Dubai Ports' Aussie Cyberattack Needs Investigation, Accountability

MEDIA RELEASE

MARITIME UNION OF AUSTRALIA

20 NOVEMBER 2023

Dubai Ports' Australian cyberattack must be investigated and management held accountable.

The Maritime Union of Australia, which represents employees of Dubai Ports in Australia, has called on Minister for Home Affairs, Claire O'Neill, to launch a government investigation into local managers' state of knowledge about the risks of the recent cyber-attack on critical Australian supply chain infrastructure that saw four container terminals around Australia grind to a halt last week.

After waiting quietly for more than a week for the company to address the workforce about the impact of the hack, the Union is stepping up its calls for Dubai Ports (DP World) to be hauled over the coals by the Federal Government for a completely avoidable supply chain crisis entirely of the company's own making.

The vulnerability in Dubai Ports' IT systems was well understood and well publicised within the global internet security sector. The Citrix software which Dubai Ports operates at its four terminals had patches available to fix the vulnerability, but Dubai Ports never applied them.

As far as recent corporate disasters go, the shutdown of 40% of Australia's container terminal infrastructure over three days by unknown cyber attackers is one of the gravest failures of corporate governance in recent memory.

With Optus' CEO facing an immediate Senate inquiry over the telco's recent network outage, the same standard must be applied to get to the bottom of Dubai Ports' total failure to protect its Australian operation from an avoidable crisis.

"This cyberattack was not a terrible accident but an appalling failure and the managers responsible should be held accountable," said MUA Assistant National Secretary, Adrian Evans.

Russian hacking syndicates, which usually look for and exploit security vulnerabilities to make ransom demands from major companies and government departments, are understood to be the likely culprits. Personal financial information gathered during these hacking exercises are often traded on or published to the Dark Web, for exploitation by other financial criminals.

"The software DP World uses has been exploited by Russian criminals in other parts of the world over several months. Patches were available but not applied, so the company must be held responsible for this catastrophic failure and the massive sovereign risk in Australia's supply chains it has exposed us to," said Mr Evans.

"The company's claim that there hasn't been a ransom demand is not plausible, except if the hackers' motivation was not financial in the first place, but a strategic exercise in manipulating Australia's global supply chains, and it's hard to say at this point which is the lesser evil," Evans said.

To date, the company has still not briefed its national workforce about the breadth or depth of the data breach or whether sensitive information from payroll or HR records were accessed or extracted.

"Dubai Ports haven't answered one simple question. How many workers' records were accessed and what steps should these workers take to secure their information and their families' financial security in the wake of this hack?" said Mr Evans.

The company has been locked in dispute with the Union about pay and conditions for Australian wharfies employed at four terminals around Australia, with the Dubai Government owned company controlling 40% of Australian imports and exports through its stevedoring operations in Brisbane, Sydney, Melbourne and Fremantle.

"Dubai Ports should focus on explaining to their workforce how the company's failure to close a well-known cybersecurity gap in their IT system might have exposed their workers' personal and banking data to cyber criminals. Instead, they continue to attack their own workers with pay cuts, roster changes and the undermining of vital safety measures," Mr Evans said.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.