From: Richmond Times-Dispatch
America’s largest commercial ports have failed to shore up defenses against potential cyberattacks, a new study contends, raising concerns about the vulnerability of computer networks that help move energy, foodstuff and other goods to market.
Coast Guard Cmdr. Joseph Kramek, who spent a year as a fellow at the Brookings Institution, examined some of the nation’s most heavily used ports: Los Angeles and Long Beach, Calif.; Baltimore; Houston and Beaumont, Texas; and Vicksburg, Miss., on the Mississippi River.
“The research shows that the level of cybersecurity awareness and culture in U.S. port facilities is relatively low,” Kramek wrote.
Potential attackers “could be someone trying to cause mischief, a criminal gang or, the worst case, a nation-state actor,” Kramek said.
The ports of Los Angeles and Long Beach — the country’s largest and second largest, respectively — have taken some defensive steps.
Los Angeles used a $1.6 million grant to protect its computer networks from hackers, and Long Beach spent $35 million to build a secure communications infrastructure.
But neither has done all it should, Kramek wrote.
The Port of Los Angeles leases “27 terminals, warehouses and facilities to more than 300 private entities, and it has little visibility on the security of the networked systems that ensure the uninterrupted flow of the more than 8 million containers it handles each year,” the study says.
“The largest port in the U.S. has not conducted a cybersecurity vulnerability assessment, nor does it have a cyber-incident response plan,” Kramek wrote.
A vulnerability assessment is underway, said John Holmes, a former Coast Guard officer who is deputy director for operations at the Port of Los Angeles. He called Kramek’s conclusions “relatively accurate” and said authorities take cyberthreats seriously.
The Port of Long Beach has no written cybersecurity directive or response plan, the study says. But port officials disputed some of the study’s claims and conclusions.
“We have the latest cybersecurity technologies,” Port of Long Beach spokesman Art Wong wrote in an email. “We patch all of our systems on a regular basis. We continuously train our users on cybersecurity best practices.”
At the Maryland Port Administration, which runs the Port of Baltimore, “the cybersecurity culture is not high,” the study says.
Officials disputed that assessment. “In a nutshell, we feel this is a very misleading report,” said Richard Scher, spokesman for the Port of Baltimore.
A disruption at a major U.S. port could quickly affect the economy, Kramek warned.
The flow of commerce “would grind to a halt in a matter of days; shelves at grocery stores and gas tanks at service stations would run empty.” A halt in “energy supplies would likely send not just a ripple but a shock wave through the U.S. and even global economy.”
Kramek urged Congress to put the Coast Guard in charge of enforcing cybersecurity standards for ports, and said the Department of Homeland Security should steer more money to enhance the ports’ cybersecurity.
Leave a Reply