FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration
Durban: As Transnet managers have been forced to take leave in the wake of a cyber attack on the state company, the incident has been described as a matter of national security since critical infrastructure was targeted.
The elevated level of the crime and its delicacy was partly why the degree of the impact was being kept under wraps, according to the Institute for Security Studies (ISS).
In a report yesterday, the ISS also said the cumulative impact of the hack - which hit the container port of Durban, the busiest in southern hemisphere, the most - would cause long-lasting economic damage.
The ISS said it was the first time the operations of South Africa’s critical maritime infrastructure had “suffered severe disruption”.
“Transnet is yet to provide details on the exact scope of the intrusion, but the impact seems widespread. Most importantly, the container-handling facilities at Durban’s port were affected, significantly increasing logistical congestion. Durban hosts the busiest container port in sub-Saharan Africa, handling around 60% of the country’s container traffic.
“The port is also a vital logistics hub for the region, moving raw material exports from Zambia and the Democratic Republic of the Congo,” said Denys Reva, an ISS researcher on the Peace Operations and Peacebuilding Programme.
“The longer-term consequences of the disruption will be more damaging. Transnet and South Africa cannot afford a prolonged crisis or a slowdown in port operations. A 2020 decision to close harbours due to Covid-19 lockdowns was promptly overturned by the Department of Transport when regional exporters considered alternative export routes,” Reva said.
“Two impediments may prevent Transnet from openly sharing the details about what happened. First, the fact that this attack targeted critical infrastructure elevates it to a matter of national security, so public information would be limited. Second, it may be a matter of legal responsibility. It’s common for companies affected by cyber attacks to either limit information about the incident or conceal it if possible to avoid reputational damage.”
Reva said customers were increasingly also seeking compensation for losses from service providers whose businesses are disrupted by cyber attacks.
“A few days after the incident, Transnet declared force majeure across all its container terminals in a move probably taken to absolve itself of liability in line with these concerns,” she said.
Reva added that the number of similar incidents across Africa was expected to rise as maritime ports sought to increase efficiency and effectiveness through digitalisation.
“In this instance, transport infrastructure, especially a harbour, presents lucrative targets for cyber criminals or other hostile actors due to the scope of operations and the many stakeholders involved. Ports are lucrative cybercrime targets due to their scope of operations and the many stakeholders involved,” she said.
“For instance, Kennewick’s port in the United States was hit with a ransomware attack in 2020, disrupting its operations. Hackers accessed the port’s server and demanded a ransom of $200 000 to restore access to data, which the port refused to pay.”
Reva said that unless South Africa urgently improves its port cyber infrastructure security, economic disruptions of this sort may become the new normal.
The Mercury