24CYBER SECURITY 25 WHAT TRAFIGURA DOES the daily reporting to our financial partners,”, a factor that could impact Trafigura’s access to both credit and its liqui-“I paused for a moment dity. “This was why, in discussing with Mark, testing the strength and integrity of our system – and identifying any and wondered potential vulnerabilities – was so important,” says Salmon.‘What on earth am I Unleashing The Wormdoing?’ before giving On November 8th, 2018 the worm was unleashed. Swift, SOURCESTORE BLEND DELIVER together with Trafigura’s lead engineer, Whitehouse and an the green light. And NCC Group developer huddled around a group of compu- ter screens. “We looked at each other and said ‘shouldthen we waited for the Negotiates off-take It stores petroleum It blends physical It moves commodities by we run it?’, remembers Swift. “I paused for a moment and agreements with oil products at owned and commodities to barge, truck, rail, pipeline wondered ‘What on earth am I doing?’ before giving thehavoc to begin.”producers, refiners, third-party tankage. regional, market and and vessel in support of green light. And then we waited for the havoc to begin.”mining companies and It stores metals and owner specifications its core trading activities Thirty minutes went by. Nothing happened. Then the worm smaleters. It owns mines minerals at terminals in strategically located and for third parties. found its way in through an unpatched computer in and smelters and ivnests and third party-owned terminals and warehouses Switzerland and exploited that entry to gain privileges. At The value of the test data can’t be overstated, he says. in logistics that improve facilities.around the world. that point the team thought it would spread like wildfire. Trafigura used it to make adjustments to its network. market access for its But to their surprise it didn’t, due to a security configu-“This one configuration change by Trafigura significantly suppliers. ration Trafigura had made that they had not fully appre-disrupts the speed at which worms can propagate even if ciated. So the team launched different scenarios, purpo-they sely infecting different ‘patient zeros’ increasingly notching can access highly privileged systems,” says Whitehouse. To up the level of exposure. Eventually a misconfiguration in Swift’s great relief unleashing the worm in this controlled a software development network lit the fuse and the worm manner had no operational impact on the business. None started to spread aggressively throughout the develop-of the company’s computer users noticed a thing. ment environment, moving from machine to machine and location to location. “We tracked the various ways the worm jumped between systems and were able to create a Key Takeaways things to standard.” good map and a good understanding of its speed and its ferociousness,” Whitehouse says.NCC Group is eager to run similar tests for other bigOne of the key takeaways from the test was that having corporates but so far there have been no other takers. Al- hard data and being able to really measure risk is key, though a number of big companies have expressed interest says Swift. Trafigura thought that being 99.9% compliant in doing so they have had trouble getting internal sign-off. in some areas was good enough. It was not. “So now we Whitehouse says that often organizations think they have a understand that and if anybody says we are being overly picture of what their computer networks look like. Howe- cautious we can demonstrate why we need to do what ver, 99% of the time this does not reflect reality. Knowing we do. We believe it is worthwhile to get better at testing who is connected is one of the first things a company has and measuring the effectiveness of security in our internal to do to ensure its cyber security. The map needs to be network, but is only worth doing if you also have an appe- accurate “at any point in any week,” he says. “When I ask tite to introduce major controls.” what is on their network, who is responsible for it, what each device does and what business operation it underpins Swift says he has no illusions. Controls or no controls the they look at me quizzically and say they don’t know. If you attacks will keep coming. The next worm, the next virus, don’t know then you don’t know what your risk is. You have is likely to be more virulent. And no matter how good its to understand the material risks before you can unleash cyber defense is, Trafigura – like any other company on the tests like Trafigura’s.” planet – will have to continue to be vigilant in the never- ending battle to keep its systems safe. Swift agrees. “One of the reasons why we were more capable of running this was we know where the edge of J.L.S. our network boundary is,” he says. “You have to fundamen- tally understand how many machines you have and where they are to be able to sign off on something like this. We spend a lot of time standardizing our environment because we believe you need to do things to standard and enforce