[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]








  EXAMINING PHYSICAL SECURITY AND CYBERSECURITY AT OUR NATION'S PORTS

=======================================================================

                             FIELD HEARING

                               before the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 30, 2017

                               __________

                           Serial No. 115-35

                               __________

       Printed for the use of the Committee on Homeland Security






 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
                                    



                                     

        Available via the World Wide Web: http://www.govinfo.gov
                               __________


                         U.S. GOVERNMENT PUBLISHING OFFICE 

28-822 PDF                     WASHINGTON : 2018 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001



























                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Sheila Jackson Lee, Texas
Mike Rogers, Alabama                 James R. Langevin, Rhode Island
Lou Barletta, Pennsylvania           Cedric L. Richmond, Louisiana
Scott Perry, Pennsylvania            William R. Keating, Massachusetts
John Katko, New York                 Donald M. Payne, Jr., New Jersey
Will Hurd, Texas                     Filemon Vela, Texas
Martha McSally, Arizona              Bonnie Watson Coleman, New Jersey
John Ratcliffe, Texas                Kathleen M. Rice, New York
Daniel M. Donovan, Jr., New York     J. Luis Correa, California
Mike Gallagher, Wisconsin            Val Butler Demings, Florida
Clay Higgins, Louisiana              Nanette Diaz Barragan, California
John H. Rutherford, Florida
Thomas A. Garrett, Jr., Virginia
Brian K. Fitzpatrick, Pennsylvania
Ron Estes, Kansas
Vacancy
                   Brendan P. Shields, Staff Director
                Steven S. Giaier, Deputy General Counsel
                    Michael S. Twinchek, Chief Clerk
                  Hope Goins, Minority Staff Director
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
                           C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Committee on Homeland 
  Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Oral Statement.................................................     3
  Prepared Statement.............................................     5

                               Witnesses

Rear Admiral Todd A. Sokalzuk, Commander, Eleventh Coast Guard 
  District, U.S. Coast Guard, U.S. Department of Homeland 
  Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7
Mr. Carlos C. Martel, Director of Field Operations, Los Angeles 
  Field Office, U.S. Customs and Border Protection, U.S. 
  Department of Homeland Security:
  Oral Statement.................................................     9
  Prepared Statement.............................................    11
Mr. Eugene D. Seroka, Executive Director, The Port of Los 
  Angeles:
  Oral Statement.................................................    15
  Prepared Statement.............................................    17
Mr. Mario Cordero, Executive Director, The Port of Long Beach:
  Oral Statement.................................................    19
  Prepared Statement.............................................    21
Mr. Ray Familathe, International Vice President, International 
  Longshore and Warehouse Union:
  Oral Statement.................................................    25
  Prepared Statement.............................................    27

                             For the Record

The Honorable Nanette Diaz Barragan, a Representative in Congress 
  From the State of California:
  Comments.......................................................    38
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Statement of Anthony M. Reardon, National President, National 
    Treasury Employees Union.....................................    52

                                Appendix

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Committee on Homeland 
  Security:
  Letter From the National Association of Waterfront Employers...    55

 
  EXAMINING PHYSICAL SECURITY AND CYBERSECURITY AT OUR NATION'S PORTS

                              ----------                              


                        Monday, October 30, 2017

                     U.S. House of Representatives,
                            Committee on Homeland Security,
                                                     San Pedro, CA.
    The committee met, pursuant to notice, at 1 p.m., at the 
Port of Los Angeles Administration Building, 425 South Palos 
Verdes Street, San Pedro, California, Hon. Michael T. McCaul 
(Chairman of the committee) presiding.
    Present: Representatives Thompson, Correa, and Barragan.
    Also present: Representatives Estes, Rohrabacher, Hunter, 
Lowenthal, and Torres.
    Chairman McCaul. The Committee on Homeland Security will 
come to order.
    Committee's meeting today is ``Examining the Physical 
Security and Cybersecurity of Our Nation's Ports.''
    Before I begin, I would like to note that we have a number 
of Members that are not on the Committee of Homeland Security 
attending today. I would ask unanimous consent that they be 
allowed to participate in today's hearing.
    I appreciate the effort taken on behalf of all those 
involved to have this important field hearing take place. I 
want to thank the Port of Los Angeles for hosting us.
    This is an official Congressional hearing. So we must abide 
by certain rules of the Committee on Homeland Security and the 
House of Representatives.
    I kindly wish to remind our guests today that 
demonstrations from the audience, including applause and verbal 
outbursts, which I doubt will happen here today, will be a 
violation of House rules.
    It is important that we respect decorum and rules of the 
committee.
    I have also been requested to state that photography and 
cameras are limited to accredited press only.
    I now recognize myself for an opening statement.
    Today Members of our committee have gathered here to 
examine the physical and cybersecurity of our Nation's ports. I 
would like to thank everyone who has traveled a great distance 
to be here and to CBP and the Coast Guard for the tour of Port 
of Los Angeles and the Port of Long Beach.
    I would also like to thank each of the witnesses and look 
forward to hearing your thoughts on how we can work together to 
strengthen the security of America's ports.
    America's port system is an industrial engine that drives 
much of our economic success. Currently, U.S. seaports support 
23 million American jobs and 4.6 trillion in economic activity, 
or 26 percent of our economy.
    This year alone, the Port of Los Angeles has processed over 
6 million containers. These ports will only continue to remain 
busy, as our trade volume is expected to quadruple by 2030.
    A safe and unrestricted flow of goods and services through 
our marine transportation system has allowed the United States 
to become a global economic superpower.
    Keeping our ports and our cargo containers safe is 
absolutely vital to our Homeland Security as well as our 
National financial health. We must make sure they are not 
susceptible to attacks from our enemies.
    Unfortunately, America's adversaries are constantly looking 
for ways to strike our country with cyber attacks. As our port 
systems increasingly benefit from new technology and advanced 
computer systems, they also find themselves in the crosshairs 
of international hackers and rogue nation-states.
    In June, this very port was briefly shut down because of a 
cyber attack that cost nearly $300 million in economic damage. 
That is not acceptable. We must do more to strengthen 
cybersecurity and these essential maritime hubs.
    Fortunately, the Committee on Homeland Security has been 
taking action. Proud to say that we have a great track record 
when it comes to work across party lines to pass common-sense 
legislation.
    Last Monday, the House passed a reauthorization of the 
Customs Trade Partnership Against Terrorism program, an 
important public/private-sector partnership that strengthens 
cargo security and international supply chains.
    That very next day, we passed legislation that requires the 
Secretary of DHS to implement a risk assessment model which 
focuses on cybersecurity vulnerabilities and risks at America's 
ports.
    In July, Republicans and Democrats came together to pass 
the first ever comprehensive reauthorization of DHS with an 
overwhelming bipartisan vote. This reauthorization approves the 
preparedness and readiness capabilities of the Coast Guard and 
TSA while creating a mechanism for port operators to share 
cyber threat information and best practices.
    Chairs of the 9/11 Commission, Tom Kean, Lee Hamilton, have 
recently called on the Senate to pass this reauthorization. It 
needs to get to the President's desk and signed into law.
    Finally, I would like to express the committee's 
appreciation to the leadership and staff of the Port of Los 
Angeles Harbor Administration for making this event possible.
    [The statement of Chairman McCaul follows:]
                Statement of Chairman Michael T. McCaul
                            October 30, 2017
    Today, Members of our committee have gathered here to examine the 
physical security and cybersecurity of our Nation's ports.
    Before we begin however, I would like to thank everyone who has 
traveled a great distance to be here and to CBP and the Coast Guard for 
the tour of the Port of Los Angeles and the Port of Long Beach.
    I would also like to thank each of the witnesses and I look forward 
to hearing your thoughts on how we can work together to strengthen the 
security of America's ports.
    America's port system is an industrial engine that drives much of 
our economic success. Currently, U.S. seaports support 23 million 
American jobs and $4.6 trillion in economic activity, or 26% of our 
economy.
    This year alone, the Port of Los Angeles has processed over 6 
million containers. These ports will only continue to remain busy, as 
our trade volume is expected to quadruple by 2030.
    A safe and unrestricted flow of goods and services through our 
marine transportation system has allowed the United States to become a 
global, economic super power.
    Keeping our ports and our cargo containers safe, is absolutely 
vital to our homeland security as well as our National financial 
health. We must make sure they are not susceptible to attacks from our 
enemies.
    Unfortunately, America's adversaries are constantly looking for 
ways to strike our country with cyber attacks.
    As our port systems increasingly benefit from new technology and 
advanced computer systems, they also find themselves in the crosshairs 
of international hackers and rogue nation states.
    In June, this very port was briefly shut down because of a cyber 
attack that cost nearly $300 million in economic damage. That is not 
acceptable.
    We must do more to strengthen cybersecurity of these essential 
maritime hubs.
    Fortunately, the Committee on Homeland Security in the House has 
been taking action. And I am proud to say that we have a great track 
record of working across party lines to pass common-sense legislation.
    Just last Monday, the House passed a reauthorization of the Customs 
Trade Partnership Against Terrorism (C-TPAT) program, an important 
public-/private-sector partnership that strengthens cargo security and 
international supply chains. The very next day, we passed legislation 
that requires the Secretary of DHS to implement a risk assessment model 
which focuses on cybersecurity vulnerabilities and risks at America's 
ports.
    In July, Republicans and Democrats came together to pass the first-
ever, comprehensive reauthorization of DHS with an overwhelming 
bipartisan vote. This reauthorization improves the preparedness and 
readiness capabilities of the Coast Guard and TSA, while creating a 
mechanism for port operators to share cyber threat information and best 
practices.
    Chairs of the 9/11 Commission, Tom Kean and Lee Hamilton, have 
recently called on the Senate to pass this DHS reauthorization. It 
needs to get to the President's desk and signed into law.
    Finally, I'd like to express the committee's appreciation to the 
leadership and staff of the Port of Los Angeles Harbor Administration 
for making this event possible.

    Chairman McCaul. With that, the Chair now recognizes the 
Ranking Member, Mr. Thompson.
    Mr. Thompson. Thank you very much, Mr. Chairman.
    Let me thank you for holding this important hearing on port 
security today.
    I am pleased to be joined by my colleagues here at the Port 
of Los Angeles in the Congressional district represented so 
well by Representative Nanette Barragan. As a Member of the 
committee on Homeland Security, Representative Barragan has 
been a champion for the Port of Los Angeles and this community. 
She is a leading voice on matters relating to seaport, port 
security, and facilitating commerce. We are fortunate to have 
her as a Member of our committee, and her constituents should 
be assured she is working hard in Congress on their behalf.
    As well as a Dodger fan also.
    I want to thank the other Democratic Members for joining us 
today from nearby Congressional districts. They are 
Representative Lou Correa, who also is a valued Member of the 
Committee on Homeland Security; Representative Norma Torres, a 
former Member of the committee; and Representative Alan 
Lowenthal, who represents the neighboring Port of Long Beach.
    These Members present here reaffirm their commitment to the 
security and prosperity of these ports and the surrounding 
communities. I know they will make this a productive hearing.
    Earlier today, we had the opportunity to tour and be 
briefed about both the Ports of Los Angeles and Long Beach. The 
scope of the operations by the port and their Federal, State, 
and local partners is impressive, as is the magnitude of the 
security challenges facing the ports.
    At the same time, the ports are vitally important to trade 
and commerce, not just locally, but across the country, and 
around the globe.
    Indeed, the bulk of U.S. overseas trade is carried by 
ships, many of which call on the ports we are discussing today. 
The economic consequences of a maritime terrorist attack would 
be catastrophic to the country in addition to the potential 
loss of life and property.
    Unfortunately, port security sometimes gets shortchanged 
when it comes to allocating scarce Federal security resources. 
I would argue that rather than spending billions on a border 
wall, for example, we should invest in better securing our 
ports by strengthening their physical security, providing 
appropriate Customs and Border Protection officer staffing, and 
enhancing cyber defenses.
    With respect to staffing, the National Treasury Employees 
Union, which represent front-line CBP officers at our ports, 
report that currently nearly 1,500 CBP officer vacancies and an 
additional 2,000 CBP officers are needed to properly secure our 
ports while facilitating travel.
    This shortage of 3,500 officers is unacceptable. It puts 
the security of our ports in jeopardy and slows valuable 
commerce.
    Coast Guard resources are similarly strained. For instance, 
the commandant of the Coast Guard has stated that there were 
over 500 smuggling events last year about which the Coast Guard 
had information but unable to respond to due to a lack of 
assets. Earlier today we heard similar testimony from Coast 
Guard officials. Again, this is unacceptable.
    With respect to cybersecurity, Representatives Barragan and 
Correa have raised before this committee a major cyber attack 
that occurred in June of this year at the Port of Los Angeles. 
A.P. Moller-Maersk had to shut down its container operation, 
costing the company as much as $300 million, and causing weeks 
of disrupted operations.
    I look forward to hearing from our panel about the lessons 
learned, the precautions put in place since that incident, and 
what more remains to be done.
    We should be putting our scarce resources toward addressing 
these gaps in our Nation's security. I hope we can address all 
of these important issues today and that we can continue to 
work together to enhance the security of our Nation's port.
    In closing, I want to thank the witnesses for joining us 
today and all the men and women who keep these ports operating 
securely and efficiently for the benefit of local communities 
and our entire country.
    Again, I appreciate the Chairman convening this meeting and 
look forward to discussion.
    I yield back.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                            October 30, 2017
    Earlier today, we had the opportunity to tour and be briefed about 
both the Port of Los Angeles and Long Beach. The scope of the 
operations by the ports and their Federal, State, and local partners is 
impressive, as is the magnitude of the security challenges facing the 
ports.
    At the same time, the ports are vitally important to trade and 
commerce not just locally, but across the country and around the globe. 
Indeed, the bulk of U.S. overseas trade is carried by ships, many of 
which call on the ports we are discussing today. The economic 
consequences of a maritime terrorist attack could be catastrophic to 
the country, in addition to the potential loss of life and property.
    Unfortunately, port security sometimes gets short shrift when it 
comes to allocating scarce Federal security resources. I would argue 
that rather than spending billions on a border wall, for example, we 
should invest in better securing our ports by strengthening their 
physical security, providing appropriate Customs and Border Protection 
officer staffing, and enhancing cyber defenses.
    With respect to staffing, the National Treasury Employees Union 
(NTEU), which represents front-line CBP officers at our ports, reports 
there currently nearly 1,500 CBP officer vacancies and an additional 
2,000 CBP officers are needed to properly secure our ports while 
facilitating travel. This shortage of 3,500 officers is unacceptable. 
It puts the security of our ports in jeopardy and slows valuable 
commerce.
    Coast Guard resources are similarly strained. For instance, the 
Commandant of the Coast Guard has stated there were over 500 smuggling 
events last year about which the Coast Guard had information but was 
unable to respond to due to a lack of assets. Again, this is 
unacceptable.
    With respect to cybersecurity, Reps. Barragan and Correa have 
raised before the committee a major cyber attack that occurred in June 
of this year at the port of Los Angeles. AP Moller-Maersk had to shut 
down its container operations, costing the company as much as $300 
million and causing weeks of disrupted operations. I look forward to 
hearing from our panel about the lessons learned, the precautions put 
in place since that incident, and what more remains to be done.
    We should be putting our scare resources toward addressing these 
gaps in our Nation's security. I hope we can address all of these 
important issues today and that we can continue to work together to 
enhance the security of our Nation's ports.
    In closing, I want to thank the witnesses for joining us today and 
all the men and women who keep these ports operating securely and 
efficiently for the benefit of local communities and our entire 
country.

    Chairman McCaul. Thank you, Ranking Member. I think we have 
more Members here than some hearings we have in Washington, DC. 
That says a lot about the Members of the committee and the 
Members who are locally here in the Los Angeles area. I want to 
thank you all for being at this hearing.
    We are pleased to have a distinguished panel of witnesses 
before us. First is Admiral Todd Sokalzuk. He is a commander of 
the Eleventh Coast Guard District for the United States Coast 
Guard at the Department of Homeland Security.
    Next, Mr. Carlos Martel is the director of field operations 
at the Los Angeles Field Office for U.S. Customs and Border 
Protection.
    We also have Mr. Gene Seroka, and he is the executive 
director of the Port of Los Angeles.
    Mr. Mario Cordero is the executive director of the Port of 
Long Beach.
    Our final witness is Mr. Ray Familathe, the international 
vice president of the International Longshore and Warehouse 
Union.
    I want to thank all of you for being here today. Your full 
statements will appear in the record.
    The Chair now recognizes the admiral for his testimony.

