DP World Australia Resumes Terminal Ops After “Serious” Cyber Incident

Sydney container terminal — Terminal operations resumed as DP World continues to investigate Friday's incident (file photo)

Terminal operations resumed at DP World Australia’s four locations after a weekend stoppage due to what government officials described as a “serious” cyberattack. The company’s ability to quickly recover from the incident however may be hampered by the Maritime Union of Australia which said it will go ahead with this week’s planned labor actions despite the backlog from the cyberattack.

Details on the nature of the attack were not provided with some media reports citing unnamed cyber experts saying DP World had not received a ransom demand. The company reported that it detected “unauthorized activity in its system,” which manages the movement of trucks and the landside operations of the terminals in Sydney, Melbourne, Brisbane, and Fremantle. Experts say the company had acted correctly shutting down access to the system and severing its ties to the Internet as soon as the activity was detected. Late on Friday, the company confirmed that operations were suspended at all of its terminals.

An advisor to DP World speaking on Australian TV said data however had been taken by “someone malicious or unauthorized.” DP World over the weekend reported it was analyzing the extent of the data breach. Testing to ensure the integrity of the system was completed overnight on Sunday with operations restarting on Monday morning.

DP World said it expected to be able to move approximately 5,000 containers today at its four terminals but warned that there could continue to be “some necessary, temporary disruptions.” Australia’s Freight & Trade Alliance however cited problems during the day with export containers being restricted in Melbourne, impacts in Sydney, and changes to truck access in Fremantle.

“This is part of an investigation process and resuming normal logistical operations at this scale,” DP World said in its statement. They reported that resuming port operations “does not mean that this incident has concluded.” DP World alerted government agencies and is working with the national police with the company saying, “investigation and ongoing remediation work are likely to continue for some time.”

The company’s four terminals handle about 40 percent of Australia’s trade. The Australian Financial Review was reporting that as many as 30,000 containers were stranded in the four ports over the weekend.

The Maritime Union of Australia however said on Monday that it planned to go ahead with its labor actions as part of an ongoing dispute that began in October over a new contract. The union has implemented bans on extended shifts for example and on Friday plans another 24-hour stoppage at DP World’s terminal in Sydney. Carriers and shippers are already reporting a delay of seven to 10 days due to the union’s labor actions which experts said could get worse with the new backlog and the union saying it will continue the labor actions at least until November 20.

DP World Australia joins a growing list of terminal operators and ports that have suffered cyberattacks. Earlier this year, Japan’s Nagoya port stopped work for two days due to a cyberattack. Dutch ports were also hit by hackers while at the beginning of the year, there were threats that hackers would release extensive business data from the port of Lisbon. Transnet in South Africa was another port operator also hit by a crippling cyberattack.

Australian government officials are emphasizing the importance of ports to the country’s economy saying that 98 percent of Australia’s trade moves by sea. The government of Prime Minister Anthony Albanese had earlier this year announced plans to overhaul cyber-security laws. Proposed rules are expected to be released as early as next week with new reporting requirements for companies across Australia.