The increasing boldness of cyber criminals in attacking systems governing real-world critical infrastructure, at times rising to the level of terror attacks in their ability to cause physical harm, has prompted a lot of rapid legislative change around the world. More seems to be coming in Australia after a recent cyber incident shut down several major port operations for days and backed up container ship cargo.
Four cities, including Sydney, saw port operations grind to a near-halt over the past weekend as systems were rapidly pulled offline in response to an as-yet undefined cyber incident. Given the scale of the disruption and rapid shutdown, ransomware is the most likely culprit.
Australian cyber incidents prompt regulatory changes, calls for cybersecurity investment
Over the past several years, the world has now seen profit-seeking hackers cross the line into shutting down patient care systems at hospitals and gasoline distribution (among other things). The latest cyber incident in Australia highlights the vulnerability of port operations, and the possibility of vital goods being backed up for weeks and even potentially destroyed.
In this case, Australia appears to be relatively lucky with an expected minimal disruption to the flow of imports and exports. The cyber incident prompted renewed action in government, however, something initially motivated by a string of serious and damaging attacks that began about a year ago with massive leaks of sensitive personal information from telecoms giant Optus and others.
“Minimal” disruption does not mean business as usual, however. The shutdown of port operations lasted roughly three days, during which time about 30,000 cargo containers that were scheduled to unload were backed up. This led to some perishable goods, such as foods and even blood plasma, likely being destroyed. It also comes just as port owner DP World is dealing with strikes and refusals to unload trucks as the country’s maritime workers union makes a strong push for pay raises.
Impacted port operations mostly recovered, but some disruptions still expected
Very little in terms of detail about the cyber incident has been released, with general knowledge at present limited to its effects. Ransomware is certainly the most likely candidate, but the shutdowns at port operations appear to have come more from rapidly pulling systems offline as a precaution than from it managing to broadly take hold across DP World’s systems. This can reasonably be inferred by no ransomware group stepping forward to claim the attack as of yet, the relatively quick restoration of most of the company’s normal operations, and the apparent lack of impact on the company’s operations outside of Australia.
DP World says to expect some potential knock-on effects for some time, though. The Dubai company is one of the world leaders in port operations, having a presence in about a fifth of the world’s countries and handling an estimated 10% of all global container traffic. The four ports in Australia handle about 40% of the country’s shipping traffic.
The company says that key systems have been restored at its Australian port operations as of Monday the 13th, but inbound cargo that backed up during the outage is still being processed and deliveries may be slowed for some time. Some major Australian retailers have said that consumers should not expect basic foods and goods to go missing from shelves as a result of the cyber incident, however, and that Christmas shopping will not be disrupted as the seasonal inventory was already in place.