South Africa’s Information Technology infrastructure could be at risk after Transnet attack 

Please find attached a soundbite by Ghaleb Cachalia MP.

While we grapple with minimal disclosure from the Department of Public Enterprises or the SOE surrounding the crippling cyber-attack on Transnet, South Africa could potentially be facing a national shutdown on its Information Technology (IT) infrastructure.

A failure to isolate the origin of the attack creates a host of imponderables, most notably, the extent to which the perpetrators are prepared to go. Now that they have successfully crippled our ports, there is no telling which vital national function they will attack next.

Nor does it help that we have a dysfunctional security cluster that has essentially abdicated on its responsibility to protect national security.

The responsibility to address this national cyber threat now falls squarely in the President’s Office. As head of the National Security Council, President Cyril Ramaphosa should immediately issue a directive to map out the scope of the cybersecurity threat and draw up measures to stop it from spreading beyond Transnet.

Since the attack on Transnet’s IT infrastructure was first reported last week, the Minister of Public Enterprises, Pravin Gordhan, has been unacceptably quiet. The depth of Cabinet’s dysfunctionality is evidenced by the responsible ministers’ inability to comment or act in the face of an attack on the country’s economic and logistical spine.

Transnet’s declaration of force majeure across all its container terminals, a week after the attack is indicative of a major event, confirming that this was not an isolated incident, but an industrial scale breach meant to cause maximum damage – damage which has the potential to spill over into other key areas: Transnet’s IT systems are interconnected with SARS and Customs and the cumulative effect has the potential to paralyse economic activity.

The DA has previously requested information from Transnet with regard to: what the extent and effect of the attack was; what is being done to mitigate effects and ensure non repeat thereof; how this came about; who was responsible; when a return to normalcy can be expected; and how customers are being accommodated. We await with urgency, sight of the President’s announcement – in view of his minister’s silence –  to detail the steps being taken to protect the country’s IT infrastructure. The nation needs this assurance.