STATEMENT OF REAR ADMIRAL TODD A. SOKALZUK, COMMANDER, ELEVENTH 
  COAST GUARD DISTRICT, U.S. COAST GUARD, U.S. DEPARTMENT OF 
                       HOMELAND SECURITY

    Admiral Sokalzuk. Good afternoon, Chairman McCaul, Ranking 
Member Thompson, and Members of the committee.
    I am honored to be here today at the great Port of Los 
Angeles to discuss the Coast Guard's role in port security.
    Mr. Chairman, I would especially thank you. I really want 
to thank all of you for your leadership and encouraging support 
of the Coast Guard on this issue.
    My complete statement has been provided to the committee 
and I request to have it entered----
    Chairman McCaul. Admiral, if you would turn on your 
microphone.
    Admiral Sokalzuk. Just to be clear, I asked that my 
statement be entered into the official hearing record.
    The Coast Guard offers enduring value to our Nation. We are 
the only branch of the U.S. armed services within the 
Department of Homeland Security and uniquely positioned to help 
secure our ports, protect the marine transportation system, and 
safeguard America's National economic security.
    The Coast Guard's governance of the marine transportation 
system ensures that it remains safe, secure, environmentally 
sound and productive, particularly with regard to shared 
critical infrastructure that we rely on for National security, 
border security, and economic prosperity.
    The Coast Guard's efforts to secure our ports and marine 
transportation system begins far from here, overseas. We 
leverage international partnerships. Through the International 
Port Security program, the Coast Guard performs its in-country 
port security assessments to determine the effectiveness of 
security and anti-terrorism measures exhibited by foreign trade 
partners.
    We maintain over 40 maritime bilateral law enforcement 
agreements and 11 bilateral proliferation security initiative 
ship-boarding agreements. These agreements facilitate 
international cooperation and allow Coast Guard teams to board 
and search vessels at sea suspected of carrying illicit 
shipments, weapons of mass destruction, their delivery systems, 
or related materials.
    The Coast Guard's membership within the intelligence 
community provides global situational awareness, analysis, and 
interagency collaboration opportunities with various 
counterterrorism components, including the Central Intelligence 
Agency, the National Counterterrorism Center, and the Federal 
Bureau of Investigation. Intelligence also helps us push our 
boarders out.
    Direct timely intelligence is just a key enabler across a 
broad spectrum of threats for us. While more than 90 percent of 
our 2016 at-sea interdictions of illicit narcotics and illegal 
aliens were cued by intelligence, the Coast Guard's aging major 
cutters limit our ability to respond to that, even though we 
have the intelligence.
    Critical acquisitions like the off-shore patrol cutter are 
essential to our long-term success in our fight against 
transnational criminal organizations.
    So while cargo crosses the oceans and nears our shore, 
Coast Guard personnel co-located with Customs and Border 
Protection at the National Targeting Center screen ships' crew 
and passenger information for all vessels required to submit a 
Notice of Arrival before entering a U.S. port.
    As these ships then arrive in American waters, our 
authorities, through the Maritime Transportation Security Act, 
provide a robust regime for security plan approval and 
compliance inspections for both maritime facilities and the 
vessels.
    Area maritime security committees, just like the vibrant 
one in this area, provide a recurring forum for key agencies 
and partners to address risk at each port, some of whom you 
have talked to today.
    We support our local partners through our participation in 
FEMA's port security grant program, and just this year 
regulated entities within the Los Angeles/Long Beach Port 
Complex received $11.8 million in Federal grant money to 
bolster physical and cybersecurity.
    In June, we did feel the effects of a cyber event here in 
this port community. Thankfully, neither of these resulted in 
marine casualties, but they certainly demonstrated the extents 
to which cyber vulnerabilities could affect the marine 
transportation system.
    We in the Coast Guard treat cyber as an operational risk, 
and, to that end, it is part of our enduring competency of 
managing risk, just like we do across all of our missions.
    We continuously work with our partners, continuously work 
with DHS and across industry to strengthen our relationships to 
help us to manage this risk and, importantly, with public and 
private stakeholders.
    So for over two centuries, the Coast Guard has safeguarded 
our Nation's maritime interests, the Coast Guard has layered 
security strategy, day-to-day operations and coordination 
across government, to ensure that we are well-positioned to 
address the broad range of offshore and coastal threats that 
could impact our National security.
    Thank you, Mr. Chairman.
    [The prepared statement of Admiral Sokalzuk follows:]
                 Prepared Statement of Todd A. Sokalzuk
                            October 30, 2017
                              introduction
    Good morning, Chairman McCaul, Ranking Member Thompson, and 
distinguished Members of the committee. It is my pleasure to be here 
today to discuss the Coast Guard's role in port security.
    The U.S. Coast Guard is the world's premier, multi-mission, 
maritime service responsible for the safety, security, and stewardship 
of the maritime domain. At all times a military service and branch of 
the U.S. Armed Forces, a Federal law enforcement agency, a regulatory 
body, a first responder, and a member of the U.S. intelligence 
community, the Coast Guard operates on all seven continents and 
throughout the homeland, serving a Nation whose economic prosperity and 
National security are inextricably linked to broad maritime interests.
    America's economic prosperity is reliant on the safe, secure, and 
efficient flow of cargo through the Marine Transportation System (MTS). 
The Nation's waterways support $4.5 trillion of economic activity each 
year, including over 250,000 American jobs.\1\ U.S. economic stability, 
production, and consumption, enabled by the intermodal transportation 
of goods through the midstream economy, are critical to American 
prosperity and National security. This trade-driven economic prosperity 
serves as a wellspring for our power and serves as a leading source of 
our influence in the world. While we are mindful of the need to 
facilitate commerce, not impede it, the Coast Guard also recognizes the 
critical role we play with port partners to reduce risks to U.S. ports 
and maritime critical infrastructure.
---------------------------------------------------------------------------
    \1\ ``Ports' Value to the U.S. Economy: Exports, Jobs & Economic 
Growth.'' American Association of Port Authorities, http://www.aapa-
ports.org/advocating/content.aspx?ItemNumber=21150, Accessed April 17, 
2017.
---------------------------------------------------------------------------
                           a layered approach
    Securing our maritime borders and reducing risk to our ports and 
infrastructure requires a layered, multi-faceted approach. Because of 
our unique authorities, capabilities, competencies, and partnerships, 
the Coast Guard is well-positioned to undertake such an approach and 
meet a broad range of maritime border security requirements. This 
layered approach allows the Coast Guard to detect, deter, and counter 
threats as early and as far from U.S. shores as possible.
    For the past 227 years, Coast Guard men and women have patrolled 
the Nation's ports and waterways to prevent and respond to major 
threats and hazards. Since Congress established the Steamboat 
Inspection Service in 1852, Coast Guard prevention authorities have 
evolved alongside emerging threats and changing port infrastructure. 
The Coast Guard established Captains of the Port (COTPs) to execute 
these authorities and work with our partners to prepare our ports for 
natural disasters, accidents, and deliberate acts. At the same time, as 
transnational threats to the homeland have increased, so has our reach 
and overseas presence through foreign engagement and overseas security 
inspections.
          international port assessments and vessel screening
    The Coast Guard conducts foreign port assessments and leverages the 
International Maritime Organization's (IMO) International Ship and Port 
Facility Security (ISPS) Code to assess effectiveness of security and 
antiterrorism measures in foreign ports. Through the ISPS Program, the 
Coast Guard performs overseas port assessments to determine the 
effectiveness of security and antiterrorism measures exhibited by 
foreign trading partners.
    Since the inception of ISPS in 2004, Coast Guard personnel have 
visited more than 150 countries and approximately 1,200 port 
facilities. These countries generally receive biennial assessments to 
verify compliance with the ISPS Code and U.S. maritime security 
regulations, as appropriate. Vessels arriving in foreign ports that are 
not compliant with ISPS Code standards are required to take additional 
security precautions while in those ports. They may also be boarded by 
the U.S. Coast Guard before being allowed entry to U.S. ports, and in 
some cases may be refused entry to the United States. In fiscal year 
2017, the ISPS Program assessed the effectiveness of anti-terrorism 
measures in nearly 150 port facilities of 52 of our maritime trading 
partners, as well as conducted 35 capacity-building activities in 16 
countries with marginal port security to prevent them from falling into 
non-compliance with the ISPS Code.
                   area maritime security committees
    In U.S. ports, the COTP is designated as the Federal Maritime 
Security Coordinator (FMSC). In this role, COTPs lead the Nation's 43 
Area Maritime Security Committees (AMSCs) and oversee the development, 
regular review, and annual exercise of their respective Area Maritime 
Security Plans. AMSCs assist and advise the FMSC in the development, 
review, and implementation of a coordination and communication 
framework to identify risks and vulnerabilities in and around ports.
    Additionally, AMSCs coordinate resources to prevent, protect 
against, respond to, and recover from Transportation Security 
Incidents. AMSCs have developed strong working partnerships between all 
levels of government and private industry stakeholders. The Coast Guard 
screens ships, crews, and passengers for all vessels required to submit 
an Advance Notice of Arrival (ANOA) prior to entering a U.S. port.
            cyber risks and the marine transportation system
    The Coast Guard and the maritime industry continually cooperate to 
address the risks associated with new threats and technologies. 
Security threats have evolved from coastal piracy to complex smuggling 
operations, transnational organized crime, and terrorism. Safety risks 
have likewise evolved as merchant shipping progressed from sailing 
ships to ships driven by coal-fired steam boilers, to diesel engines 
and most recently to liquefied natural gas. Waterfront operations 
evolved from break bulk cargo to containerization, with sophisticated 
systems now controlling the movement and tracking of containerized and 
liquid cargo. The maritime industry is a dynamic industry that includes 
many components. The maritime industry includes ships and mariners that 
sail our waters, the ports and facilities they call upon, the waterways 
upon which commerce moves, and water-borne access to maritime natural 
resources. Our maritime industry provides vital transportation along 
marine highways, enables the harvesting of marine and offshore natural 
resources, supports recreation, and facilitates interstate and 
international trade. By providing access to transportation, trade, and 
natural resources, the maritime industry supports our Nation's economic 
prosperity and is a key driver for our National economy.
    The topic of cybersecurity within the maritime industry is as 
dynamic as any other sector of business. The industry's global reach, 
large volume of capital transactions, extensive use of commercial 
services, and reliance on information technology create significant 
opportunities for exploitation through the cyber domain--the June 2017 
notPetya virus and the resulting impacts on APM's global operations, to 
include subsequent defensive measures, highlighted these risks for the 
world to see. As evidenced by the notPetya virus, the MTS will continue 
to experience cyber impacts even though it may not be the intended 
target. Thus the Coast Guard broadly views cyber as one of many 
operational risks that must be managed. With the release of the Coast 
Guard's Cyber Strategy in June 2015, the Coast Guard and their industry 
partners have engaged in comprehensive efforts to raise maritime cyber 
risk awareness, enhance preparedness and information sharing, and 
capitalize on the opportunity to learn from other sectors of the 
economy. As the Coast Guard transitions from enhancing cyber awareness 
to promoting improved cyber governance, lessons learned from 
collaborative efforts led through many of our AMSCs from COTP zones 
throughout the country, will help inform this important effort.
                               conclusion
    The Coast Guard offers truly unique and enduring value to our 
Nation. The only branch of our Armed Forces within the U.S. Department 
of Homeland Security, the Coast Guard is positioned to help secure the 
border, protect the homeland, and safeguard America's National and 
economic security. Since 1790, the Coast Guard has helped advance 
American prosperity by mitigating risk to our Nation's ports and 
infrastructure to ensure that the MTS operates safely, predictably, and 
securely. While much has changed from the days of sail, our service has 
continuously drawn upon our core competencies of mitigating operational 
risk, and leveraging our crucial partnerships with State, local, 
Tribal, and industry partners to advance security in U.S. ports.

    Chairman McCaul. Thank you, Admiral.
    The Chair now recognizes Mr. Martel.

