Cyber Incident Victim: Western Australia

On November 10, 2023, DP World Australia detected a cybersecurity incident affecting its container terminal operations in Sydney, Melbourne, Brisbane, and Fremantle, prompting an immediate shutdown of landside port access that evening. The company restricted all truck movements in and out of its laydown areas to contain the breach while initiating an internal investigation. By November 11, the Australian Federal Police had launched a formal investigation into the incident, with the Australian Signals Directorate’s Cyber Security Centre providing technical assistance to DP World. The federal government activated the National Coordination Mechanism (NCM) at noon on November 11, invoking the crisis management framework previously used during COVID-19 and the 2022 Medibank data breach. Home Affairs Minister Clare O’Neil confirmed regular briefings were occurring between DP World and government agencies to assess operational impacts.

National Cyber Security Coordinator Darren Goldiem warned the disruption would persist for multiple days, affecting Australia’s import and export logistics chains. While DP World’s ship-loading cranes remained operational in Fremantle, landside truck movements at all four terminals were suspended, creating bottlenecks for cargo distribution. Fremantle Ports clarified that only DP World’s landside operations were impaired, with rival operator Patrick Terminals unaffected. DP World maintained restricted network access to protect employee and customer data, though no specifics about data compromise or attacker methods were disclosed. The NCM convened stakeholders from federal, state, and industry sectors to coordinate responses, scheduling a follow-up meeting for November 12. Historical precedents showed the mechanism had addressed floods, supply chain disruptions, and prior cyber incidents, though the current port closure marked one of Australia’s most significant operational disruptions linked to a cybersecurity event.