Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

Port cyber security: Securing the nation's digital borders

November 6th 2017
Homeland Security Committee examined LA Ports' cyber protection and vulnerabilities at field hearing
On the heels of an eventful summer that saw America’s ports impacted by a cyber attack in June and a car chase end in the Los Angeles marina complex in August, the US House of Representatives’ Committee on Homeland Security hosted a bipartisan field hearing on Oct. 30 at the Port of Los Angeles’ Harbor Administration Building to examine maritime and cyber security.

The panel featured members of the committee and US Congress members who serve the Los Angeles area. Representatives of the US Coast Guard, Customs and Border Patrol, the Port of Los Angeles, the Port of Long Beach and the International Longshore & Warehouse Union (ILWU) gave testimonies regarding port security.

“America’s port system is an industrial engine that drives much of our economic success,” said Michael McCaul, chairman of the Homeland Security Committee. “Currently, US seaports support 23 million American jobs and […] 26 percent of our economy. […] These ports will only continue to remain busy as our trade volume is expected to quadruple by 2030. […] We must make sure they are not susceptible to attacks from our enemies. Unfortunately, America’s adversaries are constantly looking for ways to strike our country with cyber attacks. As our port systems increasingly benefit from new technology and advanced computer systems, they also find themselves in the crosshairs of international hackers.”

The ports
The Port of Los Angeles is the nation’s busiest container harbor, and the Port of Long Beach is the nation’s second-busiest. Together, both seaports handle goods to and from every one of the country’s 435 congressional districts, which accounts for more than 40 percent of the nation’s imports and 30 percent of its exports, according to Gene Seroka, executive director of the Port of Los Angeles.

All told, both ports have an economic impact in excess of $311 billion and are responsible for more than 3 million jobs throughout the country.

Cyber attack
In June, the Port of Los Angeles briefly shut down as a result of a cyber attack that affected A.P. Moller–Maersk Group, the largest container ship and supply vessel operator in the world, and multiple sites and business units globally, including the Ukraine, India, Australia and the United States.

The virus, Petya, led to a brief shutdown of the Port of Los Angeles and wiped out huge volumes of data, costing nearly $300 million in economic damage, according to McCaul.

“I worry about the destructive nature of this virus and the attack,” McCaul said. “[…] I know the offensive capability of Russia, China, Iran and North Korea. And I think what happened in June demonstrates how vulnerable our ports can be to this type of cyber attack.”

In response, the House of Representatives passed reauthorization on Oct. 23 to amend the Customs-Trade Partnership Against Terrorism (C-TPAT) program and address current industry practices and threats to global supply chains.

McCaul said that, the very next day, the House moved legislation that requires the implementation of a risk-assessment model, which would focus on cyber security and risks at America’s ports.

Moreover, in July, Republicans and Democrats passed a comprehensive reauthorization with the Department of Homeland Security (DHS) through bipartisan vote to improve the readiness and defensive capabilities of the US Coast Guard and the TSA. The priority is to create a mechanism for port operators to share cyber-threat information and best practices, McCaul said.

Chairs of the 9/11 Commission, Tom Kean and Lee Hamilton, have recently called an assent to pass the reauthorization, which McCaul said needs to get to President Donald Trump’s desk and signed into law.

McCaul questioned Seroka about the extent of damage the cyber attack in June caused and the recovery process.

Seroka pointed out that the attack itself was not directly targeted at the Port of Los Angeles. The impact of the virus, however, caused the port’s largest terminal to shut down for several days and move to manual operations. Seroka estimated that, during that time, the port was moving about 10 percent of the cargo it normally would on any given day.

“Everything, as we know it today, was slowed down tremendously,” he said.

Seroka said part of the solution is to collaborate with the port’s private-sector companies, or lessees, and compare best practices.
In 2014, the Port of Los Angeles established the Cyber Security Operations Center, which Seroka said thwarts 20 million cyber-intrusion attempts per month– an average of seven to eight attacks every second.

He proposed expanding the center and working in response to the needs of the private sector.

“The recent cyber attack on Maersk and AP Moller Terminals was a call-to-action for all of us,” Seroka said. “We know that we must move swiftly to address cross-sector risk. […] To that end, we recommend continued and focused engagement with the broader maritime industry.”

The Port of Long Beach has a similar cyber-security defense system. Mario Cordero, executive director of the Port of Long Beach, said the port’s Information Management Division successfully prevents 30 million threats a month.

Securing maritime cargo
Carlos Martel, director of field operations at the Los Angeles Field Office for US Customs and Border Protection (CBP), and Todd Sokalzuk, rear admiral of the US Coast Guard, both discussed maritime-cargo security measures as they pertain to their respective branches.

Martel said the CBP’s Container Security Initiative (CSI) allows it to partner with foreign authorities to identify and examine potentially high-risk cargo before they are placed in vessels.

He said there are currently 60 CSI ports that pre-screen 80 percent of all maritime-containerized cargo imported into the United States. Advanced non-intrusive inspection equipment, including X-ray and gamma-ray imaging systems, are also placed at domestic and foreign seaports.

“Radiation-portal monitors enable CBP to scan nearly a hundred percent of all arriving maritime containerized cargo for the presence of radiological or nuclear materials,” Martel said. “Basically, detection and imaging systems enable CBP officers to examine cargo conveyances, such as sea containers, without physically opening or unloading them.”

Rep. Nanette Diaz Barragan, who serves California’s 44th congressional district, questioned whether it was a security risk that the CBP does not pre-screen or X-ray 100 percent of the cargo.

