Fighting Cyberattacks at the Western Hemisphere’s Busiest Port

Ports worldwide are responsible for moving billions of dollars of cargo annually, making them highly visible and vulnerable targets for cybercriminals. For example, in 2023, a port in Japan was the victim of an alleged Russian cyberattack, which disrupted cargo flow and caused shipping delays for nearly two days. In November 2023, one of Australia’s largest port operators suspended operations for three days after hackers accessed their files. These were just two in a series of such attacks against ports and shipping lines over the past several years.

Fighting Attacks at the Busiest Port

As these types of cyberattacks have escalated, the Port of Los Angeles (POLA) – the busiest container port in the Western Hemisphere – has prioritized cybersecurity and protection of its digital assets and infrastructure. POLA experienced about 754 million cyber-intrusion threats in 2023, or an average of approximately 63 million per month, the highest recorded ever. These intrusion threats are nearly double the level of cyberattacks since the onset of the COVID-19 pandemic in 2020.

Although POLA intercepted these cyber attempts, battling the constant barrage of reconnaissance, network exploitation, ransomware, malware, phishing, and credential harvesting has become a complex 24/7 operation. At a port that processes nearly 10 million units of cargo annually, any single and successful nefarious cyberattack could significantly disrupt operations and quickly extend to the broader supply chain.

Fighting cyberattacks is not a new challenge. Over the past decade, POLA has significantly expanded the digitization of its operations. Although this increased use of digital technologies has resulted in more efficiencies and cargo planning capabilities throughout the supply chain, it has also prompted the need to develop more sophisticated systems to protect against cybersecurity risks and disruption threats.

In 2014, POLA set the maritime industry standard for cybersecurity by establishing the nation’s first Cyber Security Operations Center (CSOC) operated by a dedicated in-house cybersecurity team. For almost a decade, the CSOC – part of an overall network of threat intelligence communities, the Multi-State Information Sharing and Analysis Center, and the Federal Bureau of Investigation’s Cyberhoodwatch program – served as a centralized location to proactively monitor network traffic to prevent and detect cyber incidents under port control. In establishing the CSOC, POLA became the first port to earn the certification of ISO 27001 information security management systems (ISMS). The ISO 27001 standard provides companies of any size and from all sectors guidance for establishing, implementing, maintaining, and continually improving an ISMS.

Rolling Out the Cyber Resilience Center

With cyberattacks becoming increasingly frequent and more sophisticated, POLA and IBM rolled out the Cyber Resilience Center (CRC) in 2022. The innovative platform, a first-of-its-kind automated port community cyberdefense solution, allows expanded coordination against cyberthreats among POLA and its supply chain partners.

Envisioned as a “system of systems,” the $6.8 million CRC enables participating stakeholders – such as cargo firms, terminal operators, shipping lines, longshore labor, as well as truck and rail companies – to automatically share cyberthreat indicators and potential defensive measures with each other in real-time. The CRC also allows POLA to receive, analyze, and share information with other cross-sector stakeholders who provide essential support services within the port complex.

Before the CRC, actionable cyberthreat information often took hours, days, weeks, or months to obtain because most data were collected and processed manually. A key benefit of the new platform is its ability to collect and share data in real time within the POLA ecosystem automatically and more accurately.

The CRC’s collaborative approach also has the additional benefit of centralizing threat information for stakeholders, allowing for early detection of potential attacks that otherwise might inadvertently spread and propagate across the supply chain. Participating stakeholders can also use the platform and its information to restore operations following a cyberattack and, as an additional resource, to advise and assist with recovery efforts. The CRC is designed to not be intrusive, disruptive, or burdensome to the stakeholders’ existing security operations and systems.

When a threat by the same threat actors, malware, or techniques may affect two or more stakeholders, the CRC immediately informs all stakeholders. The synthesized and anonymized information provides actionable intelligence for stakeholders to utilize. As an advisory unit, the CRC offers on-demand enriched intelligence and research to assist stakeholders during incidents.

The CRC was a substantial investment and a significant next step in POLA’s cybersecurity strategy, building upon the port’s earlier data protection safeguards. Since its rollout in 2022, it has provided platform users with a new level of awareness and enhanced intelligence, better collective knowledge sharing, and heightened protection against cyberthreats within the supply chain community.

Increasing Need for Cybersecurity Collaboration

As with many issues facing ports and their maritime industry partners worldwide, the need for more collaborative cybersecurity efforts across the supply chain is critical. Adversaries coordinate and share attack tools and information every day. Only through collective and shared knowledge around the issue – including cross sectors of stakeholders that support cargo movement – can ports achieve the necessary cyber readiness and preparedness required in a fast-paced digital world.

The past several years have shown the vital role of ports in the nation’s economy, making it paramount that the digital infrastructure of all ports be kept as secure as possible to ensure no disruptions in cargo flow. Building collective knowledge and working together is how that goal can be achieved.