Featured Image Source:  KPCC

From 1916-1945, this was the Upper Reservation of Fort [MacArthur in San Pedro, CA] and operation post for the defense of the [Los Angeles] Harbor against enemy attack from the sea.  The site housed four batteries, each secured under 12 feet of concrete, and with walls from 16-30 feet thick.
Each battery housed a giant 14-inch seacoast gun, called a disappearing rifle, capable of firing 14 miles.

(Image Source:  Fort MacArthur Military Museum – SanPedro.com – San Pedro, California

 

In February, we provided further analysis of the impact of Covid-19 and resilient supply chains – with a focus on the Ports of Los Angeles/Long Beach and their role in the strategic impact of global intermodal supply chain gridlock on IT supply chains.

As a follow-up to this analysis, this recent item from the OODA Loop Daily Pulse on Monday, July 25h caught our eye: “Cyber-Attacks on Port of LA Double.”  Historically, from a national security perspective, this port infrastructure in south Los Angeles has always been a geopolitical target.  In fact, the Los Angeles Harbor was #2 on the Japanese attack list after Pearl Harbor.

How is this historical threat vector extending into cyber in 2022?

“Gene Seroka, executive director at the Port of Los Angeles, told the BBC World Service over the weekend that the facility is being bombarded with around 40 million attacks each month.

‘Our intelligence shows the threats are coming from Russia and parts of Europe. We have to stay steps ahead of those who want to hurt international commerce,’ he told the service.

‘We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo.’

Ransomware, malware, spear phishing, and credential harvesting attacks are apparently among the threats being targeted at the facility, which is the busiest port in the western hemisphere.” (1)

In anticipation of these increased cyber attacks, the Port of Los Angeles and IBM launched in February of this year the first-of-its-kind Cyber Resilience Center.  And, according to Phil Muncaster from Information Security Magazine, the threat is global and there is a precedent for cyber incidents at the Port of Los Angeles:  “In late December last year, the US Coast Guard warned of a ransomware attack on an unnamed facility, disrupting operations for over 30 hours.  Then in February, oil terminals at some of Europe’s biggest ports were taken out by ransomware.”  (1)

OODA Network Member John P. Sullivan is a retired lieutenant with the Los Angeles Sheriff’s Department, specializing in emergency operations, transit policing, counterterrorism, and intelligence. He is currently an Instructor in the Safe Communities Institute (SCI) at the Sol Price School of Public Policy, University of Southern California.  Sullivan also received a lifetime achievement award from the National Fusion Center Association in November 2018 for his contributions to the national network of intelligence fusion centers.

In 2013, John led a seminal wargame exercise on the Ports of Los Angeles and Long Beach.  The exercise was sponsored by the InterAgency Board (for Emergency Preparedness and Response) with DHS participation and included the innovative use of geospatial data in partnership with the Louisiana National Guard (which had unique cyber threat capabilities at the time of the wargame).

I checked in with John to get his point of view on the doubling of cyber-attacks on the port operation:

Daniel Pereira: What do you make of this news item John?

John Sullivan:  It tells me one thing: this cyber activity from Russia syncs up really well with the events in Ukraine.  It makes sense that the increased cyber-attacks would not be from the Chinese – because attacking the Ports of Long Beach and Los Angeles is like the Chinese attacking themselves. Cosco (China Ocean Shipping Company) has a major presence at the port and a huge percentage of the import traffic at the port is from China.

Pereira:  Over the course of my career, when I see a metrics-driven update like this one – on a trend I have been tracking over a 10-to-20-year timeframe – I usually think:  “Well, based on the scenario we ran 10, 20 years ago, that metric is about right and right on time.  At the same time, the metric is usually a ‘pointer’ to the black swan or grey rhino element of the scenario that is still going unaddressed by policymakers.  Is that true of this increased cyber threat at the Los Angeles Harbor?

Sullivan:   We recognized in 2013 that the cyber threat vector could act as a force multiplier in the event of a hybrid threat environment and the economic value of the port. With the early work in port security – dirty bombs arriving containerized, cyber-attacks – we played all the scenarios out in the wargame. What we learned is that law enforcement, public safety, the Coast Guard, the military, they have an expertise in the physical domain.  What they did not get at the time was the cyber component.  You cannot separate the cyber threat from the physical domain.

I am glad for the effort that the cyber resilience center represents, but what it also represents is that cyber is still decoupled from the physical domain and emergency preparedness.   The cyber threat is not decoupled and should not be treated as a separate threat.

Pereira:  What were some of the primary objectives of the IAB wargame in 2013?

Sullivan:  We built the model, including the geospatial data, ran the wargame and captured the results, and determined how to assess and mitigate risk.  Besides the initial wargame in Arlington, Virginia with the IAB, I also participated in many physical response exercises at the port.  One key insight, which I spoke to in an Op-Ed Piece in the Sacramento Bee, was a call for the creation of a second strategic oil reserve.

We also briefed the wargame results to DHS Undersecretary Suzanne Spaulding (who is now over at the CSIS) as she led the DHS Protection and Programs Directorate at the time – which was the precursor to what is now the critical infrastructure component of CISA.  We also wanted to get the information to other ports in the U.S. that were not as well-resourced as the Los Angeles and Long Beach ports.  We wanted to make sure that other ports knew of the threats – including the Gulf Coast and East Coast ports.

Pereira:  As a native of the Harbor Area, I have always been relieved that the infrastructure was not heavily covered by or showing up in the mainstream news cycle to call undue attention to it.  The pandemic changed all that in terms of exposure and awareness by the public of the central role the port plays in the global economy.

Sullivan: The reality is that it has never been off the map with geopolitical adversaries. Certainly, adversaries already have the ports on their strategic maps. We knew for years in the buildup to 9/11 that the largest port in the world would be a target and an essential supply chain corridor in the domestic U.S.  As many Americans learned through the recent supply chain backlogs during the pandemic, these two ports are the economic engine of certainly the West Coast, if not a big portion of the U.S. economy.

What Next?

Pereira:  As you know, OODA CTO Bob Gourley always ends an OODA Loop analysis or network member conversation with one vital question:  What next?

Sullivan:  Our intelligence fusion efforts in Los Angeles at the time of the initial 2013 wargame were countywide.  Now, we need national wargaming and strategic decision-making capabilities – with a 360-degree threat awareness which then works out viable federal responses to these potential threats.  The reality is our experiences in 2013 were not strategically expanded and implemented over time in any official way within DHS or CISA.

There will always be a back door or trap door within that port operation. The Maritime Security Center should be working with the overall regional fusion center.  Tighter coupling to the port operation is what is needed.  The cyber threat and the maritime threat need to be tightly coupled.  The doubling of cyber-attacks at the Port of Los Angeles should be a wake-up call.

Stay Informed

It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.