Hack attack: How the Port of L.A. faced down 60 million cyber-intrusions
The executive director of the Port of Los Angeles provided a remarkable detail about the threat posed to American infrastructure by cybercriminals and other enemies. “In the month of June alone, we stopped more than 60 million cyber intrusion attempts here,” Gene Seroka said at a news briefing.
60 million intrusions?
“It’s one of the biggest issues that we work on every day,” Seroka said in answer to my question about protecting ports. “We now average 54 million cyber-intrusion attempts per month and we’ve stopped all of them.”
Not every port has been so lucky. In early July, the port of Nagoya, Japan, was victimized by a reported Russian ransomware attack, in which infiltrators block access to files or operations and then demand a payoff. It’s not clear what happened in Nagoya, but several terminals at the port appeared to be shut down for more than a day. Officials needed time to restore deleted data, Bloomberg reported.
I asked Port of LA spokesman Phillip Sanfield about the scope of the threat to his operation because 60 million intrusions is an unfathomable number. Are they targeted by different groups, or is it one criminal continually hitting an enter key? I mentioned that I delete phishing texts from my phone regularly, but how does an organization get attacked 60 million times?
“That number includes everything, from the spam/phishing attempts that you get at home (multiplied by the 900 employees we have here) to any kind of other threats,” Sanfield said. He declined to offer further details at the request of the port’s cybersecurity officials.
The Port of LA created what it said was a first-of-its-kind Cyber Security Operations Center in 2014. Last year, the port and IBM opened a collaborative Cyber Resilience Center to share cyber-threat information with supply chain partners, including cargo firms, terminal operators, shipping lines, the dockworkers union, and truck and rail companies. The Cyber Resilience Center has stopped 12 unknown cyber-intrusion attempts directed at private-sector partners, Seroka said. “We have to stay steps and steps ahead of the bad guys.”
Ports are potentially attractive targets to criminal gangs as well as nefarious nation-states because they are complex operations staffed by many different organizations. It takes a lapse by only one employee to invite trouble. Like other major components of the supply chain, the impact of a port being shut down would be felt quickly throughout the economy. Recall how the 2021 ransomware attack on the Colonial Pipeline quickly led to East Coast jet fuel shortages and panic buying by consumers.
“There are constant threats to our ports in the form of vulnerabilities, ransomware, and more that can cause hours if not days of impact,” industry analyst Bryan Ware explained last year. “The ripple effect from these can cause significant effects to companies, consumers, whole industries and more.”
This feature first appeared in issue 39 of ChainMail.