 STATEMENT OF CARLOS C. MARTEL, DIRECTOR OF FIELD OPERATIONS, 
 LOS ANGELES FIELD OFFICE, U.S. CUSTOMS AND BORDER PROTECTION, 
              U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Martel. Chairman McCaul, Ranking Member Thompson, 
esteemed Members of the committee. Thank you for the 
opportunity to testify today to discuss the role of U.S. 
Customs and Border Protection in securing maritime cargo, an 
important responsibility we share with our partners here today.
    As lead DHS agency for border security, CBP works closely 
with our domestic and international partners to protect the 
Nation from a variety of threats, including those posed in 
containerized cargo arriving at our seaports.
    Serving as the director of field operations for the greater 
Los Angeles area, including the L.A./Long Beach seaport, the 
largest seaport in the Nation, I know first-hand how complex 
cargo security operations are and how valuable our programs and 
partnerships are to our National security.
    CBP has several key programs that enhance our ability to 
assess cargo for risk, examine high-risk shipments at the 
earliest possible point, and increase the security of the 
supply chain. I would like to highlight just a few of these 
efforts for you today.
    First, CBP receives advance information on every maritime 
cargo shipment, every vessel, and every person before they 
arrive at the port.
    Second, CBP's advanced targeting techniques use the data 
collected to enhance our ability to assess the risk associated 
with these cargo shipments and with the entities involved.
    Third, our partnerships, those with our DHS and Federal 
partners, private industry, and foreign counterparts, increase 
information sharing and enhance our domain awareness, targeting 
capabilities, and ability to intercept threats at or 
approaching our seaports.
    For example, CBP's Container Security Initiative pushes our 
security efforts outwards and enables CBP to partner with 
foreign authorities to identify and examine potentially high-
risk maritime containers at the foreign port before they are 
laden on U.S.-bound vessels.
    CBP's 60 CSI ports now prescreen over 80 percent of all 
maritime containerized cargo imported into the United States.
    We also partner with private industry. The Customs Trade 
Partnership Against Terrorism provides facilitation benefits to 
rigorously-vetted members of the trade community who volunteer 
to adopt tighter security measures throughout their entire 
international supply chain. C-TPAT has grown from 7 initial 
members to over 11,000 members today.
    Finally, advanced, nonintrusive inspection equipment, 
including X-ray and gamma-ray imaging systems, are placed at 
domestic and foreign seaports. For example, in partnership with 
the DHS Domestic Nuclear Detection Office, CBP has deployed 
nuclear and radiological detection equipment, including 
radiation portal monitors, radiation isotope identification 
devices, and personal radiation detectors, to ports of entry 
Nation-wide.
    Radiation portal monitors enable CBP to scan nearly 100 
percent of all arriving maritime containerized cargo for the 
presence of radiological or nuclear materials.
    Basically, detection and imaging systems enable CBP 
officers to examine cargo conveyances, such as sea containers, 
without physically opening or unloading them. Technology allows 
CBP to work smarter and faster in detecting contraband and 
other dangerous materials while facilitating the flow of 
legitimate cargo.
    CBP's detection technology, targeting capabilities, and 
partnerships are part of a comprehensive strategy that enables 
CBP to identify and address potential threats in containerized 
maritime cargo before they arrive at our Nation's seaports.
    Thank you for the opportunity to testify today. Be happy to 
answer any questions.
    [The prepared statement of Mr. Martel follows:]
                 Prepared Statement of Carlos C. Martel
                            October 30, 2017
    Chairman McCaul, Ranking Member Thompson, and distinguished Members 
of the committee, it is an honor to appear before you today to discuss 
the role of U.S. Customs and Border Protection (CBP) in securing 
maritime cargo. As the lead U.S. Department of Homeland Security (DHS) 
agency for border security, CBP works closely with our domestic, 
international, and industry partners to protect the Nation from a 
variety of dynamic threats, including those posed by containerized 
cargo arriving at our sea ports of entry (POE).
    The United States experiences an immense volume of international 
trade, a critical component of our Nation's economic security and 
competitiveness. In fiscal year 2017,\1\ CBP officers processed more 
than 26.1 million imported cargo containers, including 11.9 million 
maritime cargo containers at our Nation's seaports, equating to $847.7 
billion in imports. CBP's cargo security and trade facilitation 
missions are mutually supportive: By utilizing a risk-based strategy 
and multi-layered security approach, CBP can focus time and resources 
on those suspect shipments that are high-risk. This approach 
incorporates three layered elements to improve supply chain integrity, 
expedite legitimate trade, promote economic viability, and increase 
resilience across the entire global supply chain system.
---------------------------------------------------------------------------
    \1\ Through August 31, 2017.
---------------------------------------------------------------------------
   Advance Information and Targeting.--Obtaining information 
        about cargo, vessels, and persons involved early in the 
        shipment process and using advanced targeting techniques to 
        increase domain awareness and assess the risk of all components 
        and factors in the supply chain;
   Advanced Detection Equipment and Technology.--Maintaining 
        robust inspection regimes at our POEs, including the use of 
        Non-Intrusive Inspection (NII) equipment and radiation 
        detection technologies; and
   Government and Private-Sector Collaboration.--Enhancing our 
        Federal and private-sector partnerships and collaborating with 
        foreign governments to extend enforcement efforts outward to 
        points earlier in the supply chain.
    These interrelated elements are part of a comprehensive cargo 
security strategy that enables CBP to detect, identify, and prevent 
potential threats, including the use of containerized cargo to 
transport counterfeit or illicit products, radiological weapons, such 
as ``dirty bombs,'' or other dangerous materials, before they arrive at 
our Nation's border. By leveraging intelligence-driven analysis, 
innovative partnerships, and advanced technology, CBP secures and 
promotes the movement of legitimate cargo transiting through the 
maritime environment.
             advance information and targeting capabilities
    CBP leverages advance information about cargo, conveyances, and 
persons, and tailors targeting activities to increase domain awareness 
and assess the risk of all components and factors in the supply chain. 
Statutory and regulatory requirements for the submission of advance 
information, and the development of rigorous targeting capabilities at 
the National Targeting Center (NTC), enable CBP to identify potential 
threats and address high-risk shipments before a vessel arrives at a 
U.S. POE.
    The Trade Act of 2002,\2\ which provides statutory support for the 
24-Hour Advance Cargo Manifest rule,\3\ also requires importers and 
carriers to submit to CBP advance electronic cargo information for all 
in-bound shipments in all modes of transportation. Furthermore, CBP 
requires the electronic transmission of additional data, as mandated by 
the Security and Accountability for Every Port (SAFE Port) Act of 
2006,\4\ through the Importer Security Filing and Additional Carrier 
Requirements rule (also known as ``10+2''). These requirements enable 
CBP to target and mitigate high-risk shipments not just prior to 
arrival in the United States, but prior to the loading of cargo bound 
for the United States.
---------------------------------------------------------------------------
    \2\ Pub. L. No. 107-210.
    \3\ The 24-hour rule applies only to maritime cargo.
    \4\ Pub. L. No. 109-347.
---------------------------------------------------------------------------
    This advance information requirement is a critical element of CBP's 
targeting efforts at the NTC and enhances CBP's capability to identify 
high-risk cargo without hindering legitimate trade and commerce. The 
NTC, established in 2001, coordinates and supports CBP's intelligence 
and enforcement activities related to the movement of cargo in all 
modes of transportation--sea, truck, rail, and air. Using the Automated 
Targeting System (ATS), the NTC proactively analyzes advance cargo 
information before shipments depart foreign ports. ATS incorporates the 
latest cargo threat intelligence and National targeting rule sets to 
generate a uniform review of cargo shipments, and provides 
comprehensive data for the identification of high-risk shipments. ATS 
is a critical decision support tool for CBP officers working at the 
NTC, the Advanced Targeting Units at our POEs, and foreign ports 
abroad.
              advanced detection equipment and technology
    Advanced detection technology is another key aspect of CBP's 
comprehensive approach to maritime cargo security. NII technology, 
including X-ray and gamma-ray imaging systems, is placed at domestic 
and foreign seaports and enables CBP to detect illicit and/or dangerous 
materials. NII technologies are force multipliers that enable us to 
screen or examine a larger portion of the stream of commercial traffic 
while facilitating the flow of legitimate cargo.
    CBP currently has 302 large-scale NII systems deployed to, and in 
between, U.S. POEs. These systems enable CBP officers to examine cargo 
conveyances such as sea containers, commercial trucks, and rail cars, 
as well as privately-owned vehicles, for the presence of contraband 
without physically opening or unloading them. This allows CBP to work 
smarter and faster in detecting contraband and other dangerous 
materials. As of September 1, 2017, CBP has used the deployed NII 
systems to conduct more than 86 million examinations, resulting in more 
than 20,600 narcotics seizures.
    Scanning all arriving conveyances and containers with radiation 
detection equipment prior to release from the POE is an integral part 
of the CBP comprehensive strategy to combat nuclear and radiological 
terrorism. In partnership with the Domestic Nuclear Detection Office 
(DNDO), CBP has deployed nuclear and radiological detection equipment, 
including 1,280 Radiation Portal Monitors (RPM), 3,319 Radiation 
Isotope Identification Devices (RIID), and 35,294 Personal Radiation 
Detectors (PRD) to all 328 POEs Nation-wide.\5\ Utilizing RPMs, CBP is 
able to scan 100 percent of all mail and express consignment mail and 
parcels; 100 percent of all truck cargo, 100 percent of personally-
owned vehicles arriving from Canada and Mexico; and nearly 100 percent 
of all arriving sea-borne containerized cargo for the presence of 
radiological or nuclear materials. Since the inception of the RPM 
program in 2002 through August 2017, CBP has scanned more than 1.4 
billion conveyances for radiological contraband, resulting in more than 
6.1 million alarms in primary and secondary operations, all of which 
have been successfully adjudicated at the proper level.
---------------------------------------------------------------------------
    \5\ As of September 1, 2017.
---------------------------------------------------------------------------
    CBP continues to look for more capable technologies that are more 
efficient and effective. For example, a key enabler of RPM efficiencies 
in the maritime environment is employing the concept of remotely-
operated RPM lanes at select seaports. CBP, together with DNDO, worked 
on a pilot throughout fiscal year 2017 to pilot RPM remote operations 
at the seaport in Savannah, Georgia. The goal is to provide CBP field 
offices and ports with increased flexibility to reduce RPM operations 
staffing demands and redirect staff to other high-priority mission 
areas where and when feasible.
    In conjunction with CBP's targeting capabilities, advancements in 
cargo screening technology provide CBP with a significant capacity to 
detect illicit nuclear and radiological materials and other contraband, 
and continue to be a cornerstone of CBP's multi-layered cargo security 
strategy.
              government and private-sector collaboration
    A critical and complementary component of CBP's effort to expand 
and strengthen cargo security is our extensive domestic and 
international partnerships with private industry and Government 
counterparts. Close collaboration with our partners increases 
information sharing, which, in turn, enhances CBP's domain awareness, 
targeting capabilities, and ability to intercept threats at, or 
approaching, our borders.
Federal Government Partnerships
    CBP works closely with its DHS partners, including the U.S. Coast 
Guard (USCG), U.S. Immigration and Customs Enforcement (ICE), and the 
Science and Technology Directorate (S&T) to coordinate cargo security 
operations and deploy advanced detection technology. Since 2011, CBP, 
USCG, and ICE have coordinated security activities through the cross-
component Maritime Operations Coordination (MOC) plan. The plan 
addresses the unique nature of the maritime environment and sets forth 
a layered, DHS-wide approach to homeland security issues within the 
maritime domain, ensuring integrated planning, information sharing, and 
increased response capability in each area of responsibility. CBP also 
collaborates with DNDO as well as with numerous agencies within the 
U.S. Departments of Defense, Energy, Health and Human Services, 
Commerce, Justice, and Treasury to promote real-time information 
sharing.
    CBP has participated in numerous joint-operations with government 
partners that led to the interdiction of illicit shipments. For 
example, Project Zero Latitude was developed due to escalation of 
foreign and domestic narcotics interceptions involving sea containers 
of produce and seafood shipments, particularly involving Ecuador. At 
the NTC, CBP conducted an analysis of historical ATS information and 
cocaine seizure data. The analysis enabled NTC to identify several 
smuggling trends that will facilitate the identification of future 
suspect shipments.
International Partnerships
    CBP also extends its cargo security efforts outward through 
strategic partnerships with foreign countries through the development 
of international cargo security programs and initiatives. One of CBP's 
most effective international cargo security programs is the Container 
Security Initiative (CSI). This initiative was established in 2002 with 
the sole purpose of preventing the use of maritime containerized cargo 
to transport a weapon of mass effect/weapon of mass destruction by 
ensuring all containers identified as potential risks for terrorism are 
inspected at foreign ports before they are placed on vessels destined 
for the United States. Through CSI, CBP officers stationed at CSI ports 
abroad and the NTC in Virginia work with host countries' customs 
administrations to identify and mitigate containers that may pose a 
potential risk for terrorism based on advance information and strategic 
intelligence. Those administrations use a variety of means, including 
detailed data assessment, NII, radiation detection technology, and/or 
physical examinations to screen the identified high-risk containers 
before they depart the foreign port.
    CBP works closely with CSI host country counterparts to build their 
capacity and capability to target and inspect high-risk cargo. Today, 
in addition to weapons detection, many CSI ports are now also targeting 
other illicit materials, including narcotics, pre-cursor chemicals, 
dual-use technology, stolen vehicles, weapons and ammunition, and 
counterfeit products. Furthermore, advancements in technology have 
enabled CBP to increase the efficiency of CSI operations without 
diminishing effectiveness by conducting more targeting remotely at the 
NTC. CBP's 60 CSI ports in North America, Europe, Asia, Africa, the 
Middle East, and Latin and Central America currently prescreen over 80 
percent of all maritime containerized cargo that is imported into the 
United States.
    CBP's strong working relationship with our foreign partners is also 
exemplified by the Secure Freight Initiative (SFI) in Qasim, Pakistan. 
Through SFI-Qasim, 100 percent of containerized maritime cargo is 
scanned (by both radiation detection and imaging equipment) prior to 
lading on-board a U.S.-bound vessel. All targeting of containers and 
monitoring of the scanning is done remotely via live video feed by CBP 
officers working at the NTC. Physical examinations are conducted at 
Port Qasim by Pakistani Customs officials and locally-engaged staff 
hired and vetted by the U.S. Consulate General in Karachi. These 
physical examinations are also monitored by live-feed at the NTC.
    Creating the process for real-time data transmission and analysis 
in Qasim required the development, installation, and integration of new 
software and equipment. CBP partnered with the U.S. Department of 
Energy (DOE) to deploy networks of radiation detection and imaging 
equipment in Qasim. Port Qasim continues to showcase the SFI program in 
a country where the government and terminal operators support the 
initiative, and where construction of dedicated facilities is possible. 
From constructing the scanning site to providing adequate staffing 
levels for SFI, the government of Pakistan remains a strong partner in 
deploying SFI operations.
    In addition to Port Qasim, Pakistan, since March 2014, CBP also 
scans 100 percent of all U.S.-bound cargo containers from the Port of 
Aqaba, Jordan, using trained and vetted foreign-service nationals to 
transmit scan data in real-time to the NTC. Similar to implementing 
operations in Qasim, CBP received the full support of the Government of 
Jordan to implement 100 percent scanning in Aqaba. In addition to that 
support, successful implementation of 100 percent scanning was possible 
due to the low-to-medium volume of U.S.-bound cargo processed through 
the port, and the small percentage of transshipped cargo, which allowed 
scanning equipment to be placed at the entrance to the port so as not 
to hinder the flow of cargo movement.
    The impact of these programs has been amplified by the close 
collaboration between CBP and DOE's Office of Nuclear Smuggling 
Detection and Deterrence (NSDD). Many CSI ports integrate into their 
operations partner country radiation detection equipment deployed by 
NSDD. In a similar fashion, CBP and NSDD collaborated in the detection 
equipment installation at the SFI operations in Qasim. The strong 
coordination between CBP and NSDD extends to information and resource 
sharing that enhances the security of maritime supply chain.
    All trading nations depend on containerized shipping for the 
transportation of manufactured goods, which underscores the importance 
of international programs such as CSI and SFI. Collaboration with 
foreign counterparts provides increased information sharing and 
enforcement, further secures the global supply chain, and extends our 
security efforts outward.
Private-Sector Partnerships
    An essential component of CBP's cargo security operations is our 
close and effective collaboration with private industry partners. For 
example, CBP works with the trade community through the Customs Trade 
Partnership Against Terrorism (CTPAT) program, which is a public-
private partnership program wherein members of the trade community 
volunteer to adopt tighter security measures throughout their 
international supply chains in exchange for enhanced trade 
facilitation, such as expedited processing. CTPAT membership has 
rigorous security criteria and requires extensive vetting and on-site 
visits of domestic and foreign facilities. This program has enabled CBP 
to leverage private-sector resources to enhance supply chain security 
and integrity.
    CTPAT membership has grown from just 7 companies in 2001 to more 
than 11,180 certified partners today, accounting for more than 54 
percent (by value) of goods imported into the United States. The CTPAT 
program continues to expand and evolve as CBP works with foreign 
partners to establish bi-lateral mutual recognition of respective 
CTPAT-like programs. Mutual Recognition as a concept is reflected in 
the World Customs Organization's Framework of Standards to Secure and 
Facilitate Global Trade, a strategy designed with the support of the 
United States, which enables customs administrations to work together 
to improve their capabilities to detect high-risk consignments and 
expedite the movement of legitimate cargo. These arrangements create a 
unified and sustainable security posture that can assist in securing 
and facilitating global cargo trade while promoting end-to-end supply 
chain security. CBP currently has signed Mutual Recognition 
Arrangements with New Zealand, the European Union, South Korea, Japan, 
Jordan, Canada, Taiwan, Israel, Mexico, Singapore, and the Dominican 
Republic and is continuing to work toward similar recognition with 
China, Brazil, Peru, Uruguay, and India.
    CBP also collaborates with port and terminal operators to enhance 
its agility, responsiveness, operational efficiencies, and unwavering 
commitment to our mutually supporting objectives of safety, security, 
and prosperity. CBP recently launched the Advanced Qualified Unlading 
Approval Lane (AQUA Lane), an expedited clearance system for CTPAT sea 
carriers arriving at CTPAT terminal port operators that qualify under a 
set of predetermined mandates to allow them to immediately unlade their 
cargo (only) upon arrival in the United States. This CTPAT benefit 
provides the trade community with monetary savings in terms of labor 
costs, as well as additional container movement efficiency and delivery 
predictability.
    CBP has also been re-engineering our operations in collaboration 
with the Port of Los Angeles' Trans Pacific Container Service 
Corporation (TraPac). The TraPac terminal in the Port of Los Angeles 
has invested in technology and infrastructure to upgrade the terminal 
to an automated terminal environment that supports both the targeted 
NII X-ray/gamma-ray imaging of targeted commerce, and the 100 percent 
mandated radiation scanning of all incoming commodities at the TraPac 
terminal. In a joint effort, TraPac, DNDO, and CBP developed a new and 
innovative method for automated radiation scanning of in-bound 
containers in the terminal's intermodal rail yard. Since December 2016, 
the terminal's automated conveyor systems transport in-bound containers 
through CBP RPMs before the containers are loaded onto railcars.
    Similar to TraPac, through a public-private partnership agreement, 
CBP and DNDO continue to work with the Northwest Seaport Alliance to 
employ a straddle carrier portal at the Pierce County Terminal in 
Tacoma, Washington. The straddle carrier portal will provide a fixed 
portal radiation scanning capability that will require fewer CBP 
personnel to conduct radiation scanning of cargo containers and will 
allow the port to regain some of its operational footprint and more 
quickly process cargo destined for rail transportation.
                               conclusion
    CBP's targeting activities and advanced technology enhances CBP's 
capability to assess whether U.S.-bound maritime cargo poses a risk to 
the American people. Working with our government, international, and 
private industry partners, CBP's cargo security programs help to 
safeguard the Nation's borders and our seaports from threats--including 
those posed by radiological weapons.
    Chairman McCaul, Ranking Member Thompson, and distinguished Members 
of the committee, thank you for the opportunity to testify today. I 
would be pleased to answer your questions.

    Chairman McCaul. Thank you, Mr. Martel.
    Chair now recognizes Mr. Seroka.

STATEMENT OF EUGENE D. SEROKA, EXECUTIVE DIRECTOR, THE PORT OF 
                          LOS ANGELES

    Mr. Seroka. Thank you, Chairman McCaul, Ranking Member 
Thompson, and Members of the House Homeland Security Committee.
    My name is Gene Seroka. I am the executive director here at 
the Port of Los Angeles. On behalf of our mayor, Board of 
Harbor Commissioners, along with the women and men who do the 
work at our port complex, it is a distinct honor to host this 
important and timely hearing at America's port.
    Today's hearing seeks to examine the physical and 
cybersecurity of our Nation's ports. I cannot think of a better 
place to begin that examination than right here at the Port of 
Los Angeles.
    While the port is immense in scale, covering 7,500 acres of 
land, 43 miles of waterway, 100 miles of rail configuration, 
including 27 terminals and 270 berths, its scale is perhaps 
exceeded only by its scope.
    We are the Nation's busiest container port. Setting a 
record among last year as the busiest container port in the 
Western Hemisphere, moving more than 9.2 million 20-foot 
equivalent units.
    Together with our neighboring Port of Long Beach, we handle 
goods to and from each and every one of our Nation's 435 
Congressional districts, account for more than 40 percent of 
our Nation's imports, and 30 percent of our Nation's exports.
    All told, the trade through our complex has an economic 
impact in excess of US$311 billion and related to over 3 
million jobs throughout the country.
    The scale and scope of our cargo operations gives us an 
outsized role in the Nation's economic prosperity. So it is a 
matter of course that we treat our responsibility to protect 
this critical piece of America's trade infrastructure with the 
highest of importance.
    Security starts with our Los Angeles Port Police force, a 
specialized law enforcement agency that operates 24 hours a 
day, 7 days a week, protecting the port from threats, whether 
it be by land, sea, air, or cyber space.
    The capabilities of our police force include canine units 
used to search vessels and containers, full-time dive unit to 
inspect critical infrastructure, and sea marshals program for 
all inbound and outbound cruise ships and vessels of interest.
    Our Port Police has a long and impressive track record of 
successful joint operations with other law enforcement 
agencies, our State partners and Federal partners alike, 
including the United States Coast Guard, the FBI, Secret 
Service, Department of Homeland Security, and especially 
Customs and Border Protection.
    There are two areas the Federal Government can assist our 
Port Police in maintaining the physical security of the port 
complex: Training and equipment.
    With respect to training, the Port Police provides only 
POST-Certified and Federally-recognized regional Maritime Law 
Enforcement Training Center on the West Coast of the United 
States. We call it MLETC.
    The curriculum, approved by Federal Law Enforcement 
Training Center, includes coursework in law enforcement, 
maritime operations, underwater improvised explosion detection, 
tactical and boarding operations training. The MLETC also hosts 
Federally-recognized emergency management training, as provided 
by Texas A&M engineering extension.
    Future grant funding or Federal support would help us 
enormously in this continuing effort to provide a highly 
specialized training right here on the West Coast.
    With respect to equipment. The extended border efforts of 
CBP, internationally and Nationally, is of great importance to 
the region and the Nation.
    We ask for support in CBP's recapitalization projects to 
leverage technology and human effort in the detection of 
weapons, contraband, and emerging highly dangerous narcotics, 
as demonstrated by the deadly opiate epidemic.
    As you know, many of these substances are incredibly toxic, 
deadly to users, and of great concern to unsuspecting labor, 
workers, law enforcement personnel, among others, that 
encounter these compounds.
    Finally, I would like to focus my remaining remarks on 
cybersecurity. The Port of Los Angeles is especially sensitive 
to the needs for cybersecurity protection because of our 
organization and the rest of the maritime shipping industry, 
for that matter. It is becoming increasingly reliant on digital 
industrial infrastructure.
    In 2014, the port established the Nation's first port 
cybersecurity operations center. Some of you witnessed that 
today, where more than 20 million cyber intrusion attempts per 
month are thwarted right here at the Port of Los Angeles. That 
is 7 to 8 attacks every second on our port complex.
    The center is run by a dedicated cybersecurity team and 
acts as a centralized location proactively monitoring network 
traffic to prevent and defect cyber incidents. It is also able 
to contain and manage any attacks that can be discussed with 
law enforcement agencies, like the FBI, the Secret Service, and 
local law enforcement for investigation purposes.
    But we know there is much more that needs to be done. The 
recent cyber attack on Maersk and A.P. Moller terminals was a 
call to action for all of us. We know that we must move swiftly 
to address cross-sector risk.
    The port ecosystem is a complicated one, relying on 
vendors, logistics companies, multitudes of clients, and 
transportation service providers. Adding in other critical 
infrastructure providers like energy, communications, 
information technology sectors, and the need to address our 
collective vulnerability becomes an absolute necessity for all.
    To that end, we recommend continued and focused engagement 
with the broader maritime industry to identify and disseminate 
best practices, assist in assigning roles and responsibilities, 
assist in educating, informing, and improving the way industry 
conducts vulnerability assessments, leverage port security 
grant programs to incent cybersecurity applications, and look 
at ways to improve information sharing in and across the 
maritime industry, promoting cybersecurity awareness, 
preparedness, and response standards.
    With that, I conclude my remarks for this afternoon.
    [The prepared statement of Mr. Seroka follows:]
                 Prepared Statement of Eugene D. Seroka
                            October 30, 2017
    Chairman McCaul, Ranking Member Thompson, and Members of the House 
Homeland Security Committee: I'm Gene Seroka, executive director of the 
Port of Los Angeles, and on behalf of our Board of Harbor Commissioners 
and the men and women who work in our port complex, it is my pleasure 
to welcome you to America's Port. I appreciate this opportunity to 
testify before you today and play a role in shaping a critical area of 
need in the maritime shipping community. With respect to our physical 
security and cybersecurity preparedness the Port takes its 
responsibilities seriously and has a robust security and emergency 
preparedness plan to prevent and manage either natural or man-made 
disasters.
    In order to protect our Port, we created and continue to expand the 
capabilities of a security infrastructure that fully integrates both 
physical and cybersecurity preparedness throughout the port complex, 
and supports coordinated rapid response with law enforcement agencies. 
Our infrastructure connects port-wide surveillance systems, and 
integrates a variety of measures including access control, 
communications, and intrusion detection systems. Recognizing the 
magnitude of the task of securing our gateway, we have invested 
hundreds of millions of dollars of our own funds in our security 
infrastructure. At the same time, finding opportunities for assistance 
from Federal grants is paramount and an area where we continue to look 
for support from Congress. Regarding our level of coordination with law 
enforcement, as demonstrated earlier today on your various site visits, 
the Port works hand-in-hand with local law enforcement agencies, our 
State partners, and our Federal partners--including the U.S. Coast 
Guard (USCG), the U.S. Customs and Border Protection (CBP), the Federal 
Bureau of Investigation (FBI), the U.S. Secret Service, and the U.S. 
Department of Homeland Security (DHS).
    The Port of Los Angeles is especially sensitive to the needs for 
cybersecurity protection because we believe the maritime shipping 
industry, while already having integrated technology throughout the 
system, is becoming increasingly reliant on digital industrial 
infrastructure.
    Last year, we partnered with GE Transportation to develop a first-
of-its-kind port visibility tool that allows our supply chain 
partners--from the cargo owners to the liner shipping companies and 
everyone involved with the cargo conveyance process--to achieve more 
efficient operations through secure, channeled access to big data. 
Earlier this year, we piloted the tool at our largest terminal with 
tremendous assistance from U.S. Customs and Border Protection. The 
success of the pilot has encouraged us to expand the portal to the rest 
of our terminals.
    While the digitization of the maritime supply chain is an exciting 
opportunity, earlier this year, we also saw the vulnerabilities 
associated with application of digital infrastructure to our 
operations. In June, the information systems of one of our industry's 
largest companies, Maersk, was compromised by a cyber attack. The 
global cybersecurity attack called ``nonPetya'' severely impacted 
Maersk's operations, both globally and at the Port. The reverberations 
of that attack were felt here at the Port of Los Angeles, where one of 
largest terminals shut down out of an abundance of caution. Recent 
reports indicated the incident cost Maersk over $300 million. This 
incident, coupled with the increasing reliance on digital 
infrastructure, should be a ``call to arms'' for the industry.
    We applaud you, Mr. Chairman and Ranking Member, for your 
leadership on the passage of the Cybersecurity Information Sharing Act 
(CISA) in 2015. We also want to acknowledge the work of Congressmembers 
Torres, Correa, and Barragan, all of whom are here with us today, along 
with their other co-sponsors, for all of their work on the recent House 
passage of H.R. 3101, ``Strengthening Cybersecurity Information Sharing 
and Coordination in our Ports Act of 2017.'' We support that 
legislation and believe that cybersecurity information sharing is a key 
tool to help protect our ports and maritime community against 
cybersecurity attacks.
    Furthermore, we appreciate the partnership with the U.S. Coast 
Guard (USCG) and have worked collaboratively with them for many years. 
We appreciate the guidance issued in December 2016 to clarify the 
reporting of suspicious activities and breaches of security to include 
cybersecurity. We believe the Maritime Transportation Safety Act (MTSA) 
addresses the key risks to the industry and that it can be flexible 
enough to manage cybersecurity risks as well as others in the industry. 
At the same time, the USCG issued a notice for comment in July, the 
draft Navigation and Inspection Circular (NVIC) Guidelines for Cyber 
Risks at MTSA regulated facilities which provided guidance on how 
cybersecurity risks should be integrated into Facility Security 
Assessments (FSAs).
    Among ports, we at the Port of Los Angeles have worked to be a 
leader on cybersecurity issues for many years. We built and created a 
comprehensive Cyber Security Operations Center (Center) that has been 
operational since 2014--the first of its kind for any U.S. port. The 
Center plays an invaluable role for the Port and is managing an 
unprecedented level of attacks: Over 20 million cyber intrusion 
attempts per month, literally 7 to 8 attacks every second on average. 
The Port is seeing a growing volume and variety of malicious cyber 
attacks ranging from denial-of-service attacks, more standard data 
breaches, botnet, and malware attacks along with possible insider 
threats.
    The Center is literally the centerpiece of our cybersecurity 
operation. It is run by a dedicated cybersecurity team and is used as a 
centralized location to proactively monitor network traffic to prevent 
and detect cyber incidents. It is also able to contain and manage any 
attacks that can then be discussed with law enforcement as needed for 
investigation purposes. It uses advanced systems to proactively monitor 
and prevent, detect, and respond to cyber attacks. It also collects 
data that can be analyzed and shared with other agencies, such as the 
FBI, the U.S. Secret Service, and local law enforcement.
    Partial funding for the development of the Center came through the 
Port Security Grant Program with the majority of the funds coming from 
the Port. It is ISO 27001 certified, the recipient of American 
Association of Port Authorities IT Awards of Excellence in 2014 and 
2016, and has been featured in several Nation-wide publications. The 
Port of Los Angeles is the only U.S. port authority with an ISO 27001 
certified Cyber Security Operations Center. However, our work is far 
from finished--much more needs to be done.
    To that point, while the Port is working to manage its own systems, 
we know that there is cross-sector risk that comes from all of the 
players in the Port environment. As mentioned, the Port environment is 
one where we are seeing increasing digitization; so it is critical that 
cybersecurity be imbedded in the front end--ensuring there is 
``security by design'' in the process. As you might imagine, the port 
ecosystem is a complicated one, relying on vendors, supply chain 
providers, the multitude of clients and service providers. To add 
another layer of complexity, the Port also relies on other Critical 
Infrastructure (CI) providers like the energy, communications, and 
information technology sectors as well. In many cases, the Port may not 
have visibility into any of these partners or other CI sectors 
cybersecurity posture, and as a result, cyber risk exists throughout 
that system. In light of the constantly rising cybersecurity attacks 
and systemic risks to the maritime sector, it is critical that the port 
and maritime community come together to discuss the shared risk and 
tools to approach the risk. To that end, we would recommend a number of 
policy initiatives for review and consideration together:
    1. Create a seamless effort between the U.S. Coast Guard and the 
        National Program and Protection Directorate (NPPD) at the U.S. 
        Department of Homeland Security to help the maritime industry 
        break down and share best practices to manage cybersecurity 
        risk from the operational impacts on a cyber attack to the more 
        traditional data breach attacks.
    2. Continue efforts working with the maritime sector so we better 
        understand how to assign roles and responsibilities to the 
        multiple players in the cybersecurity world, including the 
        USCG, NPPD, FBI, Secret Service, law enforcement etc.
    3. Run National-Level Exercises that include cybersecurity attacks 
        on the maritime sector to better inform and focus the need for 
        cybersecurity vulnerability assessments, preparing cyber 
        incident response plans, and other basic cyber planning and 
        response exercises.
    4. Incentivize cybersecurity project applications to the Port 
        Security Grant Program funding programs; waive the cost-share 
        requirements for cybersecurity assessments at major trade 
        gateways, and maintain the Port Security Grant Program funding 
        level at $100 million.
    5. There is a need for increased CBP maritime staffing to ensure 
        the security of passenger and freight facilities, and there is 
        a need for CBP detection equipment to be upgraded to ensure new 
        technologies are utilized to detect security risks and provide 
        cybersecurity safeguards at major port gateways.
    6. Work to evaluate the current status of existing maritime 
        Information Sharing and Analysis Centers (ISAC) to measure the 
        effectiveness and value of maritime only ISACs.
    7. Expand engagement with the International Maritime Organization 
        (IMO) and other applicable international organizations to 
        increase global maritime cybersecurity awareness, preparedness, 
        and response standards.
    The Port of Los Angeles is the largest container port in the 
country and an important economic driver for the Nation. U.S. seaports 
need to remain a high priority when determining projects to enhance our 
country's position in the global trade market. In order to compete in 
the international marketplace, our facilities and infrastructure needs 
to be maintained at the highest level with continued Federal 
investment.
    The Port of Los Angeles would like to thank the committee for 
holding this hearing as the importance of this topic cannot be 
understated. Our Nation's ports cannot be forgotten when security is at 
the forefront of maintaining our National economy.
    The Port of Los Angeles takes a great deal of pride in being a 
model for port security infrastructure. We trust that Congress will 
take the necessary action to ensure that the Port of Los Angeles and 
ports across the country receive the necessary funding to continue to 
make infrastructure improvements. With the proper focus on security 
infrastructure, the United States will continue to lead the world in 
international trade well into the 21st Century.

