Event: Cyberattack, 2021

In July 2021, a cyber-attack against Transnet, which operates major South African ports and most of its railway networks, disrupted container operations at the ports of Cape Town and Durban (Heiberg T. & Blair E., 2021).

Causes and impact21

The cyberattack targeted Transnet, the local port operator, and caused the disruption (Shabalala Z. & Heiberg T., 2021). One amplifying factor consisted of country-wide civil unrest and violence, which occurred the week before the cyberattack.

Transnet was forced to declare force majeure after the cyber-attack. Port workers were obliged to manually track ship movements and use a paper-based clearance process for cargo at ports, including Durban. Processing time for imports increased significantly at the Port of Durban, which accounts for 60 per cent of Southern Africa’s containerized trade.

A significant build-up in containerized cargo was observed after the port resumed operations a week (Africa News, 2021). Refrigerated container cargo was most affected as the ports ran low on reefer plugs to store backlogged cold chain cargo. One of the effects of the riots following the cyber-attack in mid-July is that importers of chilled and frozen products lost 40,000 tons of cold storage capacity in the wake of the riots. Manual processing of shipments led to grain carriers experiencing delays and to the re-routing of some bulk and container vessels, resulting in longer transit times and delays. Other privately operated port terminals not directly affected by the cyber-attacks also faced congestion and the diversion of some ships away from South African ports. Copper and cobalt from the Democratic Republic of Congo and Zambia; import flows of the southern African region were also negatively impacted, but hinterland operations remained mostly unaffected.

Response and mitigation measures

The port public operator, Transnet, led the crisis management (Goddard E., 2021). The Incident response team oversaw the rebuilding of the active directory server, and the deployment of the Microsoft E5 security stack was fast-tracked. All older operating systems have been upgraded and fully patched before being brought back online. A web access firewall, reverse proxy and anti-distributed denial of service system (DoS) for all public web sites was deployed by the ICT team.

In 2020, Transnet adopted measures to address congestion and inefficiencies at port/hinterland connections. These included acquiring new equipment and increasing the number of gangs working to ease the flow of both vessels and trucks. These measures were taken to help clear any backlogs that may have resulted from the disruption, as well as improve cargo handling performance and mitigate congestion (Transnet, 2021).

Lessons learned and good practice

  • Recruit employees with the necessary skills to counter cybersecurity threats and provide training in the field of threat awareness and prevention of risks (Reva D., 2020).
  • Long-term cyberthreats mitigation measures must rely on industry-wide digital cooperation, strong public support, and regional financial investments in IT infrastructure (Raballand G. et al, 2012). For example, Interpol’s African Cybercrime Operations Desk, in partnership with the African Union, Afripol, law enforcement communities and private stakeholders, developed a joint strategy to set up a cybercrime intelligence unit and promote good cybersecurity practices. African Union member states need to agree on a joint security plan and adopt relevant national laws, to ensure compliance with the latest IMO guidelines for cybersecurity for vessels (BusinessTech, 2021).
  • Avoid the compounding effects of a cyber-attack on IT-dependent equipment, business processes, Human Resources and terminal gate.





21 This section also draws upon USDA (2021).