Questions raised in Australian parliament about port cyber security

Questions have been raised in the Australian parliament about port security and offshoring at a fully automated terminal in Melbourne.

In question was the offshoring of security gates, automatic stacking cranes, and terminal operating systems at the Victorian International Container Terminal (VICT), Webb Dock, Melbourne to Manila.

Speaking to the Senate Estimates Committee, Senator Kimberley Kitching asked the Department of Home Affairs Deputy Secretary, Security and Resilience, Paul Grigson whether some critical functions had been outsourced.

Grigson took the questions on notice on 21 October and made a commitment to get back to the senator promptly. SAS contacted Home Affairs, which had yet to respond on 8 November.

VICT is a fully owned subsidiary of International Container Terminal Services Inc (ICTSI) of the Philippines. In December 2015, ICTSI announced to the Philippines Stock Exchange and media it had set up Asia Pacific Business Services (APBS) to service its regional and global operations. An ICTSI/APBS job advertisement for landside support staff posted on the internet earlier this year sought workers “to provide assistance to truck drivers through virtual communications tools” using the gate operating system (GOS) and terminal operating system (TOS).

Questions Kitching raised focused on possible security gate breaches at the Melbourne terminal.

“If you are a truck driver, you show up at the Port of Melbourne and your entire interaction would be someone who is in Manila, The Philippines, correct?” Kitching asked. “I guess the question is without physical verification, what is to stop multiple drivers from using the same card?”

Raising the spectre of cyber crime, Kitching asked if there was any oversight of the cyber-security infrastructure and measures employed by company’s Manila operations onshore, in Australia.  Had Home Affairs done an audit of the Port of Melbourne?

“We do the audits, but I don’t know if we have done that asset,” Grigson replied.

A security breach brought the Maersk/APM global shipping and port empire to a standstill in 2017, Kitching noted.

“Are you concerned that running many critical functions of the Port of Melbourne offshore, where we have little or no oversight, puts it at a greater risk of a similar data breach?” she asked.

A SAS and BIMCO cyber security white paper released September 2019 noted the June 2017 cyber security breach at Maersk global ports also affected shipping.

“It proved that there is no guaranteed defense against an attack. The approach changes from an if-it-happens problem to a when-it-happens problem,” Maersk cyber-security expert Lewis Woodcock told those attending the 2019 SAS/BIMCO roundtable.