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) reported that it had “observed threat actors taking advantage of this incident for phishing and other malicious activity”. People have been advised to avoid clicking links in any text or email related to the CrowdStrike or Windows disruption.

– Setting up fraudulent websites claiming to provide legitimate updates and solutions. These sites were designed to distribute malware under the guise of providing help. For example, cybercriminals distributed ZIP archives with names like “CrowdStrike-hotfix.zip” containing the HijackLoader payload (which loads malware) and was reportedly aimed at users and CrowdStrike customers in Latin America.

– Initiating ransomware attacks, taking advantage of the disruption.

– Stealing data. In some cases, attackers have exploited vulnerabilities exposed by the disruption to infiltrate systems and steal sensitive data, compounding the damage caused by the initial outage

– Continuous and transparent communication makes a big difference in a crisis. CrowdStrike’s swift communication and deployment of a fix were crucial in managing the incident’s fallout. Transparent and continuous updates helped affected organisations understand the issue and implement necessary measures. This event highlights the importance of maintaining open lines of communication between cybersecurity firms and their clients during crises to ensure timely and effective responses.

– Be cautious with third-party services. The CrowdStrike incident underscores the critical risks associated with relying on third-party services. Businesses learned that dependency on external providers for crucial functions can lead to widespread disruptions if those services fail. The incident highlighted the necessity of rigorous vetting processes to ensure third-party providers meet high security and reliability standards. Continuous monitoring and regular audits are essential to identify and mitigate risks promptly.

Diversifying service providers can reduce the risk of a single point of failure, enhancing overall resilience. Companies should ensure contracts with third-party providers include stringent security requirements and clear terms for liability and incident response. This approach helps maintain control and oversight over outsourced services, safeguarding operations and data integrity against potential vulnerabilities introduced by external partners.

Why Was The Aviation Sector So Badly Affected? 

The aviation sector experienced severe operational disruptions. Thousands of flights were cancelled or delayed, affecting major airports worldwide. The aviation and travel sectors were heavily affected by the CrowdStrike issue due to their reliance on real-time IT systems for critical operations. The system crashes disrupted flight scheduling, booking, and check-in processes, leading to thousands of cancellations and delays. Additionally, the outage compromised safety and security monitoring systems, exacerbating the operational chaos and inconvenience for passengers.

Why Was The Healthcare Sector Also Badly Affected? 

Hospitals and healthcare systems faced critical disruptions, delaying clinical procedures, and impacting patient care. The incident forced many institutions to revert to manual processes, highlighting the vulnerability of healthcare systems to IT failures. Healthcare and hospitals are particularly vulnerable to IT issues like the CrowdStrike incident (and cyberattacks) due to their reliance on IT systems for critical patient care functions, such as electronic health records (EHRs), medical devices, and communication systems. Also, the complex IT infrastructure in hospitals, often a mix of legacy and modern systems, creates additional vulnerabilities, as securely integrating these diverse systems is challenging.

This event demonstrates the urgent need for healthcare providers to invest in robust IT infrastructure and emergency protocols to ensure patient safety and continuity of care during technological crises.

What Does This Mean For Your Business? 

The CrowdStrike incident is a stark reminder of the inherent vulnerabilities in modern cybersecurity frameworks and the critical importance of robust IT management strategies. For businesses, the event offers many lessons, such as the need for rigorous testing and validation processes for all software updates. Ensuring that updates are thoroughly vetted before deployment can prevent similar catastrophic failures in the future.

Also, the incident highlights the necessity of developing comprehensive contingency plans to maintain operational continuity during IT disruptions. Businesses should conduct regular drills and update their incident response protocols to prepare for various scenarios, ensuring they can quickly address and mitigate the impact of unexpected failures.

The extensive disruption across various industries illustrates the interconnected nature of modern business operations and the potential widespread impact of a single point of failure. Businesses should, therefore, take a good look not only their own cybersecurity measures but also closely scrutinise and manage the cybersecurity protocols of their service providers and partners. This includes implementing stringent vetting processes, continuous monitoring, and regular audits of third-party services to ensure high security and reliability standards are maintained.

