House Committee signs off on port cybersecurity bill

Legislation focused on addressing cybersecurity concerns at United States ports was recently passed by the House of Representatives Homeland Security Committee.

The legislation came in the form of the reintroduction of a bill from Rep. Norma J. Torres (D-CA), entitled H.R. 3101 the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act.

The impetus for this bill stemmed from a global cyber-attack, a malware virus known as “notPetya,” over the summer that led to a shut down of the largest terminal at the Port of Los Angeles.

“The most recent cyber-attack revealed serious vulnerabilities in our nation's maritime security, so I was pleased the Homeland Security Committee voted to approve my bill and to address these weaknesses before it’s too late,” said Torres in a statement. “With more than $1.3 trillion in cargo moving annually through our nation’s 360 commercial ports and the increased use of cyber technology to manage port operations ranging from communication and navigation to engineering, safety, and cargo, it is critical to protect our nation’s maritime cyber infrastructure.”

The main objectives of the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act are to improve information sharing and cooperation in addressing cybersecurity risks at U.S. ports. One key objective is doing this is to require the Secretary of Homeland Security to establish voluntary guidelines for reporting of cybersecurity risks, to develop and implement a maritime cyber security risk model, and to make recommendations on enhancing the sharing of cyber information.  And it also requires the Commandant of the Coast Guard to direct Area Maritime Security Committees to ensure area maritime security and facility security plans address cybersecurity risks.

On October 30, a bipartisan Homeland Security Committee field hearing, entitled “Examining Physical Security and Cybersecurity at our Nation’s Ports,” was held at the Port of Los Angeles.

Gene Seroka, executive director at the Port of Los Angeles, said at the hearing that the port is especially sensitive to the needs for cybersecurity protection, because the port and the rest of the maritime shipping industry is becoming increasingly reliant on digital industrial infrastructure.

Taking that a step further, he explained that in 2014 POLA established the first Port Cyber-Security Operations Center, which, he said, is managing an unprecedented level of attacks at a rate of more than 20 million cyber intrusions per month, of 7-to-8 attacks every second on average. Citing Maersk Line, who was seriously impacted by the notPetya attack at POLA, he called it a “call to arms,” which requires moving more swiftly to address cross-sector risk.

As for the cumulative impact the cyberattack had on Maersk at POLA, Seroka said it severely impacted Maersk’s operations both globally and at the port.

“The reverberations of that attack were felt here at the Port of Los Angeles, where one of the largest terminals shut down out of an abundance of caution,” he said. “Recent reports indicated the incident cost Maersk over $300 million.”