The Port of South Louisiana has hired a cybersecurity firm and plans to create an inhouse staff to guard against digital breaches at one of the nation's largest ports by volume, officials said.
The FBI and maritime industry groups suggest cyberattacks on businesses and ports, in particular, are on the rise. The port's auditors recently disclosed a cyberattack in the fall of 2021 cost the operation more than $420,000 before insurance reimbursements.
With a staff of about 60 people, the $15 million-a-year port oversees a 54-mile stretch of the lower Mississippi River between Baton Rouge and New Orleans; has its own river and rail terminal in Reserve, a general aviation airport; and also markets and develops properties along the river for future industry.
The port agreed this week to a one-year, $107,000 master contract with Evalv IQ so the company can develop a cybersecurity remediation plan.
Paul Matthews, the port's executive director, said the company already did an audit to test the port's systems and policies after the attack, one of his first initiatives since becoming the port's new head in January.
The port's commission also formed a committee to look at cybersecurity and information technology.
"As a result, we are now at point to provide this master services contract and sort of put the software in place to get us where we need to be. We are no longer going to be behind the times. We're hoping to be ahead of the times in many ways," Matthews said.
The contract will allow the port to have a security operations center, an on-staff IT manager, a next-generation, behavioral-based software and staff training, said Theresa Jones, the consultant who owns Evalv IQ.
Matthews explained the contract will serve as a short-term bridge until the port can create the inhouse staff for the long term, with Evalv IQ potentially still working on a consulting basis in the years ahead.
"The truth is we are just starting this department," Katie Klibert, a commissioner who chairs the port cybersecurity subcommittee. "This is something that is a constant, constant moving wheel. No matter how much you try to keep up with the wheel, the wheel turns 24 hours a day. The port turns 24 hours a day."
"You have to be a couple hours, a couple days, a couple years ahead of what's coming our way," she added.
In July, the BBC reported that Port of Los Angeles was battling 40 million cyberattacks per month.
And, in May, the regional law firm Jones Walker conducted an online survey of 125 "senior US port and maritime terminal executives" about cyber preparedness and data security threats. It too uncovered rising threats.
Seventy-four percent of respondents indicated that their systems or data had been the target of a breach or breach attempt within the past year, the white paper says.
Only 11% had data taken, while 14% had data encrypted or made inaccessible. Nearly three-fourths of survey respondents didn't disclose attacks outside telling law enforcement.
"The takeaways that we kind of highlighted there are that the industry is in need of advanced cyber security. Port and maritime terminals are under attack," said Andy Lee, a lawyer based in New Orleans who leads Jones Walker's privacy and data security team.
Lee added in an interview last month that attacks are happening at large, medium and small maritime operations and that, while surveyed executives showed confidence in their protections, the high level of threat could mean that confidence is misplaced.
Other maritime industry research has found attacks between 2017 and 2020 rose sharply against "operational technology" systems, which augment IT systems and move equipment and data.
Port of South Louisiana officials haven't offered a lot of details about the what the fall 2021 cyberattack entailed, citing future security concerns.
But officials told auditors earlier this year that, in response to the breach, they had started "a third-party verification process" for vendors seeking payment that includes "verifying information through a phone call with a representative of the requesting vendor."
Matthews said it is no surprise that attacks are increasing against ports. They represent 25% of the nation's economy, he said. All five Louisiana ports on the lower Mississippi represent the fourth-largest port complex in the world.
"Sixty percent of nation's grain, that is exported, comes out of the Port of South Louisiana," he said.
Port officials are still looking for their own cybersecurity staff, whom they plan to house in a new $12 million, three-story administration building nearing completion at the port's Globalplex terminal in Reserve.
In September, port officials also announced they received a nearly $1 million grant from the Federal Emergency Management Agency to improve the state agency's cybersecurity and other security measures.
Gloss