November 27, 2023 | Policy Brief

Government-Industry Collaboration Minimized Damages Following Hack of Australian Ports

November 27, 2023 | Policy Brief

Government-Industry Collaboration Minimized Damages Following Hack of Australian Ports

DP World Australia, an international firm specializing in cargo logistics and port operations, detected a hack in mid-November, forcing the company to limit operations at four of the nation’s largest ports. The company’s ability to minimize the disruption, however, demonstrated the positive impact of early detection and collaboration with government authorities on cyber incident response.

After detecting unauthorized access to its networks, DP World Australia disconnected its systems from the internet to prevent hackers from fully executing their malicious operations. For three days, almost 30,000 shipping containers of consumer goods were stranded at ports in Sydney, Melbourne, Brisbane, and Fremantle.

While the system shutdown did not prevent containers from being taken off vessels, trucks were unable to enter or exit the terminals to transport the cargo. Although the shutdown lasted only three days, Sydney’s Port Botany is not expected to be fully operational until the end of the month. The company warned that the ongoing investigation into the incident might result in additional, temporary interruptions.

DP World Australia manages 40 percent of imports and exports to Australia, so delays and damage to time-sensitive freight could cost millions of dollars. Even after the operations resumed, the shutdown caused ripple effect as the company worked to reassign and rebuild the import and export schedules at the ports.

This is not the first time a major port has been targeted this year. In June, several Dutch ports, including Amsterdam and Groningen, faced distributed denial-of-service (DDoS) attacks carried out by Russian-aligned hackers. The following month, Japan’s largest port suffered a ransomware attack by Russian ransomware gang LockBit. While the DDoS attacks had no operational impact, the ransomware attack halted all operations at the Japanese port for two days.

Unlike the prior attacks this year, DP World Australia discovered the unauthorized activity before hackers could lock up the systems with ransomware. DP World Australia has confirmed that the hackers stole some data, although the full extent is still under investigation.

The company also took proactive steps to engage the Office of the Australian Information Commissioner and collaborate with cybersecurity experts, said Australian cyber-security coordinator Darren Goldie. Goldie was on-site almost immediately with the police to investigate the attack and coordinate the incident response activities. The Australian Cyber Security Center was also able to provide technical assistance.

Although Australia’s government has not yet identified the perpetrators, and internal investigations will take time, DP World Australia’s early collaboration with government authorities likely means the attribution and law enforcement investigation will proceed apace, a critical step for holding hackers accountable.

Press reports this week indicate the hackers may have exploited the same known vulnerability that LockBit used to breach Boeing’s systems last month. As company and authorities confirm the methodology and the hackers responsible, they should share this information with global partners so that other companies can implement patches and mitigations to protect against similar attacks.

The quick response by the company to both detect the problem and bring in government partners should be the model for the global maritime industry and, indeed, for all cyber incident response and risk management. As the Biden administration revises an Obama-era presidential directive on critical infrastructure security governing public-private collaboration in the United States, it should clarify how private companies can coordinate with a single point of contact in a cyber emergency, as DP World Australia appears to have done. Smooth cooperation during a cyberattack helps reduce the severity of the incident.

Annie Fixler is the director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD) and an FDD research fellow. Gabrielle Christello is a CCTI intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow Annie on X @afixler. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.