DP World gradually restarting operations around its Australian Ports after cyber-attack
SYDNEY : Australia’s biggest ports operator, DP World Australia which has been the target of a cyber-attack, has begun gradually restarting its operations, but key exports could be subject to prolonged delays.
DP World Australia closed its Sydney, Melbourne, Brisbane and Fremantle port operations after detecting the breach on Friday, leaving cargo and containers stuck on the docks.
The company disconnected its internet, which stopped ongoing unauthorised access to its network. This also resulted in key systems linked to its port operations not functioning normally.
On Monday, Paul Zalai, Director of the Freight and Trade Alliance, said limited operations had resumed, with DP World’s docks at Brisbane and Fremantle had were moving through imports and exports.
However, its docks in Sydney and Melbourne were only dealing with imports on Monday, Zalai said.
“We have heard from one of our members, who say DP World told them it’ll be another two weeks before accepting export cargo at (Sydney’s) Port Botany,” Zalai said.
“That’s going to have devastating effects for our operators,” he said.
Zalai said one regional exporter has 300 containers stuck at one port.
While the full extent of the outage is still unclear, Zalai said operations as of Monday suggested the disruptions would not significantly affect the flow of goods for Christmas shopping.
“More and more is becoming apparent by the hour…The overall position is looking a lot better than it did over the weekend, as operations are up and running,” he said.
Even if DP World recovers from the cyberattack to full operations shortly, Guardian Australia understands customers remain frustrated at the prospect of delays due to protected industrial action from dock workers in coming days.
It is expected DP World will subcontract out work to competing stevedore companies such as Patrick to deal with the backlog from the outage and industrial action.
Jim Wilson, policy advisor at Shipping Australia, echoed Zalai’s view of the implications of the cyber attack outage. “It does not appear to be excessively or unduly disruptive,” Wilson said on Monday morning.
The federal government is helping to coordinate the stevedore’s response and the Australian Cyber Security Centre is providing technical advice.
“DP World have been working with government to try to resolve this and in ways that will make sure that this doesn’t impact as much as possible on Australians,” the home affairs minister Clare O’Neil said.
Australia’s cyber security coordinator, Air Marshall Darren Goldie, told ABC’s RN Breakfast on Monday it was “still a live incident.”
“DP World’s IT system remains disconnected from the internet,” he said. “They continue to have significantly reduced ability to move cargo across their ports.”
He said DP World had some redundancy to allow them to retrieve certain sensitive cargo but said some of the operational technology like automated cranes and gates required computer systems to be up and running.
But he said the government “fully supports them shutting down that system in the first instance to stop the spread of the threat actor across the systems and ultimately ensure that we have a contained cyber incident to those four locations in the country.”
The former head of the Australian Cyber Security Centre, Alastair MacGibbon, who is advising DP World, said the No 1 priority was to get containers moving again.
“What we know is there was unauthorised activity in the system,” the chief strategy officer at CyberCX said.
“A pretty brave and smart move was taken to pull the plug, so to speak, on the internet,” he told Nine’s Today show on Monday. “What that has done, it’s protected the organisation against potential future harm.
“But by its nature, it creates a technical problem when you cut off the internet. What we’re dealing with here is the consequence of reducing harm, which might sound crazy to you, but it’s the safest, smartest thing for all.”
MacGibbon said data had been taken by “someone malicious or unauthorised” but he could not say what the nature of the data was.
Goldie said the government does not know who was behind the attack, and the focus at the moment was to restore cargo operations.
“The matter of attribution when it comes to a nation formally attributing a threat actor takes significant time and there’s a very high bar for the standard of proof we’d need.”
MacGibbon also said DP World had been working closely with the government at the weekend and noted that emergency supplies, such as vital medical supplies and equipment, could be picked up “selectively” from the docks.
“So they can deal with the most critical matters but … the vast bulk of cargo is just stuck at the moment,” he said.