    Chairman McCaul. Thank you, Mr. Seroka.
    The Chair now recognizes Mr. Cordero.

  STATEMENT OF MARIO CORDERO, EXECUTIVE DIRECTOR, THE PORT OF 
                           LONG BEACH

    Mr. Cordero. Thank you, Chairman.
    Chairman McCaul, Ranking Member Thompson, and Members of 
the committee, thank you for the opportunity to speak on port 
security matters this afternoon.
    My name is Marco Cordero, and I am the executive director 
of the Port of Long Beach. Prior to joining the port, I served 
as chairman of the Federal Maritime Commission. As a former 
Federal appointee, I can appreciate the importance of Federal 
and local partnership with regard to securing our Nation's 
ports.
    As the second-busiest seaport in the United States, the 
Port of Long Beach is a major gateway for U.S.-Asia trade. We 
support more than 1.4 million jobs Nation-wide, and in 2016 
moved more than 6.8 million TEUs, also known as containers. We 
are on pace for 7 percent growth for year-end 2017.
    Combined with the Port of Los Angeles, we comprise the 
busiest port complex in the Nation and the ninth busiest in the 
world. In 2016, combined, we moved 400 billion in containerized 
trade, which is 40 percent of the Nation's import cargo.
    Since the terror attacks of September 2001, the port has 
received more than 1.6 billion in Federal grants to compliment 
the extensive investments by the port, the city of Long Beach, 
marine terminal operators, and carriers to ensure that the 
Nation's largest container gateway remains open and safe.
    This is a multi-layer security effort that requires the 
continued participation of funding by our Federal partners. We 
appreciate the Federal support and hope that this program will 
not be further reduced beyond the annual $100 million 
appropriation.
    The safety and security of the port is of utmost 
importance. Our Joint Command and Control Center, a 24/7 
maritime domain awareness center, is a critical hub for 
coordinating security efforts that include partnerships with 
local, State, and Federal law enforcement agencies as well as 
maritime and private-sector stakeholders.
    Through innovative efforts, the port has a monitoring 
network of over 400 cameras, a comprehensive fiber-optic 
network, an integrated security management system for 
synchronized monitoring, and quick threats detection, access 
control and alarm monitoring, boat patrols, radar systems, a 
vessel tracking system, and sonar equipment.
    Securing the flow of goods to and from the United States is 
a complex mission involving numerous partners across the globe. 
Together, these partners, the port seeks to secure the global 
supply chain through a broad range of tools, including 
information sharing, risk-based analytics, and the application 
of advanced technologies.
    We understand the Congressional interest in 100 percent 
scanning of all incoming cargo. Although a worthy goal, there 
are formidable practical challenges for ports like Long Beach 
and Los Angeles that handle over 15 million containers per 
year. Such challenges include technology and funding for 
equipment and personnel to handle these high volumes.
    We see value in deepening the level of engagement with 
global partners and utilizing big data to target those 
containers that pose a concern.
    The port also strongly supports the continuation of 
programs like the Customs Trade Partnership Against Terrorism 
that incentivized shippers to secure each step in the supply 
chain.
    Landside security is of critical importance. The port is 
extending additional layers of protection by developing 
analytics and sensors to better forecast the landside movement 
of goods to and from the port, rely heavily on information 
technology to operate as well as to secure the port and complex 
and its assets.
    As you know, with increased reliance on technology comes 
the increase on ability to cyber attack. As an example, the 
port's information management division successfully thwarts 
over 30 million threats a month.
    In addition to man-made cyber threats, the maritime sector 
is also susceptible, as we all know, to technology disruption 
from natural hazards and disasters.
    Business resiliency is a critical part of the port's on-
going cybersecurity planning. Preparation, response, and 
recovery planning are paramount to ensure that we assume 
operations swiftly. Protocols must be clear on how to best 
contain an incident to prevent further interruption, and 
response teams must have specialized training and be prepared 
to engage.
    There is not a one-size-fit-all solution because each port 
has a different business model. Our information management 
division has developed and implemented an enterprise-wide on-
line cybersecurity awareness training program. It is believed 
that once cyber operations are understood on an enterprise-
level systems and protocols can be organized to continuously 
promote cybersecurity throughout the organization.
    We also understand the importance of vulnerability 
assessments to identify the prioritized gaps that could lead to 
interruptions affecting key operations. The port has undergone 
regular assessments over the years and plans to continue this 
practice.
    Our decisions must be information-driven. An environment 
that promotes the sharing of information which includes 
balancing the need to protect property information, or 
proprietary information, with protecting our National critical 
infrastructures.
    Last, a new and potential threat to safety and security is 
that of unmanned aerial systems.
    The unhindered operation of UAS near terminals and ships 
could pose an immediate danger to the port complex and 
operations. UAS operations in vulnerable areas must be 
restricted and local first responders should be deemed the 
enforcement entity authorized to mitigate threats. We believe 
this type of enforcement is better delegated to local public 
safety personnel working in conjunction with Federal partners.
    Mr. Chairman, thank you for the opportunity to address the 
committee. Protecting U.S. ports must be a core capability of 
our Nation. We appreciate the support of this committee, and we 
stand ready to work with you and your staff to protect the 
people and economic vitality of our ports.
    [The prepared statement of Mr. Cordero follows:]
                  Prepared Statement of Mario Cordero
                            October 30, 2017
                              introduction
    Thank you, Chairman McCaul and Members of the House Homeland 
Security Committee for the opportunity to speak on the subject of port 
security, including cargo screening, cybersecurity and industry 
partnerships in the maritime environment. My name is Mario Cordero and 
I am the executive director for the Port of Long Beach. Prior to 
joining the Port as the executive director, I served as chairman of the 
Federal Maritime Commission and before that I served as a Long Beach 
Harbor Commissioner.
                               background
    As the second-busiest seaport in the United States, the Port of 
Long Beach is a major gateway for U.S.-Asia trade and a recognized 
leader in security. The Port is an innovative provider of state-of-the-
art seaport facilities and services that enhance economic vitality, 
support jobs and improve the quality of life and the environment. As a 
major economic force, the Port supports more than 30,000 jobs in Long 
Beach, 316,000 jobs throughout Southern California and 1.4 million jobs 
throughout the United States. In 2016, the Port of Long Beach moved 
more than 6.8 million 20-foot equivalent units (TEUs) of cargo, also 
known as containers. The Port's cargo containers account for nearly 33 
percent of the containers moving through U.S. West Coast ports, and 
nearly 1 in 5 moving through all U.S. ports. Currently, the Port is on 
pace for a 7 percent growth for 2017.
    Combined with the Port of Los Angeles, both ports comprise the San 
Pedro Bay, the busiest port complex in the Nation and the ninth-busiest 
port complex in the world. Together, the two ports moved $400 billion 
in containerized trade or nearly 16 million TEUs in 2016. This includes 
almost 40 percent of the Nation's imported cargo. A 2010 report 
commissioned by both ports and the Alameda Corridor Transportation 
Authority found that cargo moving through the San Pedro Bay Port 
Complex, made its way to every Congressional district in the 
continental United States. As a result of the volume of cargo moved 
through this complex and transportation-related activities, protecting 
the San Pedro Bay ports is vital to our National economy.
                             port security
    Safety and security are among the top priorities at the Port of 
Long Beach. Since the terror attacks of September 11, 2001, the Port 
has received more than $1.6 billion in Federal grants to complement the 
extensive investments made by the Port, the city of Long Beach, marine 
terminal operators and carriers to ensure the Nation's largest 
container gateway remains open and safe.
    The Port of Long Beach's Security Division collaborates regularly 
with the Federal Bureau of Investigation (FBI), U.S. Customs and Border 
Protection (CBP), U.S. Coast Guard (USCG), the Long Beach Police and 
Fire departments, as well as other Federal and State law enforcement, 
security, and emergency-response agencies. Ensuring the security of 
major international gateways like the Port of Long Beach is a multi-
layered security effort that requires the continued participation of 
and funding by Federal partners. Since 2001, we have responded to 
evolving threats to the integrity of the Port, threats that now include 
cyber attacks. In addition, a threat that also has real potential for 
damage or disruptions is from unmanned aerial systems.
    The Port takes a leadership role in the development of strategies 
to mitigate security risks in the San Pedro Bay, working closely with 
multiple partners, both public and private, to plan and coordinate 
security measures. Based on our professional experience, we recognize 
threats and formulate the best mitigation strategies. The Port of Long 
Beach's Joint Command and Control Center, a 24-hour-a-day maritime 
domain awareness center, is a critical hub for coordinated security 
efforts that include partnerships with local, State, and Federal law 
enforcement agencies as well as maritime and private-sector 
stakeholders. Formalized agreements have been made with these partners 
to share security information, coordinate threat information, develop 
plans and coordinate operations.
    The Control Center houses over $100 million in technical security 
assets. Through innovative efforts, the Port has a monitoring network 
of over 400 cameras, a comprehensive fiber-optic network, a port-wide 
wireless system, an integrated security management system for 
synchronized monitoring and quick threat detection, access control and 
alarm monitoring, boat patrols, radar systems, a vessel tracking 
system, and sonar equipment. In addition, law enforcement operations 
have been fully integrated between the Port of Long Beach Harbor Patrol 
and the Long Beach Police Department.
Cargo Screening
    Securing the flow of goods to and from the United States is a 
complex mission, involving governments, businesses, and non-profit 
organizations across the globe. And, the Port of Long Beach represents 
a key player in this mission. Together with these partners, the Port 
seeks to secure the global supply chain through a broad range of tools 
including information sharing, risk-based analytics, and the 
application of advanced technologies. While we understand Congressional 
interest in 100 percent scanning of all incoming cargo at our Nation's 
ports, to do so would impede the flow of commerce to a halt and require 
an unprecedented investment in technology and personnel at each of the 
hundreds of terminals across the Nation. A greater return on investment 
can be made by deepening the level of engagement with global partners 
and utilizing ``big data'' to target those containers that pose a 
concern. The Port strongly recommends continuing to invest in programs 
such as Custom's Trade Partnership Against Terrorism that incentivize 
shippers to secure each step in the supply chain, rather than focusing 
on a single step in the process.
    As it relates to ``big data'', the Port is actively working with 
Federal partners to tap into their targeting capabilities to provide a 
coordinated response to vessels and cargos of interest. The Port of 
Long Beach is extending these layers of protection landside by 
developing analytics and sensors to better forecast the landside 
movement of goods to and from the port. This will not only better align 
Port personnel and security infrastructure deployments, it also 
improves the efficiency of our local and intermodal operations. These 
efforts have been achieved by investments from the Port and the Port 
Security Grant Program (PSGP). Reductions to the PSGP has placed 
constraints on the ability of ports around the Nation to sustain these 
investments and it is recommended that Congress restore the Port 
Security Grant Program to the $400 million level so that U.S. ports can 
continue to stay one step ahead of adversaries.
Cybersecurity
            Information Technology Risk and Cybersecurity
    The number of U.S. data breaches across educational institutions, 
shipping firms, Government agencies, military, medical facilities, 
financial firms and other businesses jumped to a record to a record 791 
in the first 6 months of 2017. This is a 29 percent increase from the 
same time period in 2016. Information technology is a critical 
component of the goods movement system. The Port is tightly integrated 
with various stakeholders across the supply chain and it is essential 
that data exchanged between stakeholders is protected.
    Phishing campaigns targeting general port staff and stakeholders 
have increased by up to 70 percent throughout the Nation. Cyber attacks 
are increasingly targeting the sectors of the economy that have 
traditionally underspent in the information management and technology 
areas. For both the private and public sectors, it is a matter of when, 
not if, a cyber attack will take place.
    The Port of Long Beach's Information Management Division 
successfully thwarts over 30,000,000 threats a month. The goal is to 
build a sustainable program that balances the need to protect against 
cyber attacks while balancing the need to run the Port's business. In 
this information era, new technologies are outpacing traditional 
information security controls.
            Maritime Sector Application
    The Port of Long Beach relies heavily on information technology to 
operate, as well as to secure the port complex and its assets. Like 
other industries, the maritime sector has seen an increase in cyber 
attacks, in part because ports are National economic drivers and manage 
critical infrastructure. That is why, in addition to above water, on 
water, and underwater security monitoring and threat detection, 
cybersecurity has become a critical endeavor for the Port.
    Private-sector businesses, such as terminal operators, control a 
substantial portion of the Port's economic activity through a wide 
variety of facilities. In the port complex, the targets for major cyber 
threats include; port administration facilities, shippers, vessels, 
terminal operating systems, equipment, storage facilities, rail, and 
truck operations. Potential perpetrators who could carry out cyber 
attacks include state-sponsored criminal groups and individuals, either 
inadvertent or intentional. Cyber threats to the maritime environment 
include; hacking, jamming, phishing, spoofing, malicious programs, 
taking control, and network denial-of-service.
    Some of the motivating factors for cyber criminal activities may 
involve smuggling, cyber extortion, gaining business advantage, 
intellectual property theft, and disrupting or destroying critical 
National infrastructure. In addition to man-made cyber threats, the 
maritime sector is also susceptible to technology disruption from 
natural hazards such as earthquakes, hurricanes, and tsunamis. Threats 
to ports and their partners are dangerous to the large number of 
workers, travelers, and visitors in and around the port community. 
Coupled with the potential catastrophic economic impacts, maritime 
cyber events could impact our National well-being as much as, if not 
more than, other types of attacks.
    Business resiliency has become a critical part of the Port's on-
going cybersecurity planning. Reducing the potential for single-point 
failure, building redundancy into technology systems, and system 
recovery back-up processes are vital to ensuring ports remain viable 
and resume operations as swiftly as possible in the event of an 
incident.
    Response and recovery are critical to successful mitigation and 
business resumption. Protocols must be clear on how to best contain an 
incident to prevent further interruption, and response teams must have 
specialized training and be prepared to engage 24/7. Protocols should 
make clear who receives notice of the event and what assets are 
available to quickly assist. In a port environment, a resilient 
logistics chain needs to be able to absorb a business interruption and 
then quickly resume an acceptable level of goods movement. In order to 
develop a comprehensive resiliency plan to address cybersecurity, 
factors that should be addressed include: Infrastructure needs and 
protection, transportation systems, and development of business 
continuity plans.
            Addressing Challenges
    There are a number of challenges that must be addressed to enhance 
cybersecurity in maritime environments. There is not a one-size-fits-
all solution because each port has a different business model. A lack 
of awareness about an organization's own systems creates opportunities 
for exploitation at a basic level. Information technology systems can 
be a patchwork of legacy structures, some integrated with newer 
technologies. These systems can be administered by operators with a 
myopic focus resulting in the ``siloing'' effect. The ``siloing'' 
effect is not an information technology problem. It is an 
organizational and cultural issue that takes effort to change. At the 
Port of Long Beach, there is an on-going effort to align the enterprise 
Information Management function with the special needs of the Security 
Division.
    The Port of Long Beach's Information Management Division has 
developed and implemented a well-received enterprise-wide on-line 
cybersecurity awareness training program. Best practices show that 
information security requires shaping appropriate behavior in people as 
well as making sure funding is allocated at the appropriate level for 
rapid detection and response approaches. It is expected that by 2020, 
60 percent of enterprises, information security budgets will be 
allocated for rapid detection and response approaches, up from less 
than 30 percent in 2016.
Solutions
    Solutions to these cybersecurity challenges exist. All entities 
must take inventory and identify their own systems and capabilities, 
which includes identifying employee and contractor access to port 
facilities and information systems. In assessing impacts, it has been 
determined that people cause the most damage. The Port of Long Beach 
has taken a leadership role in having implemented extensive 
cybersecurity awareness. Some terminal operator stakeholders have 
requested that the Port aid them in developing similar programs. It is 
believed that once cyber operations are understood on an enterprise 
level, systems and protocols can be organized to continuously promote 
cybersecurity throughout the organization. Legacy systems can be 
evaluated and updated to meet the ever-changing cybersecurity needs.
    The next step in achieving awareness is to have a comprehensive 
vulnerability assessment conducted by subject-matter experts. It is 
critical to identify and prioritize gaps that could lead to 
interruptions affecting key operations. The Port of Long Beach has 
undergone regular assessments over the last several years from well-
respected partners and plans on continuing this practice. The 
governance of a comprehensive enterprise-wide cybersecurity program 
that is integrated into a larger stakeholder framework continues to be 
one of our key information technology goals.
    When a cyber attack occurs, decisions must be driven by 
information. An environment that promotes the sharing of information 
will include balancing the need to protect propriety information with 
protecting our national critical infrastructures. The city of Los 
Angeles created a Cyber Security Fusion Center to facilitate the 
exchange of cyber information, and the Ports of Long Beach and Los 
Angeles both have access. The Port of Long Beach takes pride in being 
led by our Information Management Division in being recognized as 
National Cyber Security Alliance--Cyber Security Champion since 2010.
    The Port also participates in the San Pedro Bay Cyber Working Group 
and the Critical Infrastructure Partnership Advisory Council. The USCG 
Sector Los Angeles/Long Beach, Area Maritime Security Committee has 
approved a committee and we are active participants and the Information 
Technology function provided a presentation on the latest information 
on proactively preventing cyber attacks. This information was shared 
with everyone and provided to the USCG leader for inclusion in the on-
going sharing efforts. In 2016, the Port of Long Beach staff 
participated in Cyber Guard 2016, a National-level cybersecurity 
exercise sponsored by Department of Defense, Department of Homeland 
Security, and FBI. As cyber threats cross traditional physical and 
jurisdictional boundaries, we support the involvement of State, local, 
and private stakeholders in a comprehensive, National-level exercise 
program.
    The USCG's focus on cybersecurity in the maritime sector has 
created a need for specialized mission requirements. These requirements 
must be supported through adequate funding to develop and acquire 
subject-matter experts and other resources to deliver meaningful 
guidance to ports around the country. Valuable guidance has been 
provided by the National Institute of Standards and Technology's (NIST) 
Framework for Improving Critical Infrastructure Cyber Security. 
Coordination between NIST and the USCG will continue to lead the way in 
formulating the strategies required for a more comprehensive National 
cybersecurity posture. There should not be one-size-fits-all approach 
to managing cybersecurity risk because each port or logistics partner 
will experience different threats and vulnerabilities, as well as have 
different capabilities to address them.
                        unmanned aerial systems
    The Port of Long Beach is also actively following the discussion of 
incorporating Unmanned Aerial Systems (UAS) into the National airspace. 
While the Federal Aviation Administration (FAA) Extension, Safety, and 
Security Act called for enforcing regulations to allow operators of 
critical National infrastructure to apply to prohibit or restrict UAS 
operation adjacent to these facilities, no such rule was promulgated. 
Enacting this legislation is crucial to the safety of those who work in 
the port complex. The UAS industry has quickly outpaced the Federal 
rulemaking process. The unhindered operation of UAS's near terminals 
and ships could pose an immediate danger. UAS operations in areas where 
they present an inherent danger must be restricted and first responders 
should be deemed the enforcement entity authorized to mitigate threats.
    The Port of Long Beach's Board of Harbor Commissioners recently 
approved a UAS permitting and enforcement mechanism, but based upon 
current case law citing Federal pre-emption, the Port is limited to 
only regulating the take-off and landing. As a result, we are 
supportive of the language added to the FAA Reauthorization Act of 2017 
to further study the potential gaps between existing Federal, State, 
and local laws. A review of the time it will take to develop a 
comprehensive look at the full range of local efforts and juxtapose 
them against the ever-evolving Federal authorities could take years. 
Port staff has also identified significant gaps between what the FAA 
can enforce and where local enforcement can act. The FAA appears to 
have a limited footprint in the field and cannot respond to reports of 
UAS flying near critical infrastructure or in a careless and reckless 
manner. It is believed that this type of enforcement is better 
delegated to local public safety personnel, working in conjunction with 
their Federal partners.
                               conclusion
    It is important to recognize that while we vigorously try, no one 
can stop all attacks. It's a matter of when, not if, and being prepared 
with a response plan that involved both technology and information 
recovery as well as making sure this is integrated into our Business 
Continuity program. Protecting U.S. ports must be a core capability of 
our Nation. There seems to be either high-level discussion about 
cybersecurity or fragmented tactical-level technical detail. Focusing 
on the development of common frameworks and strategic policies is 
sorely needed. A road map that provides guidance and flexibility for 
industry decisions makes sense and will strengthen our National 
cybersecurity posture.
    Thank you again for the opportunity to address the committee on 
these critical issues. The Port of Long Beach stands ready to work with 
you and your staff to help protect the people and economic vitality of 
the United States.

