On Friday, the 10th of November 2023, Dubai Ports (DP) World announced a massive cybersecurity breach on some of their ports in Australia. The Dubai state-owned company is actually one of the biggest port terminal operators in Australia, and in the region. This breach isn’t the first one to hit Australia and its companies in 2023.
- A massive cybersecurity attack
Announced on Friday evening, the breach gave DP World no other option than disconnecting Internet in their attacked ports in order to stop the attack. There were four of them : Sydney, Melbourne, Brisbane and Fremantle. This had a serious impact on ports’ logistics, especially the system of transfer of containers between the ships and the trucks. A report stated that more than 30,000 containers were concerned.
Furthermore, it is to be noted that DP World is responsible for around 10% of the world’s container traffic, and around 40% of Australia’s. In the Asian/Pacific region, the company has 17 ports and has more than 7,000 employees.
At the time of writing this article, the cybersecurity breach had not been identified as a ransomware attack (a type of cyberattack where the victim’s data is blocked until a payment is made). On that note, DP World Australia had still not disclosed the exact nature of the attack nor what data, if any, was stolen.
Also, when accessing DP World’s website, the phrase “checking if the site connection is secured” was shown and the site had to review the user’s security connection.
Air Marshal Darren Goldie, the national cyber security coordinator, said that “while I understand there is interest in determining who may be responsible for the cyber incident, our primary focus remains on resolving the incident”. He later announced that the incident’s effects would last. Indeed, such a halt concerning four major ports will result in big delays as long as 12 days. Also, this will cause serious financial losses for DP World and, most importantly, will scare stakeholders as well as the government itself.
Furthermore, this attack couldn’t come at a worse time for DP World Australia. The company has been faced with a labor dispute with dockworkers represented by the Maritime Union Australia. The workers are claiming wage increases and changes in work rules, but the discussions were on hold since DP World wouldn’t allow a 27% wage increase and the union said they wouldn’t “back down”. As a result, strikes are planned to continue until the end of November.
- Australian government’s response
This cybersecurity breach occurred at a time where Australia has been faced with many cyberattacks. The government took the matter seriously, with Clare O’Neil Cyber Security Minister stating that this breach shows “how vulnerable we have been in this country to cyber incidents and how much better we need to work together to make sure we keep our citizens safe”. Deputy Prime Minister Richard Marles also said the government had a “huge focus on cybersecurity”.
The attack on DP World happened just a day after another attack on the cryptocurrency exchange company CoinSpot. This left the Melbourne-based company with 2.3 million $ worth of Ether being taken from two CoinSpot wallets.
As a response, Australia has taken measures, such as the appointment of the above-mentioned national cybersecurity coordinator, to tackle the threat of cyberattacks in the country. Most importantly, these incidents come as the government prepared different cybersecurity related laws which would bring companies, and especially telecommunication companies, “under strict cyber requirements”. Indeed, an attack took place on Optus, the 2nd largest telecommunications operators, earlier in November. This left the company, and their 10 million users, in the dark for more than 10 hours. The attack has marked a turning point for the Australian government.
These laws will allow telco companies to be qualified as “critical infrastructures”, making it obligatory for them to report to the government any cyberattacks, as well as their cybersecurity strategies. Such a report is already required from all energy companies, hospitals or ports.
- The 2023–2030 Australian Cyber Security Strategy
With the Australian Securities and Investments Commission (ASIC) issuing a warning to all organizations nationwide, times have never been more urgent for Australia to “prioritize their cybersecurity measures”.
Indeed, our lives being so directly linked to “digital connectivity” render awareness and regulation crucial in order to prevent future cyberattacks. On that note, Australia has launched their 2023–2030 Australian Cyber Security Strategy, with the aim of becoming “the world’s most cyber secure country by 2030”. Therefore, Clare O’Neil has given “six shields” around which the strategy will be organized : informed citizens and businesses, safer technologies, threat sharing, reliable infrastructure, sovereign capability and a resilient region.
Australia seems to be ready to take cybersecurity matters seriously and prevent events like the DP World’s breach from happening in the foreseeable future.
M2 Cyberjustice – Promotion 2023/2024
#australia #cybersecurity #breach #ports #government