22 CYBER SECURITY CYBER SECURITY 23A How Trafigura Put Its Cyber Security To The Test The global commodities trading firm replicated the NotPetya worm, strengthened it and then unleashed it on its production environment to assess its ability to fight back Mark Swift was sitting in his third floor cyberattacks. Trafigura manages more “The difficult thing is you don’t have a Deconstrucing NotPetya replicate NotPetya by deconstructing corporate assets could be included. office at global commodities trading than $54 billion in assets and moves way to test. Working on assumptions it and then reconstructing it,” says Then we built in various other safe- firm Trafigura in the Mayfair district over $170 billion per annum of commo- is not a good way to be measuring It was one of Trafigura’s lead engineers Whitehouse. guards, such as the rate at which of London’s West End when he first dities around the world by ship, barge, your defenses.” that first suggested testing how well it could propagate so it would not started hearing reports about Not- truck, rail and pipeline. the company’s defenses would stand Swift’s team and NCC Group started overload the system. We did three full Petya, a computer worm attack. The There was only one way to be sure: up to the NotPetya worm under the work in November of 2017. “We environment tests before we even got worm rapidly spread around the world do the unthinkable. With the help of controlled circumstances. Swift liked decided to rewrite the worm so we near the production and were confi- in June, 2017, crippling multinational NCC Group, a global firm specializing the idea and approached NCC Group. knew exactly what every line of code dent that the controls could do what companies including global shipping in cybersecurity and risk mitigation, They struck an agreement: If the cy- did,” says Swift. “We discovered a co- they said they are going to do.” company Maersk, pharmaceutical Swift hatched a plan to replicate the bersecurity firm could help develop ding mistake in the way it moved and giant Merck, FedEx’s European subsi- Notpetya worm, strengthen it, and a replica of the worm Trafigura would stole tokens and the way it scanned. It diary TNT Express, French construc- then unleash it on the company’s test it and- if all went well – NCC wasn’t as efficient in moving as it mi- Getting Sign-Off tion company Saint-Gobain, food production environment, with the full could use the case as a reference to ght have been so we corrected those producer Mondelez, and manufacturer support of the CEO and the board. sell the service to other big corporate mistakes to make it even stronger.” Getting the company’s leadership to Reckitt Benckiser, among others, The audacious move was deemed clients. The team also installed kill switches sign-off was an important part of the causing an estimated $10 billion + in to be an acceptable risk because to ensure the worm didn’t proliferate process. Trafigura stores and delivers damages. Trafigura had standardized the way it Oliver Whitehouse, NCC Group’s outside of Trafigura’s network and ac- the commodities it trades, which “It was clear there was a major pro- exercises cyber hygiene, something Global Chief Technology Officer, cidently infect suppliers and partners. includes approximately six million blem; we got a very early understan- the World Economic Forum’s Centre remembers the first discussion about The process was supposed to take barrels of oil a day. In order to buy the ding that something was going on that For Cybersecurity has been encoura- replicating Notpetya with Swift, whom three months but took a year. assets that it later trades it has establi- was much more significant than the ging companies to do. he has known for 20 years. “We were shed access to credit from 155 banks. usual ransomware but no one had a coming off a busy summer in the U.K. “The complex bit was having the It has to manage credit risks, legal clear picture of what was happening,” Swift, a speaker at The World Econo- We had two major worms, the last of confidence that the controls would risks, IT risks and liquidity risks and says Swift, Trafigura’s Chief Informa- mic Forum’s Centre For Cybersecu- which was NotPetya. Mark [Swift] was work and that it would not go awry all of these risks are integrally linked. tion Security Officer. “There was a rity’s annual meeting in Geneva last getting questions from his chief execu- and be disruptive,” says Whitehouse. “We are a high volume, low margin bu- huge amount of confusion and quite November, agreed to an interview tive about whether it would have an “ We worked on the principle that if siness,” explains Christophe Salmon, a bit of angst. It was incredible that with The Innovator in the hopes that impact on Trafigura. Mark could just there was any doubt the first instruc- Trafigura’s Chief Financial Officer. so many companies were being hit at Trafigura’s experience will help other say ‘we think our controls would limit tion was to shut itself down, ensuring “Our business is based on arbitrage, the same time and extremely worrying While Swift believed the company was large enterprises better prepare their the impact’ but it was very much a that it would only spread to computer we fight for the last cent per barrel. because you can’t defend against what reasonably safe he could not quantify cyber defense. theory and he could offer no definitive networks directly under Trafigura’s Any basis point matters in terms of you don’t understand.” the risk. “The questions I kept asking assurance. When he outlined that he control. There were key systems in the protection of our margins. If the inte- myself is how does the worm get in, would like to run this test to quantify industrial operations technology in grity of our system was compromised Swift’s job it is to ensure the company how does it move and would our de- the risk I told him ‘we can do that.’ areas such as mining and fuel termi- it would have consequences in being can effectively play defense against fenses hold out?” he says. I had the confidence that we could nals that had to be excluded but all the able to conduct our business and in