Save articles for later
Add articles to your saved list and come back to them any time.
It’s no accident that cyber criminals chose to cripple Australia’s major ports in the days leading up to the country’s major retail event, Black Friday.
Cyber thieves, like their analogue cousins, are sophisticated strategists looking for maximum leverage. With containers piling up at the ports just as consumers are getting ready to splurge, what better time to apply pressure on Australia’s biggest stevedore, DP World.
Coming just days after the Optus network outage, which knocked out the services of up to 10 million customers, the attack on DP World was another reminder of the perils of letting software underpin our critical services.
Operations at DP World ports around the country were hamstrung, with trucks unable to collect containers.Credit: Dean Sewell
While the Optus blackout led to a loss of connectivity, bringing some trains to a halt and throwing some hospitals into chaos, the attack on DP World highlighted the threat to our supply chain. As an island nation, so dependent on our ports for trade, the attack had potentially enormous ramifications.
With thousands of containers marooned – unable to be loaded or unloaded of their critical cargo – attacks on operators like DP World could deliver intense shocks to the economy. Rather than pilfer credit card, passports and driver’s licences to then auction them to the highest bidder, the cybercriminals that targeted DP World managed to temporarily bring a critical function of our economy to a standstill.
The speed and convenience of digital systems, which we take for granted, come with a fragility that is exposed every so often. Just over a year ago Optus became a high-profile victim of a cyberattack, presaging an even more devastating attack on health insurer Medibank’s systems that led to sensitive medical information finding its way onto the dark web.
How the DB World port paralysis plays out depends on a number of factors.
While it published a statement on Monday afternoon saying operations had resumed, DP World made it clear that things wouldn’t get back to normal in a hurry.
“The ongoing investigation and response to protect networks and systems may cause some necessary temporary disruptions to their services in the coming days. This is a part of an investigation process and resuming normal logistical operations at this scale.”
DP World, a commercial shipping port operating from Port Botany, was disrupted by a cybersecurity event.Credit: Oscar Colman
More importantly, there has been no information supplied by DP World on how the perpetrators infiltrated the company’s systems.
For now, disaster has seemingly been averted. The supply chain shock that many had predicted may yet turn out to be negligible. Meanwhile, the potential for the DP World cyberattack to add to inflationary pressure appears similarly overblown.
Even had it been more protracted, the Reserve Bank would take such exogenous events into its stride when assessing the impact on inflation.
However, there are still too many questions that remain unanswered about the weaknesses in DP World’s cybersecurity systems. And are these weaknesses shared by its peers?
Major cybersecurity events generally spark intense panic, but once operations are restored, there is often a lack of clear accountability and transparency on what went wrong.
In each case of another major incident, there are calls from experts, regulators and the government to beef up protection – or calls for more technical expertise on company boards.
The Australian Securities and Investments Commission chimed in, right on cue on Monday, publishing a set of frightening statistics.
Forty-four per cent of its survey respondents said they didn’t manage third party or supply chain risk; 58 per cent said they had limited or no capacity to adequately protect confidential information; and one in three did not have a cyber incident response plan.
Unsurprisingly, the ASIC report into the cyber capability of corporate Australia identified significant gaps. But with only a fraction of the hacks that are perpetrated against Australian companies and institutions ever made public, it’s easy to be lulled into a false sense of security.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Most Viewed in Business
From our partners
Source: Read Full Article