DP World outage: Cyber attack stops 40% of Australian shipping

While much of the media focus last week in the Australian IT space was around Optus’ meltdown, there was also trouble brewing in Australia’s ports – or more precisely the systems that run around 40% of them, with DP World suffering a cyber attack that took its sites offline over the weekend.

One of the perils of being a large island nation like Australia is that you’re massively dependent on shipping in one form or another, whether it’s the importing of goods to sell to domestic consumers, or the export trade, worth $646 billion annually.

So when the company responsible for nearly half of the ports in the country goes offline, that’s very bad news indeed. This was the scenario faced by DP World with the company suffering a cyber-attack on Friday that saw it temporarily shutter its port operations in Sydney, Melbourne, Brisbane and Fremantle.

That left cargo containers sitting on docks, unable to move away if they were within the DP World operations cycle.

As of Monday morning, it’s being reported that sites are back online, but DP World had previously noted that it could take a week or more to get back up to full speed, with ABC reporting a statement from the company that noted that “The ongoing investigation and response to protect networks and systems may cause some necessary, temporary disruptions to their services in the coming days” according to a DP World spokesperson.

Related reading: LockBit ransomware attackers target Japan’s biggest port: but who’s next?

What happened to take DP World offline?

As yet, the precise nature of the attack hasn’t been announced, which isn’t unusual in cases like this where more precise forensics are required, both to identify levels of access, data loss and/or breach obligations and, naturally enough to bolster security to minimise the likelihood of future attacks.

All that DP World has said to the media is that it suffered a “cybersecurity incident” and that it took its systems offline as a result. Over the weekend, it was reported that DP World’s Australian website was also possibly insecure with some pages requesting security verification measures.

What’s the likely impact of the attack?

As yet, there’s not enough detail to say what was done with DP World’s data or systems to fully evaluate the impact on the company itself; we simply don’t know if customer records were accessed – which would bring with it an obligation under Australia’s data breach laws – or if other systems were compromised that might impact DP World’s ability to manage the logistics around its Australian port operations.

However, global shipping largely operates on a “just in time” principle where shipping containers are ideally constantly on the move, arriving at the right time to then allow ships to move back and forth between ports at optimal rates. The delays at DP World’s ports affect both incoming goods – think consumer Christmas shopping, for example – as well as the export of Australian commodities to worldwide markets.

The effects of that could cascade well beyond just a 2-3 day delay depending on where they strike the just-in-time schedules for not only those ports but also the cargo ships utilising them, with reports indicating a stockpile of some 30,000 containers only now starting to move again.

It’s certainly hoped that the impact on incoming goods to Australia should be minimal. “DP World has been working with the government to try to resolve this and in ways that will make sure that this doesn’t impact as much as possible on Australians,” the home affairs minister Clare O’Neil told The Guardian.

Who is DP World Australia?

DP World Australia is part of the larger DP World group, operating out of Dubai in the UAE. DP World is a massive player in the global shipping and logistics space, operating across 75 countries worldwide with major operations in the US, Australia, the Middle East, Africa and Europe.

This isn’t DP World’s first tangle with some level of controversy; locally it’s engaged in a bitter industrial dispute with maritime workers, while in the UK it faced serious criticism after sacking 800 workers from its P&O subsidiary in order to hire cheaper working staff.

Also read: How the world’s largest ports are using AI to keep the global supply chain humming