Los Angeles is home to the nation's busiest port, moving $276 billion worth of goods last year. It's a big target for hackers as shippers increasingly rely on automated systems.
Every month there's about 40 million attempted cyber security breaches, port officials said. That includes everything from spam to malware fishing to more serious incidents that could halt shipments for much of the West Coast.
Back in 2017, a ransomware attack on Danish shipping giant A.P. Moller-Maersk, which has the region's largest terminal at the port, cost the company an estimated $300 million and slowed vessel movements on terminals for about two days in Los Angeles.
It's those kinds of incidents that officials are trying to stop before they happen.
Six years ago the port created a cybersecurity center — the nation's first — and on Monday announced it entered into a three-year, $6.8 million agreement with IBM to install, operate and maintain what it's calling a "Port Cyber Resilience Center" to identify malicious cyber attacks that can interrupt the flow of cargo.
The initiative has become especially pressing as the port pushes toward digitizing information about cargo movements and terminals automate their operations, bringing in waterfront robots to stack shipments.
"Automation and digital transformation is what's driving a lot of this," said Kevin Albano, a partner at IBM Security X-Force, the cybersecurity services arm.
Cybersecurity attacks on the maritime industry are up about 400% since the pandemic began, according to a report from Alianz.
Most of the attacks come through email, Albano said.
"It's pretty tough to defend against. Actors are getting better at knowing their targets" he said, adding that phishing emails can look like they really come from someone within the organization. "There's a lot of information out there about individuals from previous breaches."
About a third of ransomware engagements that IBM Security X-Force has responded to in 2020 came from Asia and North America.
The center was created to function as an alert system to link the port — which leases its land to international shipping companies — to the dozens of companies that rely on it. Those include shipping operators and logistics businesses that ferry truckloads of goods to major retailers from Amazon to Target to Home Depot.
Albano said information about security and intelligence will be shared on a closed network that includes 20 port partners and will eventually extend to about 100 in the coming years.
The Maersk attack, called NotPetya, was eventually traced to a compromised tax-accounting software widely used in Ukraine. NotPetya exploited a vulnerability in unpatched Microsoft Windows operating systems. The damaging attack struck thousands of companies around the world including U.S. pharmaceutical-maker Merck.
A former White House security official told Wired in 2018 the attack cost a total of more than $10 billion and pinned the blame on Russia.