The legal and financial ramifications of such events also cannot be ignored. The anticipated lawsuits and claims for damages resulting from operational disruptions and customer inconvenience could set significant precedents, influencing future legal standards and liability expectations in the cybersecurity sector. That said, many businesses in the aviation and travel sector may decide to risk arguing that this was an exceptional event, thereby hoping to limit their legal/financial liabilities. Businesses may, however, need to enhance their insurance coverage and legal strategies to mitigate potential similar risks in the future.

Also, the increased risk of cyber-attacks following this incident (and other incidents in the past) should prompt businesses to heighten their vigilance against phishing and other cyber threats. The surge in CrowdStrike-themed phishing websites, for example, demonstrates the opportunistic nature of cybercriminals. Businesses must ensure their employees are well-informed and equipped to recognise and respond to these threats, investing in continuous security training and awareness programs.

While the disruption caused by CrowdStrike’s software update was not a cyber-attack, it nonetheless highlights the need for comprehensive cybersecurity strategies. Businesses that learn from this incident and proactively strengthen their cybersecurity frameworks will be better positioned to navigate the complexities of the digital age and safeguard their operations against future disruptions. By diversifying their cloud dependencies, implementing robust incident response plans, and maintaining stringent oversight of third-party services, companies can build a more resilient and secure operational environment.

Following the State Opening of Parliament, the King’s Speech on 17 July included news of significant new legislative proposals to address cybersecurity concerns, focusing on supply chain risks, particularly in the public sector, and improving incident reporting.

What Concerns and Risks? 

The kinds of concerns and risks the new legislation has been drafted to tackle are essentially those that come from the public sector’s extensive reliance on interconnected systems and digital services. For example, public sector organisations (including healthcare, local government, and infrastructure services) manage vast amounts of sensitive data and provide essential services to the population. This, therefore, makes them prime targets for cyber-attacks, which can disrupt critical functions and compromise personal information.

Recent cyber incidents, such as the ransomware attack on Synnovis (a pathology partnership between SYNLAB, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust), have highlighted the vulnerabilities within public sector supply chains. The Synnovis attack (in June), for example, led to significant disruptions in healthcare services, delaying thousands of outpatient appointments and elective procedures in major hospitals. The particular vulnerability of supply chains is illustrated by recent research from Security Scorecard which showed that a staggering 29 per cent of all breaches in the last quarter of 2023 were the result of a third-party attack vector, i.e. cyber criminals gaining unauthorised access to an organisation’s systems or data by exploiting vulnerabilities in its suppliers, vendors, or partners.

As noted by the UK government within the supporting documentation for the King’s Speech: “Over the past 18 months, hospitals, universities, local authorities, democratic institutions, and government departments have been targeted. These attacks highlight the vulnerability of our essential services, with severe consequences observed in sectors like the NHS and the Ministry of Defence”. 

What New Legislation? 

As one of 40 bills announced by King Charles III in his speech, the ‘Cyber Security and Resilience Bill’ is being introduced to tackle the public sector’s reliance on interconnected systems and digital services. This new legislation is designed to address this challenge by expanding the scope of cybersecurity regulations to cover more digital services and supply chains within the public sector to ensure that public organisations implement necessary security measures to protect against cyber threats.  To give a brief overview of what’s being suggested, the key points of the Cyber Security and Resilience Bill are:

– Expansion of regulations. The bill broadens the scope of existing cybersecurity regulations to include more digital services and supply chains, addressing vulnerabilities in critical infrastructure.

– Empowerment of regulators. It provides regulators with enhanced powers to enforce cybersecurity measures, including the ability to investigate potential vulnerabilities proactively.

– Protection of the public sector. The legislation aims to safeguard essential public services such as healthcare and defence, which have been targets of significant cyber-attacks in recent years.