    Chairman McCaul. Thank you, sir.
    Chair now recognizes Mr. Familathe.

   STATEMENT OF RAY FAMILATHE, INTERNATIONAL VICE PRESIDENT, 
          INTERNATIONAL LONGSHORE AND WAREHOUSE UNION

    Mr. Familathe. Good afternoon, Chairman McCaul and Members 
of the committee.
    Thank you for inviting me here to speak on the security of 
America's ports. I am here on behalf of the 50,000 members of 
the International Longshore and Warehouse Union, ILWU, working 
at America's West Coast, Alaskan, and Hawaiian ports.
    The men and women of the ILWU are not only the first put at 
risk by a terrorist attack on a port, they are also a vital 
part of our first line of defense.
    During any emergency at a port, our members work hand-in-
hand with emergency responders to do everything from containing 
fires and chemical releases to moving endangered or dangerous 
cargos.
    Our skills and knowledge of the waterfront are invaluable. 
Among our ILW members are the Los Angeles Port Police, a model 
125-officer dedicated work force to port safety and security.
    Following a port emergency, it is our members who work 
rapidly to recover port operations. That is why port security 
is so important to us and why we want to see the American 
taxpayer get the most benefit for all the dollars they invest 
in Federal port programs.
    It is our view that the Transportation Worker Identity 
Credential program, TWIC, is a costly failure. Roughly 750,000 
American maritime workers are covered by TWIC. It costs between 
$300 to $500 per person just to apply for and renew the 
credentials over a 10-year period. That is roughly $225-375 
million just in TWIC application costs to our industry.
    TWIC readers are also expensive. As the GAO reported in 
2012, readers are often unreliable. The new Coast Guard rules 
in 2016 on TWIC readers at the passenger facilities will alone 
cost the industry another $157.9 million over 10 years.
    The Federal Government itself spends tens of millions more 
on staffing the TWIC program, processing applications, and 
spot-checking credentials. It also provides millions more in 
port security grants tied to the TWIC program.
    Yet, despite spending of hundreds of millions of dollars on 
TWIC, no attacks have been identified as having been stopped by 
TWIC. No experts cite TWIC as an impediment to future terrorist 
attacks on American ports.
    TWIC does produce one result: Hardship for waterfront 
workers. Despite the law saying TWIC applications will be 
processed in less than 30 days, TSA reports that TWIC 
enrollment delays are more than 60 days.
    More than 50,000 workers have had to file appeals after an 
initial TWIC denial. On an appeal, the burden is on the worker 
to prove that he or she is, in fact, eligible for TWIC. Due to 
the large volumes of processing, TWIC appeals can take up to 6 
months. During all of these delays, the worker cannot even get 
unemployment insurance.
    Money from TWIC could better be invested in many beneficial 
programs, including budgeting for an increase in CBP officers 
on the front lines at the ports of entry. Not only does a 
stronger inspection force improve security, it makes ports more 
efficient. Our ports cannot offer extended hours or weekend 
shifts to reduce freight congestion if CBP lacks officers.
    We also question the need for more spending on cameras. The 
Port of Los Angeles alone has 700 cameras linked to its 
security center, and other ports are equally saturated.
    Would it not be wise to invest our money in closing the 
real gaps in security?
    The ILW believes the threat from cyber attacks is such a 
gap. This includes hacks to TWIC data systems.
    TWIC data can reveal not only personal information, but it 
shows the work patterns of thousands of water-front workers. 
That is high-value information to anyone planning a terrorist 
attack on a port.
    In June 2015, Maersk, the world's largest shipping line, 
was attacked by an unknown actor with a variation of a 
ransomware attack. This attack affected 17 Maersk terminals 
world-wide, including along America's West Coast where the ILW 
works. Maersk estimated damages between $2- and $300 million.
    The Maersk terminal in Los Angeles, the port's largest 
terminal, was closed for days. Delays continued to ripple 
through Maersk's system globally for weeks. Operations at 
Maersk terminals in Los Angeles and the Pacific Northwest 
returned to work only because ILW members still had the know-
how how to temporarily return to paper-based operations.
    Imagine the damage to our National security if port 
operations were brought to a standstill at just the time 
America is moving critical military equipment and supplies to 
respond to an international crisis or when our armed forces are 
already in combat.
    We would be fools not to assume that America's opponents, 
who have already launched major cyber attacks on U.S. computer 
systems, have not also considered this scenario.
    The ILW believes this is the time to review our port 
cybersecurity. We believe this is the time to review the 
critical dollars we are investing in port security, physical 
and cyber, to assure we are providing our country with the best 
protection.
    The ILWU representing the men and women who have built 
their careers working on the waterfront thank each of you for 
your commitment to our ports, and we promise you will have our 
full support in genuinely improving port security.
    That concludes my remarks.
    [The prepared statement of Mr. Familathe follows:]
                  Prepared Statement of Ray Familathe
                            October 30, 2017
    Good afternoon Chairman McCaul and Members of the committee: Thank 
you for inviting me to testify on the state of the physical and 
cybersecurity at our Nation's ports. I am here today on behalf of the 
approximately 50,000 members of the International Longshore and 
Warehouse Union (ILWU). The ILWU represents longshore, warehouse, and 
maritime workers in the States of California, Washington, Oregon, 
Alaska, and Hawaii.
    As a union, we have actively worked to improve port safety and to 
reduce the risk of terrorism at our work sites. Our members are not 
only among the first men and women that would be put at risk by a 
terrorist attack on an American port, they are also a vital component 
of our country's first line of defense. Our highly-skilled workers are 
critical to any emergency response within a West Coast port, whether it 
is operating cranes and heavy equipment to move vulnerable or dangerous 
cargo from harm's way, or contributing our know-how to containing fires 
and limiting release of harmful commodities. Longshore workers are in 
fact natural allies of law enforcement and first responders on the 
waterfront.
    Indeed, our members include the Los Angeles Port Police, a model 
125-officer force dedicated to port safety and security. This 
specialized police force has over 100 years of experience protecting 
our ports, and hosts a joint terrorism squad tasked with preventing 
attacks on our maritime facilities.
    ILWU members also serve on the maritime security committees 
operated by our ports, and we strongly encourage our port industry 
partners to fully integrate the union into their command and control 
centers, including union participation in planning and emergency 
response drills. As a partner in port security, we not only help guard 
against and respond to acts of terror, but also our members are 
critical to assuring a rapid recovery of port operations.
    Without a doubt, the ILWU takes port safety and security seriously 
and we strongly support programs that genuinely contribute to 
protecting our members and America's ports. Unfortunately, not all 
Federal programs meet that standard. I would like to address one 
program that has demonstrated no effect on better securing our ports--
the TWIC program. The reality is that in a modern container facility, 
the longshore worker has no real access to the cargo, and the 
documentation associated with a container's contents is not available 
to the worker. TWIC credentialing of longshore workers is, as a 
practical matter, a feel-good measure promoted by those who do not 
understand modern container terminal operations as a way to appear to 
being addressing public and political concern about port security. The 
reality is that TWIC does nothing to mitigate the real threat--
container access outside the terminal throughout the supply/
transportation chain.
    TWIC is also an expensive program for workers, our employers and 
for the Federal taxpayer. An estimated 750,000 American maritime 
workers are covered by TWIC, at an approximate cost of $300 to $500 per 
person to apply for the needed credentials and renewals over 10 years. 
That is roughly $225 to $375 million dollars just in TWIC application 
costs to the industry. Just the recently-issued Coast Guard rules on 
TWIC readers at passenger facilities alone is estimated to cost 
industry another $157.9 million over 10 years. In addition, the Federal 
Government spends tens of millions of dollars on staffing the TWIC 
program, processing applications, and spot-checking credentials. It has 
also provided millions more in port security grants to port authorities 
tied to the TWIC program. Yet despite the expenditure of hundreds of 
millions dollars on TWIC--making TWIC the maritime industry's most 
costly security program, eating up an enormous percentage of our 
limited funds for port security--no one can point to any genuine gain 
in the fight against terrorism. No attacks have been identified as 
having been deterred by TWIC. No experts cite TWIC as an impediment to 
potential terrorist attacks on American ports. TWIC is simply a costly 
failure for the industry and for the American taxpayer.
    Furthermore, we are not convinced that TWIC readers will work in a 
maritime environment. A GAO report on the TWIC pilot program released 
in February 2012 concluded that ``readers capable of passing all 
environmental tests would represent a serious business challenge to 
manufacture in terms of cost per unit.'' Further, a high number of 
cards malfunctioned electronically. Durability of the card is a serious 
issue. Sun, wind, grime, dust on cards caused fading, stained and 
peeling cards that have difficulty being read by TWIC readers. Further, 
participants in the pilot program said they would reduce the number of 
guards when the reader was installed--the same guards who know the 
names and faces of the regular workforce.
    As well as being a failed security program, TWIC is a significant 
hardship on those 750,000 Americans who work on the waterfront. Not 
only is it expensive to apply for the TWIC credentials, but also the 
application process itself is rife with bureaucratic delays and 
hardships. As recently as February 2015, the TSA reported TWIC 
enrollment delays of more than 60 days and recommended that applicants 
apply for their TWICs at least 10 to 12 weeks early. Those delays 
occurred despite a statutory requirement to respond to the applicant 
within 30 days. In addition to major delays, applicants face the need 
for two or more in-person meetings at the nearest TWIC office just to 
apply and later collect the credentials.
    During consideration of port security legislation, the ILWU has 
advocated for a background check limited to ``terrorism security 
risks,'' and to ensure that there is due process for workers denied a 
TWIC card. However, we remain concerned that in a number of instances, 
TWIC has been used to single out workers who may have an old felony 
charge in their background but do not pose a terrorism security risk.
    Further, since implementation of the TWIC program, more than 50,000 
workers filed for appeals after an initial TSA determination that the 
worker was ineligible to receive a TWIC. On an appeal, the burden is on 
the worker to prove that he or she was not convicted of any felony by 
obtaining court and police records and sending them to the TSA. TSA 
issues interim denials in all cases when the record on file with the 
FBI is an open arrest for a disqualifying offense. Even if the arrest 
has been dismissed by local law enforcement, local officials often fail 
to update this status with the FBI. In short, the FBI database is far 
from complete, yet TSA relies on it exclusively. Due to the large 
volumes, the processing of TWIC appeals and waivers at one time took 
over 6 months, during which time the worker cannot work or even obtain 
unemployment insurance.
    At a minimum, the ILWU strongly urges this committee to draft 
legislation to place the onus on TSA--not the worker--to obtain court 
and police records when the FBI database is incomplete. It is a 
considerable hardship that workers must prove they have no 
disqualifying convictions before obtaining a TWIC card.
    Recognizing the inadequacies of this very same FBI datebase, 
Congress puts the burden on the FBI to fill the missing gaps when it 
conducts background checks for gun purchases. Why should American 
workers be treated more harshly when it is their very livelihoods at 
stake?
    Another issue that should be of concern to Members of this 
committee, is container access outside the terminal throughout the 
supply/transportation chain. Prior to 9/11, ILWU marine clerks were 
assigned responsibility to ensure that seals on containers were not 
tampered with before entering the port complex, and ensuring that 
unsealed empty containers were not carrying contraband or even people. 
Cameras have replaced people to perform this function, but cameras 
cannot verify that seals have not been broken and resealed. Only by 
yanking on the seal and inspecting its integrity with human eyes can we 
determine if the seal has been tampered with en route. Cameras also 
cannot see a hidden compartment inside an empty container. We stand 
ready to assist in this effort if the Coast Guard decides it is a 
necessary component of port security.
    In addition to recognizing the role humans play in inspecting 
containers, Customs and Border Protection (CBP) staffing is also 
critical to safe and efficient port operations. Given the enormous 
responsibilities of CBP--in scale and importance--Congress needs to 
provide a budget that puts a full roster of CBP officers on the front 
lines at our ports of entry. Not only are CBP officers the lead force 
for inspecting goods and passengers when entering the United States, 
but at America's ports our work comes to a stop without adequate CBP 
staffing. Our ports cannot offer extended hours or weekend shifts to 
reduce freight congestion if CBP lacks officers. These officers are key 
to getting imports and exports efficiently and safely moving through 
America's ports.
    The ILWU also recognizes the multiple threats presented by cyber 
attacks. This includes potential hacks into public and private systems 
that collect TWIC data. TWIC data can reveal not only personal 
information, raising the risk of identity theft, but it also reveals 
the work patterns of thousands of waterfront employees. That is 
information of high value to anyone planning a terrorist attack or 
criminal activity at a port. It is now far easier for hostile interests 
to simply employ the skills of any of the tens of thousands of 
individuals and criminal organizations around the world with expertise 
in cyber attacks than it is to invest years in trying to recruit and 
radicalize a random waterfront worker who only has limited access to 
data and cargo. We need to take port cybersecurity seriously and stop 
using ineffective measures like TWIC.
    We would also be foolish not to acknowledge that we are at risk 
from cyber attacks not just from terrorist organizations, but from 
hostile governments in Russia, Asia, and elsewhere. In an era where 
wars are now often preceded or replaced by cyber attacks, ports are 
vulnerable. And bad actors have already shown what they can do with a 
cyber attack on maritime facilities.
    On June 29, 2017, the Los Angeles Times carried this headline, 
``Maersk's L.A. port terminal remains closed after global cyber 
attack.'' Maersk, the world's largest shipping line was attacked in 
June by unknown actors with a variation on a ransomware attack called 
``NotPetya.'' This attack affected at least 17 Maersk terminals world-
wide, including several along America's West Coast where the ILWU 
works. Maersk estimated its damages at between $200 to $300 million 
dollars. The Maersk terminal here in Los Angeles, the Port of Los 
Angeles' largest terminal in fact, was closed for days. Delays 
continued to ripple through Maersk's system for weeks after the attack. 
Operations at Maersk terminals in the Pacific Northwest return to work 
only because ILWU members had the know-how to temporarily return the 
terminal to paper-based operations.
    This attack, which impacted other companies as diverse as FedEx and 
drug manufacturer Merck, was actually designed to destroy data files 
and cripple operations--not hold computer systems hostage for ransom 
payments. The maritime industry is considered at high risk from such 
attacks due to the wide-spread use of older technology. This attack was 
so sophisticated however that it badly impacted Maersk, the company 
considered our industry's technology leader. If this attack had hit 
other major freight companies that lack Maersk's more advanced 
technology, the damage to port and maritime operations could have been 
far worse. Imagine the damage not just to our economy but to our 
National security if major port operations on the West Coast were 
brought to standstill for days at just the time America is moving 
critical military equipment and supplies to respond to an international 
crisis or when our armed forces are already in combat. We would be 
negligent and foolish to not assume that America's opponents--who have 
already launched major cyber attacks on our private and public computer 
systems--have not also considered this scenario.
    The ILWU believes the time to comprehensively review our port 
cybersecurity is now. We believe it is time to review the critical 
dollars we are investing in port security--physical and cyber--to 
assure we are providing America the best protection.
    Port security grants should be awarded based on their real impact 
on security, with an increasing priority on funding cybersecurity. We 
have enough cameras on the docks, many of which are used to monitor 
worker performance rather than monitoring for illegal entry. In fact, 
we already have over 700 cameras that are tied into the threat 
detection center just here at the Port of Los Angeles.
    We also have enough fences paid for by U.S. taxpayers. The Port of 
Stockton actually used a port security grant to place a fence in a 
seemingly illogical narrow space at its river port. Ironically, this 
fence was installed to justify allowing the workers who process 
fertilizer (a key component in many explosives) from not having to 
apply for a TWIC. Despite the objections of Congressman Jerry McNerney, 
the Coast Guard took no action to reverse the plan, the fence was 
installed making the Port's security worse--not better.
    The ILWU representing the men and women who have built their 
careers working the waterfront, thank each of you for your commitment 
to our ports and we promise you have our full support in genuinely 
improving port security.

