This month a cyber incident forced DP World,
While the full sordid details of the cyber-attack aren’t public yet, rumblings from the industry suggest the incident stems from an unpatched internet facing appliance – which may have provided a backdoor for an opportunistic attacker to slip in and compromise the network.
Lyal Collins, Senior Security Consultant at Aura Information Security, says while this incident could have had catastrophic impacts over the lead up to the busy Christmas period, DP World’s swift handling of the response may have mitigated a worst-case scenario.
“While it's a significant incident for DP World, arguably their incident management has addressed some elements to somewhat mitigate the impact to the Australian economy.”
“Disconnecting from the internet has profound temporary impacts. As anyone operating warehousing or logistics function knows, moving containers in or out without effective tracking creates a huge problem later, namely correcting the accuracy of shipping and consignment records. This decision would not have been taken lightly.”
“However, this appears to be a good indication that DP World were taking the response seriously. Regardless of the cause of the incident, or the threat actor involved, any coherent cyber incident response plan will include the dreaded "Option D” - meaning "Disconnect key systems" - to contain the impact.”
Collins points out that logistics firms are highly interconnected, and thus fragile to complex attacks coming through supply chains. Had DP World carried on as usual, corruptions and errors may have spread to integrated road and rail transport operators, compounding the impact to the national economy. Similarly, it cripples the ability of an attacker to exfiltrate data, which is one technique used to extort money from cyber-crime victims.
While DP World’s latest press statement says a complete and thorough investigation of the incident is yet to come, operations were back online within the week.
“DP World likely took their systems offline because they understood the risk involved if they didn’t deal with this incident quickly – and the fact that systems are now back online suggests they have acted swiftly and managed to resolve the immediate issue at hand.”
Collins says DP World also appear to have done a reasonable job of fronting communications about the incident, and the steps they were taking to address it. In contrast to other recent incidents in Australia it appears the company has managed a unified front with stakeholders as well, with Home Affairs minister Claire O’Neil affirming that they were receiving regular briefings from DP World, and the government was coordinating technical advice and assistance.
This most recent attack comes off the back of a swathe of significant cyber incidents which disrupted Australian critical infrastructure. The silver lining, says Collins, is that it may be the catalyst for shifting the needle when it comes to the country’s overall cyber resilience.
“These incidents have provoked an increased focus and cyber security regulation from the Federal Government for the commercial sector will hopefully prompt a re-evaluation of how interconnected and interdependent ICT systems have become. It may also trigger the use of the cyber resilience provisions of the recent 2018 SOCI Act in industry sectors”
“A strategy that enshrines the ability to quarantine incidents and thus reduce the flow-on effects to the smallest practical extent is both prudent and carries the benefit of minimising reputational and financial impacts to the victim's organisation, its industry and the broader economy.”
But arguably the best news to come out, according to press reports, is that minimal impact to supplies has arisen from this saga. DP World’s incident response plan may have just saved Christmas after all…