– Cost recovery mechanisms. The bill introduces cost recovery mechanisms to ensure regulators have sufficient resources to enforce cybersecurity measures effectively

Increased Incident Reporting Too 

Also, the ‘Cyber Security and Resilience Bill’ mandates increased incident reporting, which is crucial for improving the government’s response to cyber-attacks. For example, it requires organisations to report a wider range of cyber incidents.

This is because enhanced reporting is likely to improve the government’s ability to identify, mitigate, and respond to threats more effectively, thereby reducing the risk of widespread disruption.

Overall, the bill is designed to address the pressing need to strengthen cybersecurity across all sectors, particularly focusing on the interconnected nature of modern supply chains.

Criticism

Although the need for such legislation is clear and is likely to be welcomed, some critics have suggested that it should have happened sooner – it’s the first time cybersecurity legislation has been updated in six years, and it may only just bring the UK up to speed with current threats. Also, with the rate at which new threats are advancing, the legislation is unlikely to fully address all vulnerabilities.

What Does This Mean For Your Business? 

For businesses, the introduction of the Cyber Security and Resilience Bill represents a challenge and an opportunity. The new regulations will require companies (particularly those involved in supplying public sector organisations) to bolster their cybersecurity measures. This means that businesses will need to review and potentially upgrade their existing security protocols to meet the expanded regulatory requirements. Ensuring compliance will also be crucial to avoid penalties and to maintain the trust of public sector clients who are increasingly vigilant about their cybersecurity posture.

The emphasis on enhanced incident reporting is another critical aspect that businesses must prepare for. Organisations will need to establish or refine their reporting processes to ensure that all significant cyber incidents are promptly and accurately reported to the relevant authorities. This increased transparency will not only aid in the collective defence against cyber threats but also help businesses understand the evolving threat landscape, allowing them to adapt and improve their security measures proactively.

Also, giving greater power to regulators means that businesses are likely to need more rigorous inspections and enforcement actions. This could involve regular audits and compliance checks, and the need for a continuous commitment to maintaining robust cybersecurity practices. While this may require additional resources and investment, it also presents an opportunity for businesses to strengthen their defences against cyber-attacks, thereby safeguarding their operations and reputation.

The legislation’s focus on securing supply chains also highlights the importance of third-party risk management. Businesses will need to ensure that their suppliers and partners adhere to high cybersecurity standards, as vulnerabilities within the supply chain can have severe repercussions. Implementing stringent vetting processes and regular security assessments for third parties are likely to be essential to mitigate these risks.

To conclude, while the Cyber Security and Resilience Bill introduces new obligations, it also provides a framework for businesses to enhance their cybersecurity resilience. By embracing these changes and proactively strengthening their defences, businesses can protect themselves against the growing threat of cyber-attacks and maintain their competitive edge in an increasingly digital economy.

Swiss app company Proton has introduced ‘Proton Scribe,’ an AI-powered private writing assistant that writes and proofreads emails for you.

Why? 

Proton says that with most of us sending emails daily, finding the right words and tone can be time-consuming. Also, other popular email programs process data on remote servers, thereby posing a risk that as data is transmitted over the internet and stored on external servers, it may be susceptible to breaches, hacking, or unauthorised access. In addition to these risks, many people use online grammar checkers or AI assistants to help compose and edit emails which can be risky in terms of sensitive company or customer data potentially being shared, misused, or used to train language models.

Advantages 

Here are some ways that Proton boasts this new smart, privacy-first writing assistant (built into Proton Mail) tackles these challenges :

– The AI element helps users to compose and improve email drafts, thereby saving time. Proton says that the ability to use the AI to hone drafts means that the end result emails are “professional and polished – even if your first language is not English.” 

– It can be run locally, so user-data never leaves the user’s device, thereby enhancing privacy and data security.

– Scribe doesn’t train on the user’s inbox data (because this has zero-access encryption), and nothing that a user types into Scribe is logged or saved.

– The company had previously developed its own internal AI models (using an independent internal team) and the learning from this has been used to help create Scribe.

