In an unprecedented move, Transnet Port Terminals (TPT) declared force majeure on Monday following the ongoing fallout from a cyber attack last week which hit the entire Transnet Group, South Africa’s state-run ports operator and freight rail monopoly.
While the group has tried to play down the hacking – initially describing it as a “disruption on its IT network” – TPT’s confidential force majeure letter to customers on Monday confirmed that it is “an act of cyber-attack, security intrusion and sabotage”.
Cyber attack: Union wants ‘decisive action’ to protect Transnet
Cyber hack hits Transnet’s operations
Moneyweb has a copy of the force majeure notice and its veracity has been confirmed by several Transnet and logistics industry sources.
The letter is titled ‘Declaration of force majeure for Transnet Port Terminals container terminals in the Ports of Durban, Ngqura, Port Elizabeth and Cape Town – confidential notice to customers’. It was sent out by TPT chief executive Velile Dube.
This confirms a major blow for Transnet Group, with TPT being one of its biggest and most important divisions.
TPT operates the container handing facilities at Durban – sub-Saharan Africa’s busiest container port – as well as container terminals in Cape Town and the Eastern Cape ports of Ngqura and Port Elizabeth.
Websites still down
On Monday, the websites of Transnet and its divisions were still offline – for the sixth day.
The group had resorted to a manual system in an effort to continue to operate key divisions, such as TPT. However, with further trucking delays, especially at the Port of Durban (which handles over 60% of South Africa’s container traffic), TPT seems to have had no option but to institute “force majeure” on Monday.
“This serves as notice of declaration of Force Majeure event, which occurred on 22nd July 2021 and continues to persist, when Transnet, including TPT, experienced an act of cyber-attack, security intrusion and sabotage,” the letter states.
It adds that this has “resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information”.
“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage. Transnet is implementing all available and reasonable mitigation measures to limit the impact of this compromise,” the letter further states.
“Accordingly, TPT hereby invokes the provisions of clause 11.1 read together with clause 11.2.11, of the TPT Conditions of Trade and as TPT is prevented from, or delayed in performing any of its obligations under such Conditions of Trade or such commercial agreements in respect of the Container sector, hereby gives notice of an FM [force majeure] Event declaration with immediate effect,” Dube explains in the notice.
Vital links taken out of the supply chain by unrest and looting
No major improvement in Durban Port efficiencies, says organised business
“TPT’s [relief] from liability stipulated herein will remain in full force and effect despite the implementation of the mitigation measures detailed herein,” he adds.
“In keeping with the provisions of clause 11 of the TPT Conditions of Trade, TPT has put certain mitigation measures in place to ensure operations at the container terminals are still running albeit slower than expected.”
“One such measure is to ensure that a manual system has been put into place for the loading and discharge of containers. Further, in the event that any damage occurs during operations customers will be notified using a manual process which will be confirmed via email as soon as TPT systems are up and running again,” it notes.
Dube gave further details of how TPT would be treating berthing as well as imports and exports at the affected container terminals while the IT system remains offline.
Public Enterprises Minister Pravin Gordhan is yet to comment publicly on the cyber attack at Transnet, but Moneyweb understands that he has had urgent meetings with Transnet executives, including group CEO Portia Derby, regarding the issue.
Gordhan’s department also has the issue of Mango Airlines going into business rescue this week to deal with.
Down to two planes, Mango should’ve been in business rescue with SAA
Mango Airlines to enter business rescue, says SAA interim CEO
With questions swirling on whether the Transnet hacking was linked in any way to the recent riots, looting and sabotage in KwaZulu-Natal and parts of Gauteng, acting Minister in the Presidency Khumbudzo Ntshavheni initially said during her briefing on the situation in KwaZulu-Natal last Thursday that government was investigating if the two were related.
However, in her briefing on Friday, she said that government did not believe the security breach at Transnet is linked to the unrest.
Transnet group spokesperson Ayanda Shezi issued a statement on Tuesday saying: “Significant progress has been made in restoring Transnet SOC Ltd IT systems, with most of the affected applications up by Monday 26 July 2021.”
She conceded that TPT had issued a force majeure notice on 26 July 2021 to customers, for the period from 22 July 2021. However, Shezi noted that the force majeure “is expected to be lifted soon”.
“It is expected that some applications may continue to run slowly over the next few days, while monitoring continues. All operating systems will be brought back in a staggered manner, to minimise further risks and interruptions,” she explained.
“At the ports, each container terminal has communicated its transition plan from manual operation to the full Navis-driven operation [Navis is a container handling software operating system that TPT uses]. The terminals are berthing vessels as planned and facilitating loading and discharge operations with the shipping lines,” she added.
“We will continue to work directly with shipping lines in order to facilitate maximum import evacuation and further exports planned for future vessels. Controls have been developed, in conjunction with the shipping lines and the SA Revenue Services’ [Sars] customs division to ensure safe clearance and evacuation of each container,” Shezi pointed out.
Meanwhile, Shezi stressed that salaries of Transnet employees have been processed on schedule.
“There was never a doubt that as an organisation we will not honour our obligation to our employees,” she said.
Shezi further noted that the business continuity plans at Transnet Freight Rail (TFR) enabled the division to continue “utilising manual backup operations, and run trains as planned”.
She assured stakeholders and customers that all processes followed allow for the safe operation of trains.
“We have requested customers with cross-border traffic and where the Sars clearance process is applicable, to submit hard copies of the Sars clearance documentation with their consignment noted at the Order Entry Office/Terminals. This will assist in the manual system application to authorise the departure of trains,” she said.
“Transnet will continue to engage and collaborate with affected customers. A further update will be provided once full operations resume,” Shezi added.