Cyberattack Disrupts Operations at Four Australian Ports
Shipping firm DP World Australia manages around 40 percent of goods entering and leaving the country, but a cyberattack crippled the firm’s ports this past weekend, disrupting operations at container terminals in Melbourne, Sydney, Brisbane, and Perth.
The cyberattack forced the company to suspend work for three days, with operations resuming at 9:00 a.m. on 13 November. In a statement released to the Australian media on 10 November, DP World Australian said its teams were “working diligently to contain the situation and determine the impact on our systems and data.”
The attack caused the firm to disconnect its ports from the Internet to prevent “any ongoing unauthorized access” to its network, DP World said. After successful tests of key systems, the ports were cleared to resume operations today.
DP World expects to move about 5,000 containers out of the ports throughout today, although the company warns that ongoing investigations into the breach and recovery efforts will likely result in temporary disruptions this week, Reuters reported. The outage will not affect the supply of goods to major Australian supermarkets, even though the disruption meant trucks were unable to transport containers in and out of the affected ports over the weekend, BBC News noted.
Australia has been facing increasing cyberattacks in recent years, and in 2020 the nation made a massive investment in cybersecurity—committing to spend AU$1.35 billion on cybersecurity in this decade as part of a broader cybersecurity strategy. These efforts continue—earlier this year, the Australian government announced plans to overhaul the nation’s cybersecurity laws and set up an agency to coordinate responses to intrusions, according to the BBC. These changes will likely tighten reporting requirements for companies, including forcing companies to report all ransomware incidents, demands, or payments.
Current cybersecurity rules, policies, and regulations “are simply not at the level that we need them to be,” said Australian Prime Minister Anthony Albanese during a meeting with industry leaders early this year, Reuters reported.
“This is really fast moving,” he added. “It’s a rapidly evolving threat, and for too many years, Australian has been off the pace.”
Australia is not alone in port cybersecurity issues, though. Cyberattacks on the Port of Los Angeles nearly doubled after the start of the COVID-19 pandemic, BBC News reported in 2022. The number of monthly attacks reached around 40 million, and port officials believed most of the threats came from Europe and Russia, aiming to disrupt the U.S. economy.
A 2020 report from the U.S. Maritime Transport System Information Sharing and Analysis Center (MTS-ISAC) said that multiple factors were responsible for the post-COVID rise in port-centric cyberattacks, “including geopolitical tensions, transitions in criminal activities in response to the COVID-19 pandemic, legal challenges that make cybercrime a ‘low-risk endeavor,’ an increase in remote workers, and inadequate resources for IT and security teams in the maritime sector,” reported Security Management in 2021.
Maritime operations are also becoming significantly more automated and digitized, which improves efficiency and lowers business costs but also creates lucrative target points for cyberattacks.
“With enhanced technology, the interconnectivity—while improving the efficiency of the system itself—also presents multiple nodes which provide opportunities for cyberattacks,” said Kathy Metcalf, president and CEO of Chamber of Shipping of America, in a 2021 panel discussion hosted by the Atlantic Council on maritime cybersecurity. “Key links to and from the vessel include shore management (ship owner, operator, or charter), government agencies requiring electronic reporting of vessel information, third-party contractors including classification societies, vendors, technical service providers, and port and terminal authorities.”
“Simply put, in an ideal world, the entire logistics chain is interconnected and provides stakeholders real-time information essential to scheduling and decision making,” Metcalf continued. “Integrating cybersecurity programs at each interface is critical as is also the education of personnel at each interface.”