“I don’t think that it does,” Martel answered. “I think we have a very robust targeting system. […] As part of the [US Customs 24-hour Advance Cargo Manifest Declaration Rule], we’re able to get information about the cargo 24 hours before it boards the vessel.”

Ron Estes, who represents Kansas’s 4th congressional district and serves on the Homeland Security Committee, inquired if there are any plans to open more CSI ports in the future.

Martel said CBP is always looking to expand its reach with container-security initiatives, but did not express an immediate need for such an expansion. He also said staffing at any future CSI ports would depend on logistics and agreements with foreign government.

In his opening remarks, Rep. Bennie Thompson, ranking member of the Homeland Security Committee and who serves Mississippi’s 2nd congressional district, said the National Treasury Employees Union (NTEU), which represents frontline CBP officers in the ports, reports that there are up to 3,500 vacancies– calling it an unacceptable shortage.

He said Coast Guard resources are similarly strained, citing the commandant of the Coast Guard as saying that there were 500 smuggling events last year of which intelligence was aware but were unable to respond to because of a lack of assets.

Sokalzuk echoed Thompson’s statements during his own testimony, in which he said the Coast Guard’s aging major cutters limit its ability to respond to the smuggling of illicit narcotics and illegal aliens.

“Critical acquisitions like the offshore patrol cutter are essential to our long-term success in our fight against transnational criminal organizations,” he said.

McCaul chimed in and said the estimates are that the Coast Guard can only hit one out of three targets. McCaul asked what the Coast Guard is successfully detaining on the nation’s shores.

Sokalzuk said a record amount of cocaine– about 100 pounds more than the previous year– has been detained in 2017 thus far, adding that the Coast Guard was able to achieve the feat without a Navy presence.

“We’re only getting a portion of that,” he said. “Some estimates are 20 to 30 percent of the flow, so that should tell you how much is actually flowing into the country at this point.”

Physical security
In August, a high-speed chase, which began 60 miles away in the Inland Empire, ended at the Port of Los Angeles, where the suspect exited his vehicle, climbed a large crane and eventually fell to his death.

“I was surprised a car could get onto the port and could do this,” said Barragan, who asked Seroka what security procedures have been placed as a result of the incident.

Seroka said the nature of the chase was unpredictable. He said the driver, upon arrival at the port complex, began to follow traffic and turned into a specific terminal, a gate that is open for ILWU workers.

Seroka noted that the Los Angeles Port Police Force responded and met the suspect within three minutes and 20 seconds upon notification of the breach.

The suspect fell to his death soon after.

“What we have done in the time since then […] is that we fortified the gate at that facility but also created different paths of cargo entry and personnel and visitor entry with credentialed individuals,” Seroka said. “That facility and others under evaluation, prior to the incident, were already at or above US Coast Guard standards for entry and exit.”

He said the port would continue to address similar issues. During his testimony, Seroka requested the federal government assist the port police in training and equipment funding.

Cordero detailed the Port of Long Beach’s physical security, which includes a 24/7 command-and-control center that is the primary hub for coordinated security efforts.

He said the port has a monitoring network of more than 400 cameras, a comprehensive fiber-optic network and an integrated security management system for synchronized monitoring and quick-threats detection. There is also access control and alarm monitoring, boat patrols, radar systems, vessel-tracking systems and sonar equipment.

“We see value in deepening the level of engagement with global partners and utilizing big data to target those containers that pose a concern,” Cordero said. “[…] Landside security is also of critical importance. The port is extending additional layers of protection by developing analytics and sensors to better forecast the landside movement of goods to and from the port.”

Ray Familathe, international vice president of the ILWU, a labor union that primarily represents dock workers on the West Coast of the United States– primarily in Hawaii and Alaska– criticized the Transportation Worker Identity Credential Program (TWIC), calling it a “costly failure.”

Familathe said TWIC, required by the Maritime Transportation Security Act for workers who need access to secure areas of the nation’s maritime facilities and vessels, costs $300 to $500 per person to apply and renew credentials over a 10-year period. Moreover, he said the federal government spends millions of dollars on staffing the program and processing paperwork.

“Yet, despite the spending of hundreds of millions of dollars on TWIC, no attacks have been identified as having been stopped by TWIC,” Familathe said. “No experts cite TWIC as an impediment to future terrorist attacks on American ports. TWIC does produce one result– hardship for waterfront workers.”

He suggested using the money invested in TWIC on programs that benefit CBP officers and cargo inspection.

“Not only does a stronger inspection force improve security, it makes ports more efficient,” Familathe said. “[…] We also question the need for more spending on cameras. The Port of Los Angeles alone has 700 cameras linked to its security center, and other ports are equally saturated. Would it not be wise to invest our money in closing the real gaps in security? The ILWU believes the threat from cyberattacks is such a gap. This includes hacks to the TWIC data systems. TWIC data can reveal not only personal information, but it shows the work patterns of thousands of waterfront workers. That is how I value information to anyone planning a terrorist attack on a port.”

The committee said it would look into alternatives.

After the hearing, the committee gave closing remarks outside of the Port of Los Angeles’ Harbor Administration Building.

Rep. Alan Lowenthal, who serves California’s 47th congressional district, said one of the major objectives is to illustrate the importance of cyber security and the consequences if work at the ports ceased.

He noted the importance of the Port Security Grant Program, which is a port-security fund that was originally cut by 50 percent in President Trump’s proposed Fiscal Year 2018 budget. The funds were re-instituted in July, per the House of Representatives.

“So, in part, what we do is educate each other and educate the nation, not only in terms of the dangers with cyber-debt security that might be if there really was an attack, but, really, with the importance of the ports,” Lowenthal said. “If the ports do well, the nation does well.”