Depending on where you get your news, you may not be fully cognizant of the extent to which the world is in constant cyberwar. NotPetya was the single most significant act of cyberwar in world history and it happened in 2017. Prior to NotPetya, a ransomware attack had been launched that was named Petya. Initially, NotPetya looked similar. The main difference was that NotPetya did not have an option to pay ransom to retrieve the data it destroyed. This type of attack is referred to as a wiper attack because its only purpose is to render computer data storage unreadable, to wipe it out. Figure 9.1 is a timeline of the attack from the perspective of one of the hardest hit organizations, the shipping and logistics company Maersk. The source of the timeline was Maersk’s former IAM Service Owner (IAM‐SO), who published the story of what the event looked like from the inside (Ashton 2020). The IAM‐SO was an experienced and highly skilled cybersecurity professional who specialized in identity projects. In his narrative, he expresses amazement that Maersk was not a target of the attack and yet could get hit so hard.

Maersk’s shipping business ground to a halt while new laptops were purchased and manual workarounds were quickly established for formerly automated business processes. They started reimbursing customers for rerouting or storing marooned cargo and this expense alone was estimated in millions (Greenberg 2020, pp. 196–199). Maersk’s chairman of the board estimated the ...