Port of LA Cyber Resilience Center: Is This the New Normal in the Fight Against Ransomware?

Disrupting the flow of goods and services is a keen priority for threat actors and critical infrastructure has long been a favored target. In 2021, the Colonial Pipeline ransomware attack caused a devastating impact to the economy when Russia-based hackers halted fuel movement along the critical U.S. Gulf and East Coast pipeline.

But this and other attacks may only be the beginning of an alarming ransomware trend aimed at U.S. critical infrastructure. Ransomware-as-a-service tools make ransomware easy to execute, making it the dominant cyber threat to enterprises in 2022. Indeed, the FBI recently warned that hackers have already developed ransomware code designed to disrupt critical infrastructure or industrial processes.

Port of Los Angeles Steps Up With a First-Of-Its-Kind Response

North America’s largest seaport and a critical pillar of U.S. critical infrastructure is ready to take on this threat. Last month, the Port of Los Angeles announced it is bolstering its cybersecurity readiness with the opening of a first-of-its kind Cyber Resilience Center (CRC).

“We must take every precaution against potential cyber incidents, particularly those that could threaten or disrupt the flow of cargo,” said Port of Los Angeles Executive Director Gene Seroka. “This new Cyber Resilience Center provides a new level of awareness for our stakeholders by providing enhanced intelligence, better collective knowledge sharing and heightened protection against cyber threats within our supply chain community.”  

Operated by IBM, the CRC enables participating stakeholders who handle cargo to automatically share cyber threat indicators and potential defensive and recovery measures to prevent disruption of the supply chain. As part of its operations, the CRC will also conduct tabletop exercises with participating stakeholders and provide them with annual cybersecurity training.
 

Ransomware Trends eBook

Ransomware attacks have been rising at an alarming rate — with victims ranging from one of the largest fuel suppliers in the United States to Ireland’s Department of Health. Download our ebook to learn more about:

  • The latest tactics used by ransomware groups
  • BitSight’s analysis of data on hundreds of ransomware events
  • Best practices to protect your organization
Download eBook
Button Arrow

Cyber Resilience Centers—A New Normal?

Could the LA Cyber Resilience Center be part of a new normal for critical national infrastructure? IBM certainly thinks so. In a press release, Christopher McCurdy, general manager, IBM Security Services said the CRC sets “a new industry standard” for cyber readiness.

He may be right. BitSight research finds that the nation’s largest infrastructure providers are at significant risk of ransomware attack and must do more to prevent cyber intrusions. For example, in the energy sector, 63% of companies are at heightened risk of ransomware attacks while 60% of utilities are at risk.

Much of this risk comes from misconfigured and unpatched systems. BitSight found that more than 75% of energy companies and 77% of utilities are exposed to ransomware risk due to poor configuration management. Furthermore, 41% of utilities and 32% of energy companies are slow to apply patches. Not surprisingly, poor performance in patch management is highly correlated with ransomware risk.

Both sectors could take a cue from the Port of Los Angeles and implement a more proactive and collaborative approach to detecting and protecting against cyber threats. But they must also focus on addressing gaps in their security programs, particularly with respect to vulnerability management, patching, configuration management, and endpoint security.

The Challenges of Mitigating Risk in Expanding Ecosystems

Unfortunately, as digital ecosystems expand—on-premise, in the cloud, and across geographies, business units, and remote offices—it’s hard to get a holistic view into areas of cyber risk. 

What can critical infrastructure organizations do? Our findings stress that continuously monitoring security performance so that vulnerabilities are discovered and remediated before they are exploited is key to defending against any cyberattack.

The same cybersecurity vigilance must also extend to organizations’ suppliers and vendors. As they seek to get around traditional defenses, cybercriminals are increasingly finding and attacking the least secure business in the supply chain and using it as a foothold to gradually compromise their partners. But this is where companies have less visibility and control. Vendor security assessments have their place, but they provide incomplete and time-bound views of cyber risk. 
 

Continuous Monitoring eBook

Learn how to adapt to the continuously changing risk environment with an efficient, continuous risk monitoring strategy.

Download eBook
Button Arrow

A better approach is to use tools that provide deep and continuous insight into the risks and security performance of every organization in a company’s supply chain. Using these data-driven insights, security and risk management teams can speed up their vendor onboarding processes and, once the contract is signed, keep tabs on their vendors’ security postures for the remainder of their partnerships.

Business leaders also benefit. With an unparalleled visibility into third-party cyber risk, they can make informed decisions about which organizations to do business with, hold those accountable for security performance, and, ultimately, reduce the risk of a supply chain attack.

Cyber Resilience is a Priority for Any Industry

Staying ahead of cyber threats, such as ransomware, is a priority for any industry. Indeed, critical infrastructure isn’t the only sector at risk. BitSight research finds that too many companies in the manufacturing (67%), retail (60%), finance (54%), healthcare (61%), and technology (66%) sectors are vulnerable to ransomware.

No organization can afford to assume this level of cyber risk–the financial, regulatory, reputational, and national security implications are too high.

One thing is clear. Maintaining a strong security stance in the face of rising cyber threats means taking a layered approach against those threats. That approach should involve different tools, including continuous monitoring. But it should also include information sharing, so that organizations can benefit from each others' knowledge. These are the things that the Port of LA's Cyber Resilience Center is prioritizing. Other organizations, in other industries, would do well to follow this multifaceted model.

Learn more about our methodology, what it means for your organization, and how you can lower your odds of being the next ransomware victim.