Port of Los Angeles calls for Cyber Resilience Center

Dive Brief:

The Port of Los Angeles is developing a plan for a Cyber Resilience Center that would allow it to share information among multiple supply chain partners, including shipping lines, terminal operators, railroad companies and the trucking industry, the port said in a press release.
The port announced the plan at a cybersecurity roundtable Wednesday that included more than a dozen stakeholders. There will be a second meeting to discuss the plan either this summer or later in the fall, Phillip Sanfield, a port spokesperson, told Supply Chain Dive in an email.
"In partnership with our maritime industry stakeholders, we have the opportunity to enhance the ability of the port ecosystem to see cyber threats on the horizon and improve information sharing to help manage respective, and collective, cyber risk," Gene Seroka, the executive director of the Port of Los Angeles, said in a statement.

Dive Insight:

The Port of Los Angeles is intimately familiar with the challenges cyber attacks can create. In 2017, the Nyetya attack (also called NotPetya and Petya) worked its way into Maersk's computer network in Europe and resulted in the company shutting down operations at some of its terminal operations, which included the largest terminal at the Port of Los Angeles. Maersk took a noticeable financial hit as a result. CEO Søren Skou said it cost the carrier between $250 million to $300 million, though the company didn't expect there to be any long-term impact.

More recently, the Port of San Diego was affected by a cyberattack that resulted in limited access to some records, according to The San Diego Union-Tribune.

The Port of Los Angeles launched a Cyber Command Center in 2014. "The Port is continuing to improve and mature its cyber program," Tony Zhong, the port's then-acting Chief Information Security Officer told PC Mag in 2016. "Working in cyberspace is like a cat and mouse game. We need to be able to adapt and respond quickly to attack techniques used by cyber adversaries."

The Cyber Command Center is just focused on the port's infrastructure, while the proposed Cyber Resilience Center would include multiple sectors.

The American Association of Port Authorities' (AAPA) most recent "State of Freight" report found 85% of the organization's members expect "direct cyber or physical threats to their ports to increase over the next 10 years." The same survey found ports have identified nearly $4 billion in projects respondents say would be necessary to adequately increase physical and cybersecurity between 2019 and 2028.

Many ports get funding for these kinds of upgrades through a federal grant program called the Port Security Grant Program issued by the Federal Emergency Management Administration. But this fund tends to receive about $100 million in funding every year, and the ports are outlining needs totaling closer to $400 million per year, according to John Young, the director of freight and surface transportation policy at AAPA.

“We do identify cyber clearly as an issue and from an industry perspective, people are doing what they think they need to do to address it as a threat to their port, to their region," Young told Supply Chain Dive.

And The Port of Los Angeles' structure as a landlord port could put it in an even more difficult position. While the port has its own systems, the individual terminal operators have theirs, too. Bringing shipping lines, marine terminal operators, railroads and the trucking industry together under one organization, as LA is suggesting, could help to share information between these different parties.

"With shipping, with ports, with maritime it’s more interactive," Young said. "It’s multimodal, meaning there’s many modes that connect to ports, and I think that’s indicative of the challenges that we have with cyber."