LA’s Seroka: Biden’s $20 billion port cyber initiative is “wake up call”

President Biden’s executive order calling for a $20 billion cyber security investment in U.S. ports is “a wakeup call for all of us in the port and supply chain industry,” according to Eugene Seroka, Executive Director, Port of Los Angeles.

On February 20th, the Biden administration announced an executive order:

• That the administration: “will invest over $20 billion into U.S. port infrastructure over the next five years through the President’s Investing in America agenda. As part of that, PACECO Corporation, a U.S.-based subsidiary of Mitsui E&S, is planning to onshore domestic manufacturing capacity for American and Korean production for the first time in 30 years, pending final site and partner selection.”

• The U.S. Coast Guard (USCG) is given the authority to respond to malicious cyber activity by requiring maritime transportation vessels and facilities to shore up their cybersecurity and institute mandatory reporting of cyber incidents. And USCG will also issue a notice of proposed rulemaking to establish minimum cybersecurity requirements that meet international and industry-recognized standards to best manage cyber threats.

• The USCG will announce a maritime security director regarding the security of ports.

At the February 20th White House media briefing, Rear Admiral Jay Vann, Commander of the United States Coast Guard Cyber Command said the order “empowers the Commandant of the Coast Guard to prescribe measures to prevent, detect, assess, and remediate an actual or threatened cyber incident. As we undertake measures to prevent cyber incidents, let me address a specific, acute MTS (Maritime Transportation System) cyber vulnerability … The People’s Republic of China-manufactured ship-to-shore cranes make up the largest share of the global market and account for nearly 80% of cranes at U.S. ports. By design, these cranes may be controlled, serviced, and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation.”

In an interview with AJOT on February 27th, Seroka said that the Biden administration’s announcement was the result of extensive discussions: “We're in dialogue with federal officials on a daily basis and sitting on several … committees back in Washington. … These are discussions that routinely take place, so policy makers, legislators, and appointed officials can get a real understanding of what we face in the supply chain, what makes the economy move, what creates jobs, and what's protective of those American interests. So, it's been a lot of work over a long period of time that has been … met with some more interest to see who can get involved and who can invest with us.”

Asked whether the Biden administration cyber security executive order was a surprise to the U.S. port community, Seroka responded: “No, not at all.”

Seroka said the Biden administration’s proposal to replace ship to shore cranes built by the Chinese manufacturer ZPMC (Shanghai Zhenhua Heavy Industries Company) will create new market and job opportunities for American workers and businesses: “There are 39 ZPMC cranes (at the Port of Los Angeles.) … In an initiative like this, or with chassis, containers, or other important supply chain assets, being able to diversify, sourcing and bringing manufacturing jobs here to the United States are … on the table right now. And I think the investment, similar to what we've done with the Infrastructure Investment and Jobs Act, the Inflation Reduction Act, and last year's budget authored by the California legislature and Governor Gavin Newsom all say that at these levels of government, we want to invest in our supply chain … So, I think there's some good work ahead of us in this area and making sure that our supply chains are world class.”

Asked whether container cranes pose a national security threat, Seroka said: “Well, safe to say that the cranes collect data. There's analysis that goes along with it. But like so many of today's assets, whether it's our connected cars, our mobile devices, and the equipment that's being used at ports, there is a vulnerability. And that's why we've got to shore up our lines of communication, protect that data, like we protect our infrastructure and make sure we limit any type of accessibility by unauthorized users.”

Seroka noted the Port of Los Angeles pioneered port cyber security operations in 2014. He believes the concept ought to be applied at all U.S. ports: “We opened the nation's first cyber security operations center back in September of 2014, aided in part by a grant from the United States Department of Homeland Security. Last year, this cybersecurity operations center, or CSO as we call it, stopped nearly three quarters of a billion intrusion attempts, an average of about 63 million intrusion attempts per month that we stopped. Now, the work in this area also led us to create one of the world's first cyber resilience centers and think of that as an early warning system. It allowed us to bring about two dozen private sector partners in, including our dock workers with the International Longshore and Warehouse Union, along with marine clerks, board members, … and others to help work together with the private sector to stop intrusions in their spaces. And so far, co-created with IBM, the Cyber Resilience Center, has stopped a half a dozen attacks onto private sector interests that they were unaware were targeting them. So, this work needs to be replicated across ports throughout the nation.”