    Chairman McCaul. Thank you, sir.
    I now recognize myself for 5 minutes of questioning.
    Let me share my concern about cybersecurity.
    Mr. Seroka and I visited over lunch. I am very concerned 
about the attack that occurred last June. To echo again Norma 
Torres's bill we passed out of committee I think will help 
address.
    I think you are absolutely right, we need to come up with a 
comprehensive strategy and plan to protect our ports.
    I worry about the destructive nature of this virus and the 
attack. I don't think the press has really reported the 
severity of this. It is something that wiped out, you know, 
huge volumes of data, coming from a bank in Ukraine from a 
virus called NotPetya that very likely have emanated out of 
Russia.
    A Russian attack on the Ukraine bank, the indirect victim 
is Maersk. Maersk gets impacted by the bank that they have. The 
virus gets into their systems, and then it impacts the Port of 
Los Angeles, having to shut down that terminal and then go to a 
manual procedure. Not to mention dozens of ports globally that 
were impacted by this one attack that got into the system.
    I know the offensive capability of Russia, China, Iran, and 
North Korea. I think what happened in June demonstrates how 
vulnerable our ports can be to this type of cyber attack.
    So, Mr. Seroka, to you, can you tell us the extent of the 
damage done and then what was done to repair that?
    Then, moving forward, what can we do in Congress to help 
with the situation?
    Mr. Seroka. Mr. Chair, as you stated, the attack impacted 
one of our 27 terminals here at the Port of Los Angeles.
    With the map to the side of you, that is the southern-most 
entity that you see, shaped like a sideways L. The A.P. Moller 
facility.
    In and of itself would be the fourth-largest port in the 
United States; nearly 500 acres of land, 23 miles of roadway 
inside of terminal operation.
    It is the pre-eminent facility that we have here at the 
Port of Los Angeles and arguably on the West Coast of the 
United States.
    But it is important to note a couple of things. The attack 
that took place was pointed at, through a derivation of other 
efforts, at that particular company itself, not at the Port of 
Los Angeles as a whole.
    The Port of Los Angeles in and of itself in use with that 
cybersecurity center has a domain of landlord operation here at 
the port. Simply meaning that we work with our private-sector 
customers to work here directly on that 7,500 acres of 
property.
    What we saw immediately thereafter was our largest terminal 
shut down for several days. Then as they moved to a manual 
operation, moving maybe 10 percent of the cargo they normally 
would on any given day through this port.
    They represent about 12 percent of the port's throughput 
today. The math from there becomes very significant.
    The inability for the work to take place with Customs and 
Border Protection to clear the goods that come into the United 
States in the efficient electronic manner as designed was also 
thwarted. Simply stated, each container would have to be 
cleared on a manual basis by running that information over to 
Customs for evaluation.
    So everything as we know it today was slowed down 
tremendously.
    Your question then is, what can we do next? That is 
outlined in my written remarks as well as the testimony I gave 
here moments ago. It is three specific things.
    Because this is such a private--public-private relationship 
between entities such as this municipality in the city of Los 
Angeles and its municipal agency, the Port of Los Angeles, the 
private-sector companies that work with us as customers every 
day, or lessees, long-term leases that average between 25 and 
30 years to conduct operations here, and the necessity for 
those two groups to get together I think is job No. 1.
    How can we compare best practices? More importantly, how 
could we share information of intrusion or potential intrusion 
that we have seen not only here locally but on a broader scale 
geographically?
    Within that collaboration also rules of engagement, how we 
best can cooperate together.
    I understand, not from Maersk specifically, but from other 
entities, that there may be some intrepidation on how 
Government's overreach in the cybersecurity center could be of 
some concern. I would like to have that bond work even closer.
    With the cybersecurity center that we have employed since 
September 2013 here at the Port of Los Angeles, I advocate that 
we expand the fiber ring of that security center to be able to 
envelop the port's entity as its whole, that 7,500 acres.
    How better we could work in response to the needs of the 
private sector without intrusion on their private and 
proprietary information.
    I think that also takes money, and how we can better look 
at what money means to us today and how it goes downline.
    I think it would be inappropriate for me to respectfully 
ask for a specific dollar amount today. But as we come to you 
with new ideas and new ways by which we can expand this fiber 
ring and create a more collaborative environment of sharing 
information through the Federal level down through our 
international counterparts and our customers, it will take some 
very creative looks at how we can model this, not only for Los 
Angeles and Long Beach, but how it will have impacts beyond.
    But there is a lot of work to be done on the ground so we 
understand how better our role can be played.
    Chairman McCaul. Thank you.
    I look forward to working with you. Because you are 
correct, this was not a direct attack on the Port of Los 
Angeles, but the next time it could be. I think we need to be 
prepared for that.
    Admiral, Mr. Martel, you know, the Navy has pulled out of 
the Western Hemisphere in terms of interdiction efforts, 
leaving the Coast Guard as the sole proprietor of that mission 
to protect the United States and its coastal waters.
    Estimates are that one out of every three targets, you can 
only hit one out of every three targets. Which means two maybe 
getting in.
    So my question is, well, first of all, if you can give me 
some, recognizing the space we are in, indication of things 
that we have stopped that were a victory for the United States. 
But also, what is your biggest concern about what we are 
missing?
    Admiral Sokalzuk. Chairman McCaul, I will talk first about 
what we have stopped. What we have stopped is a record amount 
of cocaine in the transit zone that is being attempted to flow 
into this country this year.
    Although the fiscal year 2017 official numbers are not 
tallied yet, because that is a very specific process, just in 
the Eastern Pacific alone, we interdicted a hundred thousand 
pounds more than we did last year. I am quite sure that this 
year will be a record.
    We were able to do that even though there is no Navy 
presence down there, all with Coast Guard assets, by the 
commandant strategy of concentrating Coast Guard ships in the 
transit zone and interdicting these in the Eastern Pacific.
    One of the things that challenges us in that at this point, 
sir, is the state of our assets. That, in fact, one of the 
ships that you saw today was destined for that transit zone was 
unable to make it there the due to mechanical problems.
    So the acquisition of the OPCs are very important for us to 
have more success on that. The--and the continued incredible 
performance of the National security cutters in the transit 
zone during the recent hurricanes. They actually ran some of 
intelligence operations down there that are normally done out 
of a major joint interagency center, due to the hurricanes.
    So, sir, that is--we are only getting a portion of that. 
Some estimates 20 to 30 percent of the flow. So that can tell 
you how much is actually flowing into the country at this 
point.
    Chairman McCaul. Mr. Martel.
    Mr. Martel. Chairman McCaul, speaking from landside and 
within the port, we have interdicted quite a bit of narcotics 
in transit, freight remaining on-board, headed for Australia 
and Canada.
    We have also worked with State and local partners in 
assisting in the interdiction of panga, maritime events that 
are landing along 200 miles of littoral border that I oversee 
as part of my area of operation.
    I think the biggest challenge that we have in CBP landside 
are the marinas. We have over 90 marinas along the coastline 
that we have to patrol. We do not have the assets to operate 
outside of the port.
    Chairman McCaul. Thank you.
    My wife is pointing to Mr. Cordero. I agree with you on the 
UAS threat. My time has expired.
    But I do think that is something the committee will be 
taking a look at in terms of right now as I understand it there 
are no restrictions. We know that--we have seen in Syria able 
to take these drones and turn them into explosive devices and 
chemical and biological weapons.
    Mr. Cordero. Well, thank you, Chairman.
    I think coincidently this morning we were on the rooftop of 
the command and control center. The committee I think saw 
first-hand the potential threat when we viewed what seemed to 
be a super gigantic drone. Actually it was a one-man aerial 
craft in which, again, there is no restriction.
    I think we see that the testimony you have heard this 
morning regarding not only the value of the cargo that comes 
into our Nation, which is a significant portion of our GDP in 
terms of the international trade as a whole, you know, you 
think about the worst scenarios of any damage to the 
infrastructure in this port, it is frightening.
    So I do appreciate the committee looking into this issue 
and addressing as we go forward.
    So, Mr. Chairman, thank you so much for raising that point.
    Chairman McCaul. Chair recognizes Mr. Thompson.
    Mr. Thompson. Thank you, Mr. Chairman.
    Let me thank all the witnesses for their illuminating 
testimony.
    One of the comments that ran through everyone's 
presentation was the notion that it is critical for the Federal 
Government to participate in this process of securing America's 
ports. Especially on the financial end.
    Everything we had an opportunity to experience to date, so 
much of it was because of the Federal Government, either 
through FEMA grants or through other port security grants that 
are managed, that enable you to step up.
    Sometimes we have tough decisions to make. But what I have 
seen here today says that the mission you have undertaken is a 
serious mission. We have to fund it. You know, second- or 
third-best toward addressing this mission is not good enough.
    To that extent, we are challenged from the CBP standpoint 
to maintain a certain level of staffing.
    Mr. Martel, are you able to maintain that? Or do you have 
some challenges with bringing new people in?
    For the record, you know, we have had issues around the 
lie-detector tests that comes into play. We get told our 
veterans, who get out of the military with clearances, end up 
not being able to pass the CBP tests. They are holding 
clearances.
    Would we reduce that reliance on lie-detector tests? Has 
that been helpful, or are you still waiting to see?
    Mr. Martel. Sir, I think that is still under evaluation.
    While we believe that the new protocol, the new direction 
we are using for the lie-detector appears to be a positive. I 
would have to get back to you as to what the actual results 
are.
    What I can say here locally is from the Los Angeles field 
officer's perspective, we are adequately staffed.
    We have not--we have implemented a number of new 
prototypes, technology, innovation, and whatnot to become more 
efficient so we could redirect staff to where we need them.
    So we have not--again, we--I would say adequate. I would 
not say that we are overstaffed and that we would welcome 
additional staffing. But we have sufficient staff to effect our 
mission here locally in Los Angeles.
    Mr. Thompson. I wouldn't expect you to say anything else.
    Admiral, can you talk a little bit about the TWIC card as 
relates to the Coast Guard and whether or not the reference to 
some concerns about it and the reader mandate that Congress has 
put on you, whether or not you will be able to meet that?
    Admiral Sokalzuk. Yes, sir, Congressman Thompson.
    So the Coast Guard considers the TWIC card a very important 
component of our layered system of maritime security at this 
point.
    I mean, there is no other standard antiterrorism background 
check that is being done.
    In relation to the reader rule, the Coast Guard initially 
published the final rule last summer. Got some feedback from 
industry about concerns with the rule, confusion of how it is 
applied.
    So we are taking a look at that, considering a possible 
delay in the rule. We are working through the rulemaking 
process on looking at the ultimate implementation of that rule, 
sir.
    Mr. Thompson. Just one of the comments I would like to say 
on that is when TWIC was first envisioned, the notion was there 
would be one card that would allow a worker to get into a port.
    But what has happened is every port has their own I.D. card 
in addition to the TWIC card. They ask for the same 
information.
    So the notion is if we can eventually get to a universal 
card. But what has happened, as the port directors can tell us, 
that is also a revenue stream for local government, in some 
instances. Because you have to pay for the card.
    So it is security, on one hand, but it is revenue on the 
other that gets plowed into some aspect of the particular 
situation.
    So, Mr. Familathe, can you, since you had some issues with 
TWIC, do you have some better suggestions for port security 
workers? Are you saying we need to tweak TWIC?
    Mr. Familathe. I agree with your comment, and I like the 
way you said that. We need to tweak it.
    We are not saying get rid of it. It is necessary to protect 
America's ports and the security of this country. We understand 
that is vital. But tweaking it so that it works for the workers 
is essential right now.
    When there are small problems, the delays in the process, 
in going through all the hoops and--it is just not acceptable. 
Because a worker can't collect unemployment insurance. He can't 
go to work to feed his family. We would just like to see the 
process streamlined so that it works the way it should be.
    Mr. Thompson. Well, the only other point I would like to 
make, Mr. Chairman, is everyone talked about partnerships. Now 
it is important, if we are going to get it right, everyone has 
to work together.
    One of the things that put this committee together, 
Congress felt that if we are all in this together, we ought to 
be talking to each other, we ought to be training. Because we 
are fighting a common enemy.
    So the partnership principle is absolutely essential for us 
to work. Old stovepiping of how we do things won't keep us 
safe.
    So I compliment the men and women that I have talked to 
today on getting it right. But it is continuous training, it is 
continuous upgrading of equipment. All those things that will 
continue to keep us safe.
    I yield back.
    Chairman McCaul. Well said.
    Chair recognizes Mr. Estes.
    Mr. Estes. Thank you, Mr. Chairman.
    Mr. Martel, there are currently 61 Container Security 
Initiative ports in 35 different countries. You know, that is 
where we are doing some of the forward checks and starting the 
process on inspections.
    Are there plans to add more CSI ports in the future? Do 
those plans also include having Customs and Border Patrol 
staffers or using local inspectors there?
    Mr. Martel. Sir, I think we are always looking for 
opportunities to expand our footprint with regard to Container 
Security Initiative. Whether we have officers on the ground, 
whether we are working with foreign administrations and viewing 
inspections remotely, that is going to vary based on the 
footprint, the technology that is available.
    But, in answer to your question, yes, I think we are 
looking to increase that where we can, where it is available.
    The staffing footprint really will depend on the 
configuration, the logistics, and what agreements we have with 
the foreign government.
    Mr. Estes. Do we see better results from having our own 
forces there versus using local, or do we know enough yet to 
know we need a distinction?
    Mr. Martel. Sir, I think it is--I don't know that we would 
make a distinction on that. I think when we are able to view 
things remotely, it is like having a person there. So our 
competence level that we have eyes on the container, eyes on 
the inspection, is the same as if we had someone there.
    Mr. Estes. Have you had issues or concerns with some of 
the--I mean, one of the things--I had an opportunity to go look 
at the Port of Rotterdam. One of the comments that was made in 
our decisions there was the biggest risk is somebody coming in 
and bribing an officer.
    I don't know if we have that as a risk in some of the 
foreign countries more so that might affect this?
    Mr. Martel. Sir, from our standpoint, all of the 
individuals that are involved at our CSR locations are vetted, 
especially the foreign service nationals, who are vetted by our 
local embassies there.
    Sir, I would have to get back to you as to what our 
protocols are and what we think the risk assessment is. But our 
confidence level is pretty high that those issues have been 
addressed.
    Mr. Estes. Just to be clear, they weren't talking about 
that in terms of CSI, they were talking about in general what 
their experience was in the port, in general, and not anything 
in particular.
    Admiral, can we talk a little bit about, you know, the 
inhouse cybersecurity capabilities that the Coast Guard has? Do 
you have capabilities that help you with those resources and 
that protection?
    Admiral Sokalzuk. Congressman Estes, yes.
    So first let me thank the Congress for the support and the 
fiscal year 2017 that helped us build our cyber protection 
teams and our cyber service provider resources in the Coast 
Guard.
    So the cyber protection teams are really about defending 
Coast Guard networks at this point. Because if our networks 
aren't working, we cannot offer any, you know, perspective or 
assistance to anybody else. The cyber service provider group is 
more of a capability for recovery and routing, you know, bad 
things out of Coast Guard networks and that.
    But Coast Guard cyber has provided us great perspective 
during some of the recent cyber incidents. That is always a 
resource for us to come and help industry.
    I think one of the key things, as we talk about cyber in 
general, sir, is that we really have to instill a culture of 
cyber risk management. One of the ways we are doing that is in 
the area of maritime security committee meetings, which is 
exactly what some of the folks have talked about here, is 
sharing information, sharing the results of a vulnerability 
assessment, and making everybody aware of what you are seeing 
on your systems.
    The Coast Guard recently published some guidance, the 
public comment period just closed on it, for cyber protection 
at facilities at this point.
    Mr. Estes. All right. Thank you.
    Mr. Chairman, I yield back.
    Chairman McCaul. Chair recognizes Mr. Correa.
    Mr. Correa. Thank you, Mr. Chairman. I want to thank 
Ranking Member Thompson as well for holding this hearing here 
in Long Beach because----
    Ms. Barragan. San Pedro.
    Mr. Correa. San Pedro. Los Angeles and Disneyland. Covered 
all the basis.
    Chairman McCaul. Got it all covered.
    Mr. Correa. Yes, sir.
    But, you know, what I am reminded of is this asset. As I am 
hearing testimony and questions here from the committee, where 
can we invest the resources to be best used? What is the price? 
I am thinking to myself, what is the price of not being 
prepared?
    Because, you know, the biggest port in the United States, 
all the commerce--I have just heard 40 percent of all imports, 
30 percent of all exports of this Nation through this area.
    What is it that we need to do?
    So I guess my question would be, if there is one thing we 
need to invest in right now, what would that be?
    Open it up to the committee.
    Mr. Seroka. From our side, I have been told by staff that 
there may be some that don't like the term ``fusion center.'' 
We need to redefine, that is OK.
    But what we see here immediately at the Port of Los Angeles 
is the need to formally bring in public and private-sector 
interests to do exactly what I mentioned earlier, share best 
practices, alert other partners of vulnerabilities, and have a 
systematic way of processing that information through expertise 
and the movement of data.
    That would be the No. 1 ask.
    I will get you numbers specifically off-line. We have been 
looking at that and talking with our Board of Harbor 
Commissioners specifically as to how we can quickly move out.
    Second would be the expansion of that fiber ring I 
mentioned. The Cybersecurity Center that you toured earlier 
today, Congressman, shows an ability to capture data of 
potential threats or folks trying to find our weaknesses.
    The ability to expand that ring, and that could be looked 
at as an analogy of just covering the entity of the entire port 
complex itself and allowing others to jump in.
    Meaning could we be another firewall to those private-
sector entities that are facing Congress every day and 
potential threats in and of themselves.
    Mr. Correa. I want to say that that is going to--love to 
hear your comments right now because that seems to be the theme 
that we have heard over and over again in our committee 
hearings on cybersecurity. Best practices, everybody working 
together, private and public sector, to make sure that 
everybody coordinates when it comes to cyber defense.
    I want to thank you very much.
    I guess another question to our folks at the Coast Guard 
and others.
    Resources. You are severely lacking resources.
    Defending the coast, defending our Nation.
    Multipliers. We talk about working with our allies. Other 
folks have vested interests with us on security, economic 
issues.
    Where do you suggest, what other agreements, what other 
nations do we need to approach in terms of working with us? 
Keeping in mind that we want to trust, but we also want to 
verify.
    Mr. Martel. Sir, I will say from a CPB standpoint, we 
partner with other nations, other foreign customs services----
    Mr. Correa. Anybody else that we don't that we should be?
    Mr. Martel. Sir, off the top of my head, no. I think that 
all of the partners that we have address our current and 
impending threats at the National level.
    Locally, we work closely with HSI, with various task force 
State and locals to have connectivity with those countries that 
have a nexus, whether it be inbound or outbound, here at the 
Port of Los Angeles.
    Mr. Correa. Admiral.
    Admiral Sokalzuk. You know, through the international port 
security program, we have engaged 150 countries. We visit those 
port facilities to make sure that they are exercising proper 
physical security procedures. We will begin to look at cyber. 
Because we just consider that another way that we have to 
manage risk in the port at this point. So I think that has been 
very successful for us.
    I think that from a--from an information exchange point, as 
I talked about earlier, the area maritime security committees 
that here locally in the country, of course, most of them at 
this point have a cybersecurity subcommittee where we have a 
lot of these discussions and exchange a lot of that 
information.
    I will just recognize too some of the--I will recognize 
A.P.M. Maersk, Mr. John Ochs, who came and spoke at the Area 
Maritime Security Committee, was very candid about what A.P.M. 
faced in that particular attack.
    Just in terms of resources, obviously, you know, it will 
take resources to do some of these things as we understand 
cyber threats. As they evolve, all of our systems are becoming 
more complicated, so we will have to be willing to make 
investment.
    Mr. Correa. Mr. Chair, I yield.
    Chairman McCaul. Sticking with committee Members as a 
priority, Ms. Barragan is recognized.
    Ms. Barragan. Thank you. I want to thank you, Chairman and 
Ranking Member, for holding this hearing in my district here in 
San Pedro to examine security at the Port of Los Angeles, or as 
we like to call it here, America's port.
    Thank you to all the witnesses for your work and for being 
here today to provide testimony and your perspectives.
    You know, the Nation is just facing evolving threats 
constantly. When I came to Congress, it was important for me to 
seek an appointment to this committee because of the importance 
to the homeland and to the ports, which is by far the largest 
economic engine in the region and touches every Congressional 
district.
    So it makes me really happy to be here today to have this 
hearing. So thank you, Mr. Chairman, for doing that.
    Before I get to my questions, I have some statements I want 
to enter into the record from local groups and individuals 
concerning security at the Port of Los Angeles.
    Chairman McCaul. Without objection, so ordered.
    [The information referred to follows:]
           Comments For the Record Submitted by Hon. Barragan
                             comment 1 of 4
Carlos Garcia
    A real homeland security risk to the Ports of Los Angeles and Long 
Beach lies at their ``back door'' and is not addressed by the Coast 
Guard and Customs or the Port of Los Angeles to the best of my 
knowledge. The risk lies at the Rancho LPG facility where two 12.5 
million-gallon refrigerated butane storage tanks are located in San 
Pedro less than 0.25 mile from the Port of Los Angeles. The facility is 
located on private property not under the jurisdiction of the 
California State Lands Commission or on land under the Port of Los 
Angeles' jurisdiction. However, the Port does have an ownership 
interest in the railroad spur track which serves the Rancho LPG 
facility.
    The risk posed by a terrorist attack on the Rancho LPG facility is 
significant. If the facility was attacked and one of the tanks 
ruptured, liquid propane would be released and evaporate in the ambient 
air. When an ignition source is encountered, possibly from one of the 
three back up gas compressors on-site or even a spark from a passing 
car, there would be a vapor cloud explosion. Using the TNT equivalent 
calculation methodology in CFR guidance (40 CFR Part 68), the impact 
radius would be about 3 miles in a worst-case scenario. According to a 
September 2010 Cornerstone Technologies report, such an explosion would 
cause large-scale structural and physical damage due to the rapid 
overpressure caused by the explosion. The impact would encompass 
terminals in Long Beach and include nearly all of the terminals in the 
Port of Los Angeles and the Los Angeles Cruise Terminal as well as the 
visitor-serving areas of the proposed San Pedro and Wilmington 
Waterfront projects.
    There are also five horizontal bullet tanks located near the larger 
butane tanks each capable of holding 60,000 gallons of liquid propane 
under pressure on the Rancho LPG facility. They might also be 
compromised in vapor cloud explosion that ignited the pooled liquid 
butane leaking from one of the larger butane storage tanks. The burning 
butane would be hot enough to melt the bottom of the steel pressure 
vessel tank resulting in explosion of the propane tank in a boiling 
liquid vapor cloud explosion (BLEVE).
    There are numerous Federal, State, and local agencies that regulate 
the facility besides the Department of Homeland Security including:
Federal:
   U.S. Department of Transportation
   U.S. Environmental Protection Agency
   U.S. Defense Logistics Agency
   U.S. Department of Occupational Health and Safety 
        Administration
State:
   California Environmental Protection Agency
   California Emergency Management Agency
   California Department of Toxic Substance Control
   California Department of Industrial Relations, Division of 
        Operational Safety and Health
   South Coast Air Quality Management District

