Skip to main content

South African Port Victim of Cyberattack: Week Ahead

Recent cyberattacks have intensified the spotlight on supply chain networks that have become increasingly dependent on technology.

Attacks on supply chain infrastructure can cripple an already stressed situation. The biggest threat is ransomware, a cyberattack in which hackers steal files and encrypt them for release back to the owner only after a ransom payment has been made. And the most vulnerable supply chain touchpoints are with manufacturers, suppliers and service providers. In January, disgraced fashion mogul Peter Nygard’s businesses were targeted in a ransomware attack. Nygard was indicted in December 2020 on charges that include racketeering and sex trafficking, among other related crimes arising from a decades-long pattern of alleged criminal conduct.

Transnet SOC Ltd. on Tuesday declared “force majeure” at its key container terminals in South Africa because of disruptions caused by a cyberattack on July 22.

Force majeure, or “act of God,” clauses are included in contracts to eliminate liability in the event of an unforeseen catastrophe or disaster. And the Transnet declaration appears to be the first time a port-related has invoked the clause, raising questions over other port operations that might be impacted by future unforeseeable disruptions down the road.

Transnet is a state-owned logistics firm that runs South Africa’s rails, ports and pipelines. The force majeure impacts its port terminals in Durban, Ngqura, Port Elizabeth and Cape Town harbors. A Bloomberg report said the terminals experienced what has been described as a “cyberattack, security intrusion and sabotage,” citing a Transnet memo. It wasn’t immediately clear what was the extent of the data security breach or the source of the attack.

Some Transnet systems were back up and running on Monday, the day before the cyberattack disclosure, and other operations are being put back on line on a staggered basis where possible. The systems are still not fully operational, six days after the cyberattack. Four days after the company’s declaration, Transnet still hasn’t lifted the force majeure.

Related Stories

The closures have meant delays in the deliveries of goods, and congestion is reportedly building since the gates to ports are reportedly closed and trucks can’e move in either direction, according to a CNBC report.

While Transnet is the latest victim of criminal activity on the cyber front, it is by no means the only one. In early June, a ransomware attack on meatpacker JBS forced its U.S. beef plants to halt operations while the company rushed to restore operations. That in turn caused a spike in meat prices for beef and pork. Before the JBS hack, the Washington, D.C. Metropolitan Police Department also was impacted by a ransomware attack that resulted in unauthorized access of personal information of employees in May. The month of May also saw the cyberattack of the Colonial Pipeline, impacting the transportation of fuel.

The problem is only getting worse. Early July saw the hacking of software firm Kaseya, which resulted in the infection of over 1,500 firms just before the start of the July 4th holiday weekend in the U.S.

Many of those attacks have been attributed to Russian criminal gangs. That in turn led to U.S. President Joe Biden at a summit in Geneva in June to tell Russian President Vladimir Putin that he had a responsibility to rein in the attacks. Biden even indicated the 16 infrastructure sectors—from energy to water—that should be free from hacking.

On July 21, a bipartisan Cyber Incident Notification Act was unveiled that would mandate some firms to tell the Department of Homeland Security when systems have been compromised. The requirement mostly impacts federal agencies and contractors, as well as critical infrastructure firms. The legislation was introduced by Senate Select Committee on Intelligence chairman Mark Warner (D-Va.), vice chairman Marco Rubio (R-Fla.) and senior member Susan Collins (R-Maine). The bill also includes a provision that would limit the liability of firms reporting security breaches, such as barring shareholders from gaining access to any disclosed information for use in connection with a lawsuit.