Operations at DP World Australia resume, though ‘doesn’t mean the incident has concluded’

On Monday morning, the Australian government announced the resumption of operations at DP World Australia’s ports nationwide at 9 AM local time. This decision comes after successful tests of key systems overnight, following a three-day suspension of operations. It is important to note that there is an ongoing investigation and response to a cybersecurity incident, which may result in necessary and temporary disruptions to services as part of the investigation process.

“DP World Australia expects that approximately 5,000 containers will move out of the four Australian terminals today,” Clare O’Neil, Minister for Home Affairs, wrote in a LinkedIn post. “DP World Australia continues to work closely with National Cyber Security Coordinator, Australian Cyber Security Centre, Minister Catherine King, and myself.”

While port operations have resumed, this doesn’t mean the incident has concluded, she cautioned.

She went out to “thank National Cyber Security Coordinator Darren Goldie has been leading the operational response to this incident.”

Goldie added in a LinkedIn post that “the Australian Government is continuing to work with DP World Australia to support the management of any further consequences, including any ongoing disruption to Australia’s supply chains. Investigations into the incident remain ongoing and remediation work is likely to continue for some time.”

He also commended “DP World Australia for their collegiate and timely communication with the Australian Government to date.”

During an interview on ABC’s RN Breakfast, Goldie provided an update on the cybersecurity breach, stating that DP World’s IT system remains disconnected from the internet. As a result, their ability to move cargo across their ports has been significantly reduced. While DP World has implemented redundancy measures to retrieve certain sensitive cargo, operational technology (OT) such as automated cranes and gates rely on functioning computer systems. 

Goldie emphasized that the government fully supports DP World’s decision to shut down the system initially to prevent the threat actor from spreading across the systems. This action aims to contain the cyber incident in the four affected locations in the country.

Goldie said the government does not know who was behind the attack, and the focus at the moment was to restore cargo operations. “The matter of attribution when it comes to a nation formally attributing a threat actor takes significant time and there’s a very high bar for the standard of proof we’d need,” he added.

The federal government is helping to coordinate the stevedore’s response and the Australian Cyber Security Centre is providing technical advice.

The former head of the Australian Cyber Security Centre, Alastair MacGibbon, who is advising DP World, said the No 1 priority was to get containers moving again. He added that data had been taken by ‘someone malicious or unauthorized,’ but he could not say what the nature of the data was.

MacGibbon also said DP World had been working closely with the government at the weekend and noted that emergency supplies, such as vital medical supplies and equipment, could be picked up ‘selectively’ from the docks.

“So they can deal with the most critical matters but … the vast bulk of cargo is just stuck at the moment,” he said.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.