State-owned Transnet did not pay any ransom to cyber criminals that targeted its IT systems last month.
That was the word from public enterprises minister Pravin Gordhan, who yesterday provided an update on reforms at the rail, port and pipeline company.
He said the purpose of the briefing was to inform the public about events that occurred over the past month or so at Transnet.
On 22 July, Transnet revealed it had suffered a “disruption” of its IT systems. The following day, it said it had identified and isolated the source of the disruption to its IT systems.
However, on 30 July, the company said it had managed to fully restore port operations.
It pointed out the main system responsible for the container operations, the NAVIS N4 terminal operating system, had been fully restored and customers were able to access the customer links to facilitate imports and exports.
The remaining systems will continue to be brought up in a staggered manner to minimise further risks and interruptions, it said.
In his briefing yesterday, Gordhan said Transnet had managed to restore about 90% of its IT systems.
“The month of July has been an eventful one for Transnet. Of course, Transnet is a very vital cog in the logistics network of South Africa. As such, it constitutes a key part as what is often referred to as the network industries of South Africa.
“Despite the many disruptions that Transnet has confronted, those disruptions have not interrupted the company to a great degree,” he said.
Gordhan also lauded how it was able to restore its IT systems urgently.
“Transnet demonstrated that it has skills and capabilities to identify exactly the target of the attack; to very quickly shut down the systems; and that all the operating systems like the NAV system, which manages the containers, was secured and safe.
“Transnet was also able to take a tremendous amount of agility and a set of operational measures which ensured that within 24 to 36 hours, the ports began to operate with some semblance of movement.
“So, as we currently stand, on average, about 90% of all of the IT systems of the corporate sector, the freight rail, port terminals, Transnet Engineering, and the pipelines are now fully recovered and the appropriate security measures have been taken.”
The minister also revealed that no ransom was paid after the attack and investigations continue.
“What is noteworthy during this period was the immediate meetings that we convened with the relevant CEOs of the participating businesses and all of them were tremendously supportive to ensure the port operations would return to normality as quickly as possible.
“There are some interesting lessons that I learnt during this period about the different time periods during which different role-players work. Some work just an eight-hour day; others work a 24-hour day. In the current period, there is a lot of talking among the role-players to synchronise some of those factors so that port efficiency and operations are a lot more effective.”
According to Gordhan, the recovery of the system shows the methodology used by Transnet was very much in line with world-class standards.
However, he said, there will still be challenges to be faced in the aftermath of the cyber attack.
“We want to give praise to the leadership in the IT department at Transnet for their agility – some of them didn’t sleep for three days in a row in order to make sure the systems were fully secure. They have demonstrated a huge amount of commitment to Transnet and the national economy,” he noted.
Following the incident, Transnet Port Terminals declared force majeure.
As a result of disruption, Transnet could not provide the services it usually provides, which include loading and offloading containers from ships.
Transnet, whose ports, railways and pipelines are critical infrastructure and crucial to the functioning of South Africa’s economy, declared force majeure on the same day as the attack.
Share