Local:
   Los Angeles City and County Fire Departments, as the 
        designated Certified Program Agency
   Los Angeles Police Department
   Los Angeles Emergency Management Department
   Los Angeles City Attorney
   City of Los Angeles Bureau of Sanitation Industrial Waste 
        Management Division
   City of Los Angeles Department of City Planning.
    However, I am not aware of any coordinated efforts at the Federal, 
State, and local levels to mitigate the physical security 
vulnerabilities posed by this facility described above. I doubt that 
any of the hearing witnesses will address these risks.
    I believe that these risks should be evaluated by the Department of 
Homeland Security in addition to seaborne threat scenarios addressed by 
the Coast Guard, Customs, and the Port of Los Angeles. The Rancho LPG 
storage facility represents a much easier target than the seaborne 
threats that will probably be the focus of the October 30 field 
briefing on port security.
                             comment 2 of 4
Janet Gunter and Chuck Hart, San Pedro Peninsula Homeowners United, 
        INC.
            October 30, 2017
    The Ports of Los Angeles and Long Beach represent significant & 
documented targets of terrorism due to their surrounding population 
densities, their massive employee work force, and the number of 
concentrated ignition sources, including chemical and fuel terminals. 
These facts highlight the prime opportunity for terrorism to cause 
extraordinary loss of life and extreme infrastructure damage resulting 
in financial collapse of the U.S. cargo industry. Many of us well 
understand this.
    The issue that stands above and apart from this public 
understanding . . . in its ``inexcusable'' state of existence . . . is 
the Plains All American Pipeline/Rancho LPG storage facility, storing 
in excess of 25 million gallons of highly explosive liquefied petroleum 
gases, on the precipice of the Port of Los Angeles. This single site 
offers any terrorist the ``mouthwatering invitation'' to strike. With a 
single one of its two 44-year-old tanks having a blast radius of over 3 
miles, the opportunity for devastation is pure ``gold''.
    On September 11, 2014, Congressman Waxman's office hosted a public 
meeting on the Plains/Rancho LPG facility. Mr. David Wulf, director of 
the DHS Infrastructure Security Compliance Division, publicly 
acknowledged that the Plains/Rancho LPG facility is a ``Tier One Soft 
Target of Terrorism''. The antiquated tanks of this facility are 
readily accessible and can be easily ruptured by either a high-power 
rifle or rocket-launched grenade. Considering the recent actions of the 
Vegas shooter and his direct aim at nearby fuel tanks in his attack, we 
are given additional anxiety by this LPG tank target potential. We are 
talking about an explosive and cascading inferno potential that is 
extraordinary in its scope.
    Both expedited and exempted from numerous permits and regulations 
by the Nixon administration in the early 1970's, this facility was 
introduced solely as a ``storage'' site for LPG received via pipeline 
from Algerian ships calling at Berth 120. This was envisioned as an 
``emergency'' action necessary for back-up energy supply under the 
false notion that the import of this commodity would wean America off 
of foreign oil. Both Nixon's political demise and the explosive nature 
of this gas, eliminating it as a broadly-used energy source, caused the 
original Petrolane LPG facility to go bankrupt. In the 1980's, instead 
of the port and city of Los Angeles welcoming the opportunity to remove 
the already well known high-risk potential of this site, they embraced 
an entirely ``new'' business venture for the successor. Taken over by 
Amerigas, a pipeline was installed to Ultramar refinery (now Valero) 
several miles away in Wilmington for the expressed purpose of ``off-
site storage'' of the facility's ``most'' hazardous commodity, butane 
gas. That pipeline was later tapped into by BP (now Tesoro) refinery in 
Wilmington to also transport their own butane for storage. This use was 
``never'' anticipated nor reviewed in the highly-deficient EIR 
performed for the initial project. The existing business operation is 
``entirely'' different. While a rail dock is mentioned in the EIR of 
1973, there is no analysis of rail use, whatsoever. Both the rail and 
pipeline uses, which now currently traverse both under and over port 
public trust lands, have never considered the volatile nature of this 
gas nor identified its associated risks and liabilities. In 2008, this 
facility was purchased by the Plains All American Pipeline company and 
is operating as a Limited Liability Corporation under the name, Rancho 
LPG LLC.
    Sadly, since the DHS publicly announced the high risk of this site 
in 2014, we have yet to see any responsible action. Opportunities 
abound to affect change to eliminate this highly dangerous risk 
exposure at multiple levels of government. The function of the Plains/
Rancho LPG facility depends ``entirely'' on the use of public trust 
lands to facilitate its operations. Without those assets, there is NO 
business conducted at Rancho LPG!
    The Surface Transportation Board ruled last March that the ``local 
government'' has the right to ``policing of safety'' on the use of the 
Port's own rail. Our Federal legislators should be leaning heavily on 
local Government officials to enforce this right and protect the 
innocent and our ports. The ``use'' of the pipeline under public trust 
lands falls into the same category. California State Lands Commission 
also has an obligation to the people of our State as guardians of the 
public trust. The DHS charter states the following: ``Whereas the 
Department of Defense is charged with military actions abroad, the 
Department of Homeland Security works in the civilian sphere to protect 
the United States within, at, and outside its borders. Its stated goal 
is to prepare for, PREVENT, and respond to domestic emergencies, 
particularly terrorism.
    We urge immediate action on this issue by the leadership. The 
consequences of not responding are far too great to ignore any longer.
            Sincerely,
                                              Janet Gunter,
                                                      Member SPPHU.
                                                Chuck Hart,
                                                   President SPPHU.
                             comment 3 of 4
Marcie Miller
            October 30, 2017
    The U.S. Department of Homeland Security asks everyday citizens 
such as myself, ``If you see something, say something.''
    Today I am saying something and I hope Homeland Security is 
listening.
    The U.S. Department of Homeland Security has long been aware of the 
dangers of storing and transporting ultra-hazardous chemicals. Forty-
five years ago politicians and safeguards failed this community by 
enabling Petrolane to build--with the assistance of the U.S. 
Government--the bulk storage facility known today as Rancho LPG, LLC.
    Adjacent to a pre-existing community of people and places of 
commerce; at the Nation's largest and arguably most important port of 
entry; on unstable landfill; in a known seismically active fault zone; 
in a methane zone.
    The inappropriately located Rancho LPG bulk storage facility 
remains as a reminder of just what a homeland security failure looks 
like. So now a new generation inherits this ticking time bomb, despite 
the unanimous consensus that the risks are unacceptable.
    Oil and gas industry lobbyists and paid consultants knowingly play 
down the likelihood of catastrophic risks. Yet, we know the unthinkable 
is possible; we witnessed that at Fukushima and at countless other 
ultra-hazardous biochemical disaster sites. If you choose to do 
nothing, you will abdicate your responsibility to protect this State's 
greatest resource--people.
What can you do?
    1. Please, determine that human life is more important than 
corporate greed;
    2. Remove politicians and lobbyists from the determination process;
    According to the city of Los Angeles Ethics Commission, over the 
last 10 years, Rancho LPG, LCC has donated over $22,000 to local 
politicians, including current Councilman Joe Buscaino; previous 
Councilman and current Rancho lobbyist, Rudy Svorinich; and just days 
after rendering a decision in favor of Rancho LPG, LLC, L.A. City 
Attorney Trutanich received a large contribution to the ``Trutanich 
Office Holder Committee 1301975'' from Plains Marketing, LP on 2/25/11.
    Rancho LPG, LLC has donated handsomely to EastView Little League, 
an organization synonymous with sitting two-term Los Angeles Harbor 
Commissioner, Anthony Pirrozzi, long-time league president, member of 
the steering committee, and coach.
    In 1977, Gov. Jerry Brown tasked the California Public Utilities 
Commission to inspect the marine terminal of Petrolane, Inc. to 
determine its potential hazard to the surrounding area. Despite his 
acknowledgment of the high risks associated with the siting of this 
ultra-hazardous facility, his final report concluded only that,

``The city of Los Angeles Department of Building and Safety has 
determined that Petrolane's low temperature liquefied petroleum gas 
(LPG) units are not exempt from Section 91.0102 of the Los Angeles 
Municipal Code as originally indicated. Accordingly, on April 20, 1977, 
the department issued an order to comply to Petrolane, Inc., which 
directs the company to file plans and obtain building permits for the 
two low temperature LPG storage tanks. The review will include a check 
to ensure their ability to resist seismic loading.''

