The Maritime Union of Australia, which represents employees of Dubai Ports in Australia, has called on Minister for Home Affairs, Claire O'Neill, to launch a government investigation into local managers' state of knowledge about the risks of the recent cyber-attack on critical Australian supply chain infrastructure that saw four container terminals around Australia grind to a halt last week.
After waiting quietly for more than a week for the company to address the workforce about the impact of the hack, the Union is stepping up its calls for Dubai Ports (DP World) to be hauled over the coals by the Federal Government for a completely avoidable supply chain crisis entirely of the company's own making.
The vulnerability in Dubai Ports' IT systems was well understood and well publicised within the global internet security sector. The Citrix software which Dubai Ports operates at its four terminals had patches available to fix the vulnerability, but Dubai Ports never applied them.
As far as recent corporate disasters go, the shutdown of 40% of Australia's container terminal infrastructure over three days by unknown cyber attackers is one of the gravest failures of corporate governance in recent memory.
With Optus' CEO facing an immediate Senate inquiry over the telco's recent network outage, the same standard must be applied to get to the bottom of Dubai Ports' total failure to protect its Australian operation from an avoidable crisis.
"This cyberattack was not a terrible accident but an appalling failure and the managers responsible should be held accountable," said MUA Assistant National Secretary, Adrian Evans.
Russian hacking syndicates, which usually look for and exploit security vulnerabilities to make ransom demands from major companies and government departments, are understood to be the likely culprits. Personal financial information gathered during these hacking exercises are often traded on or published to the Dark Web, for exploitation by other financial criminals.
"The software DP World uses has been exploited by Russian criminals in other parts of the world over several months. Patches were available but not applied, so the company must be held responsible for this catastrophic failure and the massive sovereign risk in Australia's supply chains it has exposed us to," said Mr Evans.
"The company's claim that there hasn't been a ransom demand is not plausible, except if the hackers' motivation was not financial in the first place, but a strategic exercise in manipulating Australia's global supply chains, and it's hard to say at this point which is the lesser evil," Evans said.
To date, the company has still not briefed its national workforce about the breadth or depth of the data breach or whether sensitive information from payroll or HR records were accessed or extracted.
"Dubai Ports haven't answered one simple question. How many workers' records were accessed and what steps should these workers take to secure their information and their families' financial security in the wake of this hack?" said Mr Evans.
The company has been locked in dispute with the Union about pay and conditions for Australian wharfies employed at four terminals around Australia, with the Dubai Government owned company controlling 40% of Australian imports and exports through its stevedoring operations in Brisbane, Sydney, Melbourne and Fremantle.
"Dubai Ports should focus on explaining to their workforce how the company's failure to close a well-known cybersecurity gap in their IT system might have exposed their workers' personal and banking data to cyber criminals. Instead, they continue to attack their own workers with pay cuts, roster changes and the undermining of vital safety measures," Mr Evans said.
Key Facts:
The cyberattack last Friday (10 November) caused the immediate shutdown of Dubai Ports' four terminals around Australia. Over a week later, the backlog this created of almost 30,000 containers that could not be processed in or out of their terminals is still being worked through.
When the hack was discovered, wharfies offered to work manually with pen and paper to keep containers moving but management declined.
Dubai Ports' Australian container terminals generated a record $830 million in revenue last year, and their Australian profits increased 140% (a 24% profit margin, up from an already healthy 10%).
The company has not paid any corporate income tax in Australia for the last 8 years despite record profits over that period on a total income of over $4.5 Billion.
Dubai Ports want to make changes to the employment agreement with Australian wharfies that would cut their pay by 32%, revise the rosters to force more weekend and overnight shifts without compensation, and undermine crucial safety and fatigue management standards.
Dubai Ports announced national increases to its container fees by as much as 52 per cent which are due to commence on 1 January 2024. These will contribute to inflationary pressures throughout the economy, yet management claim they can't afford to pay inflation level wage increases to its employees.
Dubai Ports are deliberately derailing negotiations with their Australian workers and provoking industrial action on the waterfront. They want to game the IR system and trigger new intractable bargaining laws they believe will allow them to cut wages and conditions in the middle of a cost of living crisis for workers.
