American Journal of Transportation’s California-based port correspondent Stas Margaronis in a recent video interview with the Port of Los Angeles Executive Director Eugene “Gene” Seroka addressed the cyber security challenges to US ports and specifically to the Port of Los Angeles.
Margaronis:
Seroka:
I think, number one, it's a wake-up call for all of us in the port to supply chain industry. Here at the Port of Los Angeles, we opened up the nation's first cybersecurity operations center back in September of 2014, aided in part by a grant from the United States Department of Homeland Security. Last year, this cybersecurity operations center, or CSOC, as we call it, stopped nearly three quarters of a billion intrusion attempts, an average of about 63 million intrusion attempts per month that we stopped.
Now, the work in this area also led us to create one of the world's first cyber-resilience centers and think of that as an early warning system. It allowed us to bring about two dozen private sector partners in, including our dock workers with the International Longshore Warehouse Union (ILWU), along with marine clerks, board members, and others, to help work together with the private sector to stop intrusions in their spaces. And so far, co-created with IBM, the cyber-resilience center has stopped a half a dozen attacks on the private sector interests that they were unaware were targeting them.
So, this work needs to be replicated across ports throughout the nation. And what we're seeing so far from our CSOC and from the CRC is we see the IP addresses; we see chatter on social media. We can even get into the dark web and see if there's anything sinister happening there. We've got to stay steps ahead of the bad guys and replicating or creating systems in our port network across the country is the number one goal here. We've been talking to the administration about this for a number of years now, and it was great to see that their interest is piqued, and in addition, trying to bring more manufacturing jobs here to the United States in the areas of cargo-handling equipment and the large gantry or shoreside cranes that we employ at our ports across the nation.
Margaronis:
One of the issues that got raised was the matter of the 200 CPSC cranes built by the Chinese manufacturer based in Shanghai. As you're aware, there have been criticisms for several years that container cranes from China posed a hacking threat to our port operations. Those allegations were never taken very seriously, but all of a sudden, they seem to be getting taken a lot more seriously. Can you give us any insights into how the cranes have gotten into the hacking interests of our government?
Seroka:
Well, I'll leave that to the intelligence community. But here on the ground, out of the 81 shoreside cranes that we have at the Port of Los Angeles, which are all owned and operated by our terminal operating tenants, there are 39 CPSC cranes. And in an initiative like this, or with chassis, containers, or other important supply chain assets, being able to diversify sourcing and bringing manufacturing jobs here to the United States are on the table right now. And I think the investment, similar to what we've done with the infrastructure investment of the Jobs Act, the Inflation Reduction Act, and last year's budget authored by the California Legislature and Governor Gavin Newsom, all state at these levels of government, "We want to invest in our supply chain." And those government investments, federal, state, local level, give confidence to the private sector to follow. So, I think there's some good work ahead of us in this area and making sure that our supply chains are safe.
Margaronis:
Are there concerns that you have about the presence of these cranes posing a hacking risk?
Seroka:
Well, safe to say that the cranes collect data. There's analysis that goes along with it. But like so many of today's assets, whether it's our connected cars, our mobile devices, and the equipment that's being used in ports, there is a vulnerability. And that's why we've got to shore up our lines of communication, protect that data like we protect our infrastructure, and make sure we limit any type of accessibility by unauthorized users. So that's the emphasis that we're working on here.
Margaronis:
I talked to one of their cyber experts last year and they tell me that the EU is in the process or may even have enacted legislation that requires companies at a certain level to have cybersecurity plans in place within the companies. Are we going to be hoping for that sort of coverage? And sometime soon?
Seroka:
I haven't seen any designs on that yet. But again, any type of work that we can do to nationalize a port security program along the lines of cyber-protection would be welcome news to us here in Los Angeles. And if there is anyone that wants to visit our facilities or learn from what we have gained from a knowledge perspective, we'd be more than willing to share that last seven, eight years’ worth of work that we've done to get us to this point
Margaronis:
The issue that some people have been seeing is that there's discussion and there's a proposal out there to replace existing cranes with US-built cranes, or at least cranes built by US allies. Is that a prospect that we could be seeing at our ports?
Seroka:
We'll have to see. This is not a transactional business when it comes to purchasing the capital equipment... And realistically speaking, having more competition in the market could lead to better price and better service. And I think part of that also is the American interest in the supply chain. Never before have we been front of mind to so many folks, whether it be the media, our neighbors, or government officials when it comes to supply chain work. And that was really penned by what we've all witnessed during the COVID-19 crisis. So, to have an idea of what can be done better, people who want to invest in this industry, bring more jobs here to America [and] invest in this industry, bring more jobs here to American Shores. I think, again, it’s, a pretty good move and I'll be very curious to see the private sector interest in this space.
Margaronis:
Some people reacted to the President's executive order by saying that there had been inadequate consultations. Were you, members of your maritime security stakeholder group, were you aware of these proposals before they came out?
Seroka:
We're [in] a dialogue with federal officials on a daily basis and sitting on several committees back in Washington on a volunteer basis. These are [the type of] discussions that routinely take place. So, policymakers, legislators, and appointed officials can get a real understanding of what we face in the supply chain, what makes the economy move, what creates jobs, and what's protective of those American interests. So, it's been a lot of work over a long period of time that has been now met with some more interest to see who can get involved and who can invest with us.
Margaronis:
So, this was not a surprise to you?
Seroka:
No, not at all.