U.S. ports lack key cyber tools

U.S. seaports are missing two crucial things when it comes to cybersecurity: constructive information-sharing with private companies at risk for attack and a robust network to handle it.

That's what the executive director of the Port of Los Angeles, Eugene D. Seroka, said during his testimony before the House Homeland Committee Monday at a field hearing held in San Pedro, Calif., the site of the busy Port of Los Angeles.

"[We need] the ability to formally bring in private sector interests…share best practices, alert other partners of vulnerabilities, and have a systematic way of processing that information through expertise and the movement of data. That would be the number one ask," Seroka said when asked what the government should be investing in right now for port security.

The second thing, Seroka said, is funds to expand the Port of Los Angeles cybersecurity center fiber ring so it can "envelop the ports' entity in its whole" 7,500 acres of facilities and act as "another firewall to those private sector entities that are facing commerce every day and potential threats." In theory, the private entities could also access the fiber ring to enhance information sharing.

Seroka acknowledged that his requests, which could be replicated at ports across the country if successful, required additional resources but wouldn't name a number.

"I think it would be inappropriate to respectfully ask for a specific dollar amount today. But as we come to you with new ideas and new ways by which we can expand this fiber ring and create a more collaborative environment of sharing information from the federal level down to our international counterparts and our customers, it will take some very creative looks at how we can model this not only here for Los Angeles-Long Beach but how it will have impacts beyond."

The Port of Los Angeles, ranks 19th in the world for container volume and handles 18 percent of U.S. commerce, faces seven to eight cyberattacks per second, Seroka said during his testimony Monday. Those attacks range from denial of service attacks, breaches, botnet and malware attacks. 

The global NotPetya cyberattack in June hit shipping goliath Maersk, including operations at the Port of Los Angeles, which cost the firm between $200 million and $300 million worldwide in lost revenue. The company was forced to temporarily halt shipping operations while it addressed tech problems.

Besides additional resources to beef up security, there also has to be a culture change when addressing cyber risk management, said U.S. Coast Guard Commander Rear Adm. Todd Sokalzuk, who also testified Monday.

"We really have to instill a culture of cyber risk management," which means "sharing information, sharing the results of a vulnerability assessment, and making everybody aware of what you're seeing on your systems," he said, adding that the Guard already established that practice in maritime security committee meetings. Sokalzuk also said the Coast Guard recently published guidance on cyber protections at facilities.

Seroka also said there needed to be established rules of engagement when it comes to information sharing, and even though "government's overreach in the cybersecurity center could be a concern" for private entities, enhanced collaboration is needed to compare best practices and information of intrusions.

Committee Chairman Rep. Michael McCaul (R-Texas) agreed, saying while the Maersk attack "was not a direct attack on the Port of Los Angeles but next time it could be…And I think we need to be prepared for that."