Ferry Builder Austal Hit by Cyberattack

Austal's latest fast-ferry project, the ropax ‘Express 4’ (Austal)

Published Nov 1, 2018 6:05 PM by The Maritime Executive

Australian ferry and defense shipbuilder Austal reported Thursday that it has been hit by a cyberattack. An unknown offender managed to steal internal data, including some staff contact information and unspecified data affecting a "small number of stakeholders." The firm emphasized that its ship design drawings for vendors and customers are neither sensitive nor classified, without specifying whether any drawings may have been taken.

Austal said that the attacker attempted to engage in extortion using the stolen information and tried to sell it online. In line with its company policy, Austal did not respond to extortion offers, the firm said. 

Austal, which builds the U.S. Navy's Independence-class Littoral Combat Ship and the Expeditionary Fast Transport, said that there were no indications that the data breach had national security implications. "Austal's business in the United States is unaffected by this issue as the computer systems are not linked," the company said. 

The Australian Cyber Security Centre and the Australian Federal Police are investigating the attack, and the Australian Department of Defence is providing technical assistance. “This incident reinforces the serious nature of the cyber security threat faced by defence industry, and the need for industry partners to put in place, and maintain, strong cyber defences,” said the Department of Defence in a statement. Austal holds the contract to build and maintain two patrol boat classes for Australian military and government operators. 

Austal said that the attack had no effect on its day-to-day operations, and that its data systems have been secured and brought fully back online. 

The attack is the latest in a series affecting maritime firms, and regulators and industry leaders are increasingly concerned over the sector's vulnerability. Other recent security breaches include the ransomware attack at APM Terminals; the attack on Cosco's USA operations; and the attack on Port of San Diego's business IT systems.