Infrastructure protectionU.S. ports vulnerable to cyberattacks

Coast Guard Commander Joseph Kramek say that the U.S. largest ports are vulnerable to cyberattacks. In a new study he wrote while at the Brookings Institution, Kramek says that there is a justified concern about   the vulnerability of computer networks which help move energy, food supplies, and other goods.

The L.A. Times reports that Kramek examined the ports in Los Angeles and Long Beach, Baltimore, Houston and Beaumont in Texas, and Vicksburg, Mississippi, on the Mississippi River.

“The research shows that the level of cyber security awareness and culture in U.S. port facilities is relatively low,” Kramek wrote.

Potential attackers “could be someone trying to cause mischief, a criminal gang or, the worst case, a nation-state actor,” Kramek told the Times in a telephone interview.

According to Kramek’s report, a cyberattack at a major U.S. port would quickly cause significant damage to the economy.

Kramaek warns that the flow of commerce  “would grind to a halt in a matter of days; shelves at grocery stores and gas tanks at service stations would run empty,” and a halt in “energy supplies would likely send not just a ripple but a shock wave through the U.S. and even global economy.”

Kramek says that some steps have been taken to bolster cybersecurity, but that more need to be done.

The Port of Los Angeles, which is the U.S. largest port, has used a $1.6 million grant to boost the protection of its computer networks, and the port in Long Beach spent $35 million to build a secure communications infrastructure.

This is a lot of money, but the two ports have not done nearly enough, says Kramec. The port in Long Beach currently does not have a written cybersecurity directive or response plan in case an attack occurs.

The study says that the Port of Los Angeles leases “27 terminals, warehouses and facilities to more than 300 private entities, and it has little visibility on the security of the networked systems that ensure the uninterrupted flow of the more than 8 million containers it handles each year.”

“The largest port in the U.S. has not conducted a cyber security vulnerability assessment, nor does it have a cyber incident response plan,” Kramek wrote.

Port officials have disputed some of the study’s conclusions.

“We have the latest cyber security technologies,” Port of Long Beach spokesman Art Wong told the Times  in an e-mail. “We patch all of our systems on a regular basis. We continuously train our users on cyber security best practices.”

John Holmes, the deputy director for operations at the Port of Los Angeles, said Kramek’s conclusions were “relatively accurate,” but that a vulnerability assessment is underway.

Kramek said it would be a good idea for Congress to put the Coast Guard in charge of enforcing compliance with  cybersecurity standards at U.S. ports, and that  DHS should allocate more money to address the port cybersecurity vulnerability problem.

— Read more in Commander Joseph Kramek, The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities (Washington, D.C.: Brookings Institution, July 2013)