A container vessel is off-loaded in the Port of Los Angeles. "The largest… (Al Seib / Los Angeles Times )
WASHINGTON — America's largest commercial ports have failed to shore up defenses against potential cyber attacks, a new study contends, raising concerns about the vulnerability of computer networks that help move energy, foodstuff and other goods to market.
Coast Guard Cmdr. Joseph Kramek, who spent a year as a fellow at the Brookings Institution, examined some of the nation's most heavily used ports: Los Angeles and Long Beach; Baltimore; Houston and Beaumont in Texas; and Vicksburg, Miss., on the Mississippi River.
"The research shows that the level of cyber security awareness and culture in U.S. port facilities is relatively low," Kramek wrote.
Potential attackers "could be someone trying to cause mischief, a criminal gang or, the worst case, a nation-state actor," Kramek said in a telephone interview.
The ports of Los Angeles and Long Beach — the country's largest and second largest, respectively — have taken some defensive steps. Los Angeles used a $1.6-million grant to protect its computer networks from hackers, and Long Beach spent $35 million to build a secure communications infrastructure.
But neither has done all it should, Kramek wrote.
The Port of Los Angeles leases "27 terminals, warehouses and facilities to more than 300 private entities, and it has little visibility on the security of the networked systems that ensure the uninterrupted flow of the more than 8 million containers it handles each year," the study says.
"The largest port in the U.S. has not conducted a cyber security vulnerability assessment, nor does it have a cyber incident response plan," Kramek wrote.
A vulnerability assessment is underway, said John Holmes, a former Coast Guard officer who is deputy director for operations at the Port of Los Angeles. He called Kramek's conclusions "relatively accurate," and said authorities take cyber threats seriously.
The Port of Long Beach has no written cyber security directive or response plan, the study says. But port officials disputed some of the study's claims and conclusions.
"We have the latest cyber security technologies," Port of Long Beach spokesman Art Wong wrote in an email. "We patch all of our systems on a regular basis. We continuously train our users on cyber security best practices."
At the Maryland Port Administration, which runs the Port of Baltimore, "the cyber security culture is not high," the study says.
Officials disputed that assessment. "In a nutshell, we feel this is a very misleading report," said Richard Scher, spokesman for the Port of Baltimore.
A disruption at a major U.S. port could quickly affect the economy, Kramek warned. The flow of commerce "would grind to a halt in a matter of days; shelves at grocery stores and gas tanks at service stations would run empty." A halt in "energy supplies would likely send not just a ripple but a shock wave through the U.S. and even global economy."
Kramek urged Congress to put the Coast Guard in charge of enforcing cyber security standards for ports, and said the Department of Homeland Security should steer more money to enhance the ports' cyber security.