[This is very strange, and as a computer programmer this interests me. Who would do this and why? They knocked out the Transnet computer network and kept it down for 6 days! Unless of course, Transnet were just too stupid to actually fix the original attack! Unless the attack happened and did so much damage that they took about a week to recover. That is possible. Transnet runs the entire railway system of South Africa and all the ports. So who did this? I'm thinking it has to be linked to the Zuma Riots. That is my guess. This might be another aspect of the Zuma attacks. They might have found and paid for someone to do this. This is therefore something further. That, from my viewpoint is the most likely thing that happened. Jan]
‘Security intrusion and sabotage’ a major blow, but group now says ‘significant progress has been made in restoring Transnet SOC Ltd IT systems’.
In an unprecedented move, Transnet Port Terminals (TPT) declared force majeure on Monday following the ongoing fallout from a cyber attack last week which hit the entire Transnet Group, South Africa’s state-run ports operator and freight rail monopoly.
While the group has tried to play down the hacking – initially describing it as a “disruption on its IT network” – TPT’s confidential force majeure letter to customers on Monday confirmed that it is “an act of cyber-attack, security intrusion and sabotage”.
Moneyweb has a copy of the force majeure notice and its veracity has been confirmed by several Transnet and logistics industry sources.
The letter is titled ‘Declaration of force majeure for Transnet Port Terminals container terminals in the Ports of Durban, Ngqura, Port Elizabeth and Cape Town – confidential notice to customers’. It was sent out by TPT chief executive Velile Dube.
This confirms a major blow for Transnet Group, with TPT being one of its biggest and most important divisions.
TPT operates the container handing facilities at Durban – sub-Saharan Africa’s busiest container port – as well as container terminals in Cape Town and the Eastern Cape ports of Ngqura and Port Elizabeth.
Websites still down
On Monday, the websites of Transnet and its divisions were still offline – for the sixth day.
The group had resorted to a manual system in an effort to continue to operate key divisions, such as TPT. However, with further trucking delays, especially at the Port of Durban (which handles over 60% of South Africa’s container traffic), TPT seems to have had no option but to institute “force majeure” on Monday.
“This serves as notice of declaration of Force Majeure event, which occurred on 22nd July 2021 and continues to persist, when Transnet, including TPT, experienced an act of cyber-attack, security intrusion and sabotage,” the letter states.
It adds that this has “resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information”.
“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage. Transnet is implementing all available and reasonable mitigation measures to limit the impact of this compromise,” the letter further states.
“Accordingly, TPT hereby invokes the provisions of clause 11.1 read together with clause 11.2.11, of the TPT Conditions of Trade and as TPT is prevented from, or delayed in performing any of its obligations under such Conditions of Trade or such commercial agreements in respect of the Container sector, hereby gives notice of an FM [force majeure] Event declaration with immediate effect,” Dube explains in the notice.
“TPT’s [relief] from liability stipulated herein will remain in full force and effect despite the implementation of the mitigation measures detailed herein,” he adds.
“In keeping with the provisions of clause 11 of the TPT Conditions of Trade, TPT has put certain mitigation measures in place to ensure operations at the container terminals are still running albeit slower than expected.”
“One such measure is to ensure that a manual system has been put into place for the loading and discharge of containers. Further, in the event that any damage occurs during operations customers will be notified using a manual process which will be confirmed via email as soon as TPT systems are up and running again,” it notes.
Dube gave further details of how TPT would be treating berthing as well as imports and exports at the affected container terminals while the IT system remains offline.
Public Enterprises Minister Pravin Gordhan is yet to comment publicly on the cyber attack at Transnet, but Moneyweb understands that he has had urgent meetings with Transnet executives, including group CEO Portia Derby, regarding the issue.
Gordhan’s department also has the issue of Mango Airlines going into business rescue this week to deal with.
With questions swirling on whether the Transnet hacking was linked in any way to the recent riots, looting and sabotage in KwaZulu-Natal and parts of Gauteng, acting Minister in the Presidency Khumbudzo Ntshavheni initially said during her briefing on the situation in KwaZulu-Natal last Thursday that government was investigating if the two were related.
However, in her briefing on Friday, she said that government did not believe the security breach at Transnet is linked to the unrest.
Transnet group spokesperson Ayanda Shezi issued a statement on Tuesday saying: “Significant progress has been made in restoring Transnet SOC Ltd IT systems, with most of the affected applications up by Monday 26 July 2021.”
She conceded that TPT had issued a force majeure notice on 26 July 2021 to customers, for the period from 22 July 2021. However, Shezi noted that the force majeure “is expected to be lifted soon”.
“It is expected that some applications may continue to run slowly over the next few days, while monitoring continues. All operating systems will be brought back in a staggered manner, to minimise further risks and interruptions,” she explained.
“At the ports, each container terminal has communicated its transition plan from manual operation to the full Navis-driven operation [Navis is a container handling software operating system that TPT uses]. The terminals are berthing vessels as planned and facilitating loading and discharge operations with the shipping lines,” she added.
“We will continue to work directly with shipping lines in order to facilitate maximum import evacuation and further exports planned for future vessels. Controls have been developed, in conjunction with the shipping lines and the SA Revenue Services’ [Sars] customs division to ensure safe clearance and evacuation of each container,” Shezi pointed out.
Meanwhile, Shezi stressed that salaries of Transnet employees have been processed on schedule.
“There was never a doubt that as an organisation we will not honour our obligation to our employees,” she said.
Shezi further noted that the business continuity plans at Transnet Freight Rail (TFR) enabled the division to continue “utilising manual backup operations, and run trains as planned”.
She assured stakeholders and customers that all processes followed allow for the safe operation of trains.
“We have requested customers with cross-border traffic and where the Sars clearance process is applicable, to submit hard copies of the Sars clearance documentation with their consignment noted at the Order Entry Office/Terminals. This will assist in the manual system application to authorise the departure of trains,” she said.
“Transnet will continue to engage and collaborate with affected customers. A further update will be provided once full operations resume,” Shezi added.