News / Port of LA sets up digital-security centre as cyber-crime 'goes corporate'

ID 97070175 © Alexandersikov | Dreamstime.com

The port of Los Angeles has taken a decisive step to combat cyber-criminals targeting its ecosystem of users.

It has struck an agreement with IBM Security for the creation and operation of a Port Cyber Resilience Centre that aims to raise the level of protection and automate threat collaboration beyond the port itself to stakeholders involved with cargo flowing through Los Angeles.

Under the three-year agreement worth $6.8m, the technology firm will provide threat intelligence and analysis, set up an open security platform that will enable users to integrate security tools and make data available to them through a single dashboard, enable orchestrated responses through the codification of response processes into dynamic playbooks and provide active support through its threat analysts and sector experts.

“The Cyber Resilience Centre will provide a cutting-edge early warning system to further defend the port and its stakeholders against cyber threats,” said Gene Seroka, the port’s executive director.

“This will result in greater collective knowledge, enhanced data sharing throughout our port ecosystem and help maintain the flow of critical cargo,” he added.

The initiative is an acknowledgement that cybersecurity is not only a matter for individual organisations, but has become a concern for supply chain ecosystems.

Hackers are increasingly targeting these. A study conducted by independent research firm Opinion Matters on behalf of cyber security services firm BlueVoyant, found that, in the past 12 months, 92% of US organisations have experienced security breaches through links to vendors.

The authors found that the average US organisation had been breached 3.1 times over this period, the highest ratio of the five countries surveyed, as Opinion Matters interviewed 1,505 executives in organisations with more than 1,000 employees in the US, the UK, Mexico, Switzerland and Singapore.

Another report has found that 63% of cybersecurity breaches are caused by third-party providers. Specific to supply chains, business data and analysis provider Dun & Bradstreet has warned that cyber threats to these have been on the rise and occur at multiple levels of organisations.

And according to a report published by the Center for Strategic and International Studies (CSIS) and computer security firm McAfee, hackers have moved from targeting specific computers or users to whole organisations, sometimes using human operators to make their attacks more effective.

The Covid-19 pandemic has been a catalyst for accelerated criminal activity targeting supply chains – as disruptions forced companies to find alternative suppliers at short notice, many skimped on thorough scrutiny of the new vendors’ cybersecurity arrangements in a rush to keep supplies flowing.

Moreover, as employees started working from home, their own cybersecurity measures were sometimes not as strong as their company’s, rendering them more vulnerable to malware reaching them from suppliers and other partners in the supply chain.

While this calls for heightened vigilance and better defence processes, many companies are woefully unprepared. The BlueVoyant study found only 31% of respondents were monitoring their whole supply chain, 33% had no way of knowing if a threat emerged and 27% assessed their vendors’ cyber risk position bi-annually or less frequently.

According to some observers, it is not uncommon for vendors’ security profiles not to be reviewed until their contract is up for renewal.

There is also much confusion over who should be responsible for cyberthreats through supply chains. According to BlueVoyant, 54% of US organisations think the CISO is in charge, while 27% attach risk to the CIO and 10% to the chief procurement officer. This not only weakens a company’s defences but also creates issues around allocation of budgets and resources.

BlueVoyant COO Jim Penrose said: “Overall, the research findings indicate a situation where the large scale of vendor ecosystems and the fast-changing threat environment is defeating attempts to effectively manage third-party cyber risk in a meaningful way. Visibility into such a large and heterogenous group of vendors is obscured due to lack of resources and a continuing reliance on manual, point-in-time processes, meaning real-time emerging cyber risk is invisible for much of the time.

“For organisations to make meaningful progress in managing third-party cyber risk and reduce the current concerning rate of breaches, they need to be pursuing greater visibility across their vendor ecosystem and achieving better context around alerts so they can be prioritised, triaged and quickly remediated with suppliers,” he added.

The fall-out from cyberattacks is often drastic. According to the CSIS/McAfee study, the average ransomware attack keeps a company’s systems off the internet for 18 hours, and the financial fall-out from the disruption is often greater than the ransom demanded. In testimony to the US Senate, Bill Siegel, CEO of ransomware recovery firm Coveware, said these costs could be five to 100 times larger.

The CSIS/McAfee study estimates global losses from cyber-crime are $945bn this year, almost double the $500bn recorded in 2018.