Main Article Content

Vulnerability of South African Commodity Value Chains to Cyber Incidents


Brett van Niekerk

Abstract

A commodity value chain can be considered the ‘route’ from the source (provider) to the destination (client), including the various modes  of transportation. This will often include some form of road or rail to a port for export to a destination country. Due to the rise in  cybercrime and state-backed cyber operations, these commodity value chains may be disrupted, having a cascading effect down the  value chain. Previous research has considered this a form of economic information warfare, and has indicated that statesponsored cyber  operations to disrupt a commodity intentionally will most likely fall below the threshold of a ‘use of force’ or ‘attack’ under international  law. Subsequently, two pertinent instances of cyber incidents at ports have occurred: the disruption of a major Iranian port, and a   ansomware incident at a major South African freight and logistics state-owned enterprise. 


 


 Following the disruption resulting from the ransomware incident affecting South  African freight organisations, there is a need to analyse  the vulnerabilities of the freight transportation sector further, in particular the ports and associated railways in terms of   malicious cyber interference. Expanding previous research, this article provides a  specific view of the major commodity value chains in  South Africa that are supported by the freight transportation infrastructure, their possible vulnerability to cyber incidents, and the  potential implications thereof. In addition, publicly available information on the responses to the ransomware incident will be discussed  to gauge national readiness in terms of crisis management of a major disruption to the primary trade mechanisms in the country. The  article focuses on identifying single points of failure within the commodity value chain, and employs hypothetical scenarios to illustrate  possible ramifications of a major incident. The port of Durban is shown to the most critical single point of failure overall.  Recommendations include the introduction of a sector-specific computer security incident response team for the freight transportation  sector.


Journal Identifiers


eISSN: 2224-0020
print ISSN: 1022-8136