Open Source Too 

Proton Scribe is also open source and therefore available for independent security and privacy audits.

Who Can Use It? 

Scribe is available for a full-use-trial by Proton customers. For example, Proton says customers on Mail Essentials, Mail Professional or Proton Business Suite plan can try Scribe by opening their email composer and clicking on the pencil icon. Scribe is also included free as part of Visionary and Lifetime subscription plans.

How Does It Work? 

To use Scribe, it’s a case of opening it in Proton Mail composer, clicking on the pencil icon and typing, and then using the Shorten or Proofread options to improve email drafts so they’re free of typos and grammatical errors. For writing to an important client or formal institution, users can improve the tone of their email with the Formalise option before refining, editing, and sending it.

Challenge To Google & Microsoft? 

Some commentators have noted how with Proton recently unveiling Proton Docs (its privacy-focused alternative to Google Docs) and now Scribe following Google’s inclusion of its Gemini chatbot in Gmail, Proton could be seen as a more privacy-focused challenger to Google (and Microsoft) in these areas.

Alternatives Available 

It should also be noted here that Scribe is not the only privacy-focused, AI-powered email writing assistant available. For example, others include Flowrite (a tool that integrates with email and messaging platforms), Compose AI (as a free Chrome extension), and Mailbutler which works with Gmail, Outlook, and Apple Mail.

What Does This Mean For Your Business? 

The introduction of Proton Scribe is a sign of a shift towards ensuring privacy and efficiency in email communication for businesses. By integrating a privacy-first AI writing assistant directly into Proton Mail, Proton’s customers can now enjoy the benefits of AI-driven email composition without compromising on data-security. As noted above, it’s Proton Scribe’s local operation that helps ensure that sensitive information remains on the user’s device, purportedly mitigating risks associated with data breaches, hacking, and unauthorised access often associated with remote server processing.

For businesses, this kind of tool could mean a substantial reduction in the time spent on drafting and proofreading emails, allowing employees to focus more on core tasks. In Scribe’s case, the AI’s capability to refine drafts into professional and polished messages (even for non-native English speakers) appears to be a fast and easy way to significantly enhance the quality of business communications. This could, of course, lead to improved client interactions and more effective internal communications, thereby delivering significant value to users of Scribe.

Also, at a time when there are privacy and security concerns about generative AI models, the assurance that Proton Scribe does not log or save user inputs and does not train on users’ inbox data (due to zero-access encryption) provides an additional layer of security and reassurance. This could prove very valuable for companies handling sensitive client information, as it ensures that no data is inadvertently shared or misused.

Proton is also keen to demonstrate its commitment to transparency through open-source availability which allows for independent security and privacy audits, further establishing trust with businesses concerned about data-integrity and security. These features of Scribe could position Proton as a serious contender in the market, offering a robust alternative to established players like Google and Microsoft, especially for those prioritising privacy.

With other privacy-focused AI tools like Flowrite, Compose AI, and Mailbutler also available, businesses now have multiple options to enhance their email productivity while safeguarding their data. However, Proton Scribe’s seamless integration into Proton Mail and its strong privacy features may offer a unique edge for businesses already invested in the Proton ecosystem.

Following CrowdStrike’s faulty update only affecting Microsoft Windows systems (because the update was specific to the Windows operating system), it’s been reported that Microsoft claims that an agreement with the EU means it’s not allowed to protect its operating system (OS) in the same way as Apple. The agreement with the EU relates to Microsoft not being able to give its own security software an unfair advantage over third-party apps.

Following a complaint (antitrust) to the European Commission in 2009, Microsoft says it agreed to give security software makers the same level of access to Windows that Microsoft itself gets. This, says Microsoft, contrasts with Apple’s situation.

Although Apple doesn’t allow security apps to have the same deep-level access to its OS, the macOS does the same type of monitoring as CrowdStrike for itself.

However, critics may say that CrowdStrike’s tools can’t operate at the same depth on a Mac as they can on Windows because Apple’s Endpoint Security Framework prevents it from doing so. Microsoft could have taken the same approach. Also, it could be argued by some, that Microsoft may only have itself to blame to an extent having only been made to make agreements following the outcome of antitrust cases and investigations relating to unfair advantages as judged by the EC.

A British Medical Journal report has warned people to beware of AI deepfake videos purporting to feature popular TV doctors selling scam products. Doctors featured in the deepfake videos being used to sell scam medical cures on social media include Hilary Jones, the late Michael Mosley and Rangan Chatterjee.

Hilary Jones, one of the UK’s most recognisable doctors, reported on the BMJ website that “Some of the products that are currently being promoted using my name include those that claim to fix blood pressure and diabetes, along with hemp gummies with names like Via Hemp Gummies, Bouncy Nutrition, and Eco Health.”

Many of the deepfake videos have been posted on Meta’s Facebook and Instagram platforms and it’s been reported that Meta has said it will investigate the videos highlighted in the BMJ report.

The BMJ advises anyone encountering such a video to leave a comment questioning its authenticity, and to report it to platform it’s been posted on.

German startup CargoKite has developed what it calls the “sailing ship of the 21st century” which uses a large kite to pull the vessel along, thereby providing sustainable, clean power.

Why? 

The new wind-powered micro-ships, developed by CargoKite and Lomar’s corporate venture lab have been designed to tackle a variety of challenges for today’s shipping, including:

– Ships run on heavy fuel oil (the dirtiest fuel in the world), making global shipping responsible for nearly 1 Gigatonne of CO2 emissions per year (more than all of Germany combined). Although freight ship owners and operators worldwide are working towards improved efficiencies and cleaner fuels, these actions are unlikely to be enough to meet targets for emissions reduction set by the International Maritime Organisation (IMO). This means that heavy fuel oil-powered freight ships in their current form are not sustainable and are contributing to the climate crisis.

– Ultra-Large Vessels stacked high with containers may be cost-efficient, but only 5 per cent of ports have sufficient infrastructure to accommodate them. On all other routes, small, less cost-efficient ships are in use, which can double transport costs.

– Just one incident such as a (large) ship getting stuck in the Suez Canal or a labour strike in a port shutting down major parts of global shipping leads to massive congestion and can cost £billions in just a few days.

– Having to serve thousands of customers with a single ship makes individualised routing and just-in-time delivery very difficult for shipping companies, forcing cargo owners to keep expensive inventory.

– 98 per cent of ports are not directly connected and time intensive stop-offs and transshipments can slow things down and add unnecessary transportation time.

Are CargoKite Micro Ships The Answer? 

CargoKite believes the answer to these challenges is to develop the new ship class of ‘micro ships’ using large kite systems as the main method of propulsion and cutting-edge AI for autonomous operation.

The Kite 

The main propulsion system for the new CargoKite ships is an advanced kite that flies at altitudes between 100 and 300 metres. These are heights where the wind is stronger and more consistent, enabling the kite to effectively pull the ship using wind energy alone.

How The New Ship Design Meets The Other Challenges 

The design of the new CargoKite ship is able to meet the challenges of today’s freight vessels in the following ways:

– Reducing heavy fuel oil dependency. Having a wind-powered kite as the main propulsion method eliminates the need for heavy fuel oil. By relying on renewable wind energy instead, the new CargoKite ship is 100 per cent emission-free and is a sustainable alternative that aligns with global emissions reduction targets set by the International Maritime Organisation (IMO).

– Accessing a broader range of ports (micro ships are smaller). Unlike ultra-large vessels that require substantial port infrastructure, CargoKite’s micro ships are designed to be small (carrying only 16 containers each) and autonomous, enabling them to access a broader range of ports, including those with limited facilities. This decentralised approach allows for more flexible and cost-effective shipping routes, reducing dependency on the 5 per cent of ports capable of handling larger vessels, thus lowering overall transport costs.

– Minimising congestion and disruption risks. CargoKite’s fleet of smaller, autonomous ships reduces the risk of massive congestion caused by incidents like the Suez Canal blockage. These micro ships can operate independently and flexibly, providing more resilience to the global shipping network. By avoiding the bottlenecks associated with larger vessels and major ports, they ensure more reliable and uninterrupted cargo transport, even in the face of disruptions. They also offer 1.5x higher operation speed, no unnecessary stops (direct transport), and no transshipment, thereby enabling up to 40 per cent time savings compared to today’s transport times.

– Enabling individualised routing and Just-in-Time (JIT) delivery. The small, autonomous nature of CargoKite ships allows for more tailored and on-demand shipping services / an individualised  taxi-like service for cargo to replace today’s fixed schedules. This means they can travel any route, on-demand, and are fully traceable and just-in-time for cargo owners of every size, from startup to corporate, thereby reducing the need for cargo owners to maintain expensive inventories. This flexibility supports modern supply chain demands and enhances operational efficiency.

– Enhancing direct connectivity between ports. CargoKite’s ships are designed for direct point-to-point transport, which minimises the need for time-intensive stop-offs and transshipments. This improves overall efficiency by reducing unnecessary delays, thus shortening transportation times.

CargoKite says that shifting the paradigm from large inflexible freight ships to small autonomous, kite-powered micro ships is the cheapest way to fully decarbonise commercial freight shipping.

Reframing Port and Maritime Logistics 

Stylianos Papageorgiou, Managing Director of Lomar labs, the company partnering CargoKite to produce the micro ships says: “This radical new ship type has the potential to reframe the way port and maritime logistics are organised. It brings a paradigm shift to operations, which is only now becoming possible thanks to advances made in automation technologies. In addition, it promises to be a groundbreaking decarbonisation solution for shipping.”

Marcus Bischoff, Co-Founder & CTO of CargoKite says: “This collaboration aims to develop sea transport that is not only 100 per cent emission-free, but also supports the goals of modern supply chains: customisation, just-in-time delivery, full transparency and cost savings”. 

What Does This Mean For Your Business? 

The introduction of CargoKite’s kite-powered micro ships could deliver an important shift for businesses reliant on maritime logistics. By leveraging sustainable wind energy, these innovative vessels provide a 100 per cent emission-free alternative to traditional heavy fuel oil-powered ships, aligning with global environmental targets and significantly reducing the carbon footprint of shipping operations. For businesses, this not only means compliance with stricter environmental regulations but also an opportunity to enhance their green credentials, appealing to an increasingly eco-conscious market.

CargoKite’s micro ships also appear to offer practical solutions to several longstanding logistical challenges. For example, their smaller size and autonomy enable access to a wider range of ports, including those with limited infrastructure, which traditionally could not accommodate ultra-large vessels. This expanded accessibility could lower transportation costs and provide more flexible routing options, ensuring that goods reach their destinations more efficiently and with fewer delays.

Also, the resilience and flexibility of a fleet of smaller, autonomous ships could mitigate the risks associated with major disruptions in the shipping industry, such as the disruption, congestion and economic losses caused by the Suez Canal blockage or port strikes. These sorts of issues are less likely to impact a network of decentralised, agile vessels, thereby enhancing the reliability of supply chains, ensuring smoother operations even in the face of unexpected challenges.

CargoKite’s model also appears to support modern supply chain demands through its ability to provide individualised routing and just-in-time delivery services. This adaptability could reduce the need for maintaining large, expensive inventories and allow businesses to respond swiftly to market changes. The direct point-to-point transport capability could further reduce unnecessary delays, ensuring faster and more predictable delivery times.

Integrating CargoKite’s sustainable, flexible, and efficient shipping solutions, therefore, could revolutionise how businesses manage their maritime logistics. By adopting these innovative micro ships, companies may be able to achieve significant cost savings, enhance operational efficiency, and demonstrate a strong commitment to sustainability.