    Needless to say, the seismic issue has remained. Had the original 
Petrolane facility been subject to SEC. 91.0102., it could never have 
met the requirements of the code, the purpose of which was,

`` . . . to safeguard life, limb, health, property and public welfare 
by regulating and controlling the design, construction, quality of 
materials, use and occupancy, location and maintenance of all buildings 
and structures erected or to be erected within the city, and by 
regulating certain grading operations within the city.''

    It is important to note that this section of the Los Angeles 
Municipal Code was replaced in November 21, 1989 by Ordinance No. 
165310, which deliberately elevated the safety bar not only for new 
construction, but also for ``alterations'' and ``repairs.''

`` . . . Where, in any specific case, different sections of this code 
specify different materials, methods of construction or other 
requirements, the most restrictive shall govern. Where there is a 
conflict between a general requirement and a specific requirement, the 
specific requirement shall be applicable.''

    It should come as no surprise that Governor Brown received 
substantial campaign donations and questionable loans from the 
Petrolane company.
    3. Act swiftly to correct past failures and mitigate dangers before 
the unthinkable does happen.
    In 2007, the ``Department of Homeland Security Appropriations Act 
of 2007, mandated that the Secretary of the Department of Homeland 
Security establish risk-based performance standards for the security of 
high-risk chemical facilities within 6 months of the enactment of the 
Act. Also mandated was the development of vulnerability assessments as 
well as the development and implementation of site security plans for 
high-risk chemical facilities. The CFATS interim final rule was 
promulgated to fulfill the requirements of this Act.''
    Why has Homeland Security done nothing to protect both people and 
property from the profoundly high-risk chemical facility casting a grim 
shadow for miles in every direction?
    Further evidence of risk-based performance threats to homeland 
security are records collected by the California Public Utilities 
Commission regarding the staggering number of train derailments along 
the Pacific Harbor Line, which transport these chemicals throughout the 
Port of Los Angeles and the San Pedro/Wilmington communities.
    Although the Pacific Harbor Line has a fine-tuned public relations 
strategy that toots a loud bullhorn about its attention to safety, the 
truth is, CPUC documents a jaw-dropping 40 derailments between 2008 and 
2012! I have contacted CPUC numerous times to obtain 2013-present 
records but never received a response. Simply based on this 
unacceptable derailment record, the Homeland Security Appropriations 
Act of 2007 mandates immediate intervention to cease and desist all 
Pacific Harbor Line operations
    Why has nothing been done to mitigate this risk???? Why are 
regulators not all over this??? These facts must be known. Thank you 
for reading my concerns and, hopefully, for changing the course of 
history.
                             comment 4 of 4
James Dimon
    Having looked at the current situation with Port of Los Angeles 
(POLA) security and their relationship with law enforcement which 
surrounds the port complex the following has been determined to be a 
necessary component toward POLA and community safety.
    We believe by ensuring Los Angeles Police Department, Harbor 
Division is equipped with license plate reader technology it would add 
an important layer of security to the port complex extending miles in 
some cases from its shores.
    This technology is already being utilized by surrounding 
communities like Rancho Palos Verdes and should include participation 
by the Los Angeles Port Police as well.
    We also believe a pact of cooperation should exist with the 
implementation of this technology, stressing the importance of 
different agencies to sharing critical safety information with each 
other, thereby increasing the effectiveness of the system and the 
security of not only POLA, but that of the citizens who reside on its 
boarders.
    The technology is proving to be highly effective in identifying 
intruders into the city of Rancho Palos Verdes alerting law enforcement 
before they can act and as an increasingly valuable investigative tool.
    POLA is currently bringing millions of people to the Complex 
utilizing existing infrastructure. POLA's expansion projects are 
working to improve that infrastructure that will bring millions more in 
the future. Plans for the San Pedro Market Place, Alta Sea, Banning 
Shores and the Avalon Blvd expansion will undoubtedly increase the 
desire to come down to the Port Complex.
    In closing we need to be proactive with our approach to addressing 
what will be increased security of POLA and the surrounding 
communities. Here is an opportunity to get ahead of the security issues 
with a police division which is tops in the country practicing law 
enforcement.
    Please consider the importance License Plate reader technology 
would provide toward a huge boost to Port Security and that of its 
neighbors.

    Ms. Barragan. Thank you. So statements are from groups like 
the San Pedro Peninsula Homeowners United, Mr. James Diamond, 
and Carlos Garcia. They offer the committee an often-overlooked 
local perspective as we consider port issues.
    Mr. Familathe, thank you for raising the issues with the 
TWIC program. This is something I have heard not just from your 
organization but from others. The concerns on what the program 
does or doesn't do and the burdens it imposes.
    We always want to make sure that we have security at the 
forefront. So I am hoping that we can work in a bipartisan 
fashion to address some of the concerns that were raised here 
today. So we have a lot work to do on that.
    Now, for my questions, I know that Mr. Martel indicated 
that the staffing was sufficient.
    Mr. Familathe, you are on the ground. Your members are on 
the ground. You handle the cargo. In your perspective, given 
that your members are there and you see first-hand, but do you 
believe that the current CBP staffing levels at the ports are 
adequate?
    Mr. Familathe. No, I do not.
    Our members work 7 days a week. There are only a few no-
work holidays throughout the entire year. With pressures to 
move cargo 7 days a week through ports like Los Angeles and 
Long Beach, it is important that not only the longshoremen are 
there. We can get the cargo off the ship. But if CBP doesn't 
have it budgeted to have that staffing on the weekends and the 
CBP officers there to X-ray the cargo, then we can't keep that 
cargo moving.
    So it works hand-in-hand.
    We would really like to see the proper budgeting.
    They may have the staffing. I won't challenge Mr. Martel 
here on that. He knows his operation better than anyone. But 
maybe they don't have it budgeted to have those CBP officers 
working weekends.
    Ms. Barragan. Certainly, we will follow up on that.
    Mr. Cordero raised an issue that I get asked about all the 
time. That is, do a hundred percent of the containers and the 
cargo that come into the port get scanned?
    Mr. Martel has indicated that a hundred percent get the 
radiation scan, but only the high-risk get the X-ray.
    My question is does the fact that we don't X-ray 100 
percent, knowing that Mr. Cordero said it was impractical, does 
that leave our port at risk?
    Mr. Martel. I don't believe that it does.
    I think we have a very robust targeting system. We are able 
to get information as part of the 24-hour advance cargo 
manifest rule, we are able to get cargo information 24 hours 
before the cargo boards a vessel.
    So we have a unique opportunity to scan the commodity, look 
at all of the shipper/consignee information, bounce it against 
various Classified law enforcement databases, trade databases, 
open-source information, to do an in-depth assessment as to 
whether or not the cargo presents a threat.
    Ms. Barragan. Thank you.
    Mr. Seroka, I want to ask you about an incident that 
happened in the fall. You may have--I am sure you heard about 
it--the high-speed chase that ended here at the port complex. 
It ended up with the suspect climbing a large crane and even at 
one point passing two workers on his way up, before ultimately 
falling to his own death. It was an unfortunate incident.
    I think a lot of us were surprised that a car could get 
onto the port and to do this. I often think about bombings. 
What we do today is we put up these barricades so cars can't 
get past. That this gentleman was able to access the port 
complex as easily as he did.
    Can you tell us what additional security procedures have 
been put in place as a result of this? Because of my concern 
that it could pose to homeland security.
    Mr. Seroka. If I may, Congresswoman, it would be helpful I 
think to the committee to start with a wider context of this 
specific incident.
    The alleged assailant stole a car from a dealership in the 
Inland Empire, approximately 60 miles away from the port. 
Moving through multiple counties with various jurisdictions of 
pursuit, the driver was moving through our network of surface 
streets and freeways in a very erratic manner. Insomuch that 
leadership of these agencies had moved closer and then decided 
to retreat from this particular driver, not to impede upon the 
public's safety.
    The driver then approached the harbor area on the 110 
Freeway. All throughout this police chase that went through 
multiple counties, we had no indication that this driver was 
targeting or set to enter the port complex.
    After weaving his way through several street and local 
neighborhood enclaves, a U-turn was made to go back onto the 
110 Freeway and take an immediate exit off of that freeway 
toward port property.
    From all accounts, both on-site as well as in the air, as 
this was telecast by local news on multiple channels, the 
driver began to follow traffic and turned in to a specific 
terminal that was led in by ILW work force that was going to 
work for the nightside shift.
    That is a traditional gate that will be open to our workers 
so they can get on-site with safety and move to their jobs 
beginning at 6 p.m. The penetration was made at approximately 
5:50 in the evening.
    Getting onto the terminal site was met with response from 
our Los Angeles Port Police unit within 3 minutes and 20 
seconds of notification of that breach.
    Once on-site, there were a number of tactical details and 
protocols that needed to be followed, especially through the 
allied agencies, and the necessity of highly sophisticated 
response teams that were called to that particular site once 
Port Police had cordoned down the situation.
    It is unfortunate, but that individual did climb a crane 
and either fell or jumped to his death.
    What we have done in the timing since then, although none 
of this could have been predicted, is that we fortified gate 
activities, not only at that particular facility, but also 
created different paths of cargo entry as well as personnel and 
visitor entry with credentialed folks that will be working on 
the port.
    In addition, all of these standards at the particular 
facility that was breached and others that we immediately took 
under evaluation were at or above United States Coast Guard 
standard for entry and exit.
    But we will continue to raise the bar on that in 
collaboration with Coast Guard, CBP, and other allied agencies 
to make sure that our threshold goes well beyond that is 
mandate.
    Ms. Barragan. I yield back, and I apologize for going over.
    Chairman McCaul. The Chair recognizes Mr. Rohrabacher from 
Orange Country.
    Mr. Rohrabacher. It is good to be back. Some of you may not 
understand, but I represented this area for about 10 years. 
Mario and I worked out a lot of problems together. But it took 
a lot of work to do it. I tell you that much.
    We have--you know, this port is one of the great assets of 
our country. As such it has got special considerations that we 
have to look at. I know as the 1900's turned into the 20th 
Century, we faced certain challenges. I happen to have observed 
the changes that were taking place when we went from having 
everything in boxes and taken off the ships in boxes, and 
longshoreman would have to take them off individually.
    The great cost and actually cooperation that was necessary 
to create this new system that we have, or the system we have 
now, of containers, which is basically so efficient we have 
developed what would be a conveyor belt across the ocean. That 
is how efficient we are.
    Well, a lot of people are taking advantage of that conveyor 
belt to make money. That is what they should do. We have a 
market system here. People looking for profit.
    But I would hope that as we look at the new challenges that 
come with this change of technology that we make sure the 
people using the conveyor belt help pay for the things that we 
need to do to make sure that that economic conveyor belt stays 
in process.
    Mr. Lowenthal and I have been really involved in that issue 
for a long time. We still are active in this.
    So as we are looking at some of the things, Mr. Chairman, 
that need to be done to keep this system safe, which is what we 
are focusing on today, but also functioning, let's make sure 
that we work together, but we take the approach that those 
profiting from this new system will pay the bill in devising 
ways of making it work better.
    These new challenges, Mr. Chairman, that you focused on 
today, thank you for being here to help us discuss those.
    The cyber attacks. Let me know--I am on the Science 
Committee, and even I have a tough time in figuring out how 
these cyber attacks work. Today with the testimony that we have 
had, it has been very beneficial to me and I am sure to all of 
us to think how we can deal with this. We have already--we have 
got an example now.
    We know, over the years, as I say, since I represented 
this, we know that even when there is a slowdown here, it costs 
hundreds of millions of dollars just to have a slowdown. If 
there is a cyber attack, it shuts the whole thing down even for 
a couple days, it is an economic catastrophe. Thus we do need 
to work together to see what we can do to head off those 
problems.
    We talked also today, someone mentioned drones.
    Well, we never had to worry about drones 20 years ago, did 
we? But, yes, that is something we are going to have to think 
about. Think about what the penalties should be, what the rules 
should be.
    I want to ask, Mr. Chairman, someone mentioned 
overreaching. That we can't be overreaching in cyber. Which 
one?
    Mr. Seroka. I mentioned that, and that is not exactly what 
I stated.
    Mr. Rohrabacher. Could you give us a note of caution of not 
going too far so that if we are trying to make the system safe 
that we don't freeze it.
    Mr. Seroka. I mentioned in my earlier question and answer 
back to the Chairman that as my recommendations and that of our 
department here, which is a municipal agency in the city of Los 
Angeles, that I felt there were a couple things we needed to 
do. One was that collaborative spirit of bringing people 
together, sharing information systematically----
    Mr. Rohrabacher. What about overreach? Where does that come 
in?
    Mr. Seroka. As I stated on the record that there are some 
in private-sector industry that feel that Government may 
overreach. As we get into those areas, we need to have a 
sensitivity toward that.
    Being on the ground here and coming from the private 
sector, I think I see a lot of those sensitivities and can help 
find those unique aspects that we can work together.
    Mr. Rohrabacher. So in other words----
    Mr. Seroka. We have to be mindful of that.
    Mr. Rohrabacher [continuing]. What we have got to do is we 
have got to make sure we are taking care of the problem but not 
so much that we are killing the patient when we are trying to 
correct the disease.
    So that is my only admonition--two admonitions. No. 1, 
let's find ways of paying for it by the people who are making 
the profit on this conveyor belt, and, No. 2, let's make sure 
we don't overreach so that we are actually becoming the enemy 
and slowing down this great wealth-producing enterprise that we 
have here in our ports.
    Thank you, Mr. Chairman, for coming and joining us today.
    Chairman McCaul. Thank you for being here.
    Excellent point with respect to overreach. The 
cybersecurity bill we passed out of committee--it is law now--
was predicated on the Department not being able to regulate. 
Because we thought to have a true information-sharing 
relationship, you are not going to share information with some 
entity that can regulate your industry.
    I think providing the liability protection even went 
further so that, you know, the financial institution here can 
share with the other one without threat of a lawsuit.
    So I hope that is working. It has been a great experiment. 
But the threat is very real.
    So thank you for that.
    Mr. Lowenthal.
    Mr. Lowenthal. Thank you, Mr. Chairman. Thank you for 
inviting me.
    It is really an honor, as the person who is the co-chair of 
the Ports Caucus in the Congress of the United States and also 
as the representative of the Port of Long Beach, cybersecurity 
is not an area that I am proficient in. So for me this has been 
a great experience, just listening.
    But I want to get back to, you know, we have a lot of 
conversation or much of the conversation focused on the impact 
of the cyber attack in June of this past year to Maersk.
    When I spoke to Maersk about that right after they said, 
you know, they are going to be able to cope with it and live 
with it. They didn't like it. But they had the resources.
    But they also indicated to me that they were not alone. 
There were a lot of smaller, you know, lines that were also 
impacted in other ships. It is not just the large people.
    So I want to get back to the Coast Guard.
    You know, with this attack, which I believe occurred off 
the Black Sea, and there were over 20 ships that lost their GPS 
systems. Researchers have indicated now, I believe, that there 
really are software vulnerabilities in commonly-used 
communications and navigation systems on cargo vessels and 
tankers, et cetera.
    I would like to know from the--if there are these 
vulnerabilities, not just for the large ones, and the large 
ones were saying we will live. We don't know how the smaller 
ones that were impacted are actually going to be able to exist, 
you know, and whether they--the question is, what is the Coast 
Guard--are you aware of that right now in our system that is 
out there, we have these vulnerabilities?
    Maybe the large companies will be able to fix it, but what 
are we going to do about this? Does the Coast Guard see this as 
a tremendous vulnerability that is out there?
    Admiral Sokalzuk. Congressman Lowenthal, thank you, sir.
    I think the Coast Guard does see this as a vulnerability. 
We have had several instances now, this Black Sea incident that 
you referred to.
    Mr. Lowenthal. That is right.
    Admiral Sokalzuk. Those ships figured out what was going on 
through use of relying on their training to IMO standards and 
things like that, figured out that their GPS signals were not 
indicating the right thing in their position systems.
    I think as these electronic systems become more 
interconnected, we will see more of that.
    I think, you know, one thing that we have to realize in a 
lot of these stems is the human in the loop has to work well, 
has to be well-trained, has to understand some of this. We have 
to look at all these systems and build that resiliency into 
there that somebody has other ways to verify the operation of a 
system.
    In this case, it was training for them. They probably had 
visual aids to navigation or something like that. Just like in 
this country, as you approach the ports, you don't completely 
rely on GPS, you start to rely on the visual aids to navigation 
that the Coast Guard maintains.
    But we worked with IMO and industry to develop guidance 
that takes cyber into account into safety management systems 
for ships. So there is an IMO circular out on that right now, 
sir.
    But we have to continuously identify these risks and really 
instill this culture of constantly evolving how we manage risk 
in cyber. But ultimately there has to be, you know, resiliency 
and redundancy that people can rely on. It is oftentimes humans 
and people with good training.
    Mr. Lowenthal. I want to follow up--thank you for that 
answer--something that Mr. Martel talked about, and I think 
you--and when you were talking about your advanced information 
systems that you get about what is taking place, it just 
triggered to me a conversation that I had with Mr. Seroka 
recently about the ability or the need to kind-of coordinate 
all the digital information and really understand not just a 
day or two before a ship is coming, but exactly what is 
happening and to be able to share that information.
    So I really want to say to follow up to ask Mr. Seroka, how 
can--what are the improvements that we are already beginning to 
see in the information systems technology and how can that help 
us with the cybersecurity?
    Mr. Seroka. Yes, Congressman. You are referencing a 
discussion we had about one of our signature initiatives here 
at the Port of Los Angeles, the Port Optimizer, or Information 
Sharing Portal.
    Mr. Lowenthal. Yes.
    Mr. Seroka. That was co-designed between General Electric 
Transportation and the Port of Los Angeles.
    Mr. Lowenthal. I believe the Port of Long Beach is going to 
soon be part of that system also.
    Mr. Seroka. We are very hopeful. Yes.
    Executive Director Cordero and I have been speaking about 
those opportunities regularly as to who we could really work 
together in this area.
    Mr. Lowenthal. I encourage that.
    Mr. Seroka. Thank you.
    Dating back about 3\1/2\ years ago, Congressman, you will 
remember the depths of congestion that we witnessed not only 
here in southern California, but throughout most of the world's 
east/west trade gateways due to dislocations in the supply 
chain, new partnerships that were being formed, the unfortunate 
financial travails our maritime community had been facing since 
the advent of the recession, and other causes.
    We felt at that time that if we could do a better job 
sharing information across stakeholder groups we could find 
operational efficiencies that would be necessary to bring this 
port complex and others not only to standard but beyond that 
for what our customers expected.
    So we began working with--with customs and specifically Mr. 
Martel, along with others in Washington with the Department of 
Homeland Security and CBP, Rich DiNucci, to be specific, who 
offered ideas on how we could utilize information through the 
Customs Advanced Manifest System, which Mr. Martel referred to 
earlier, is a vetting process used 24 hours between vessel sail 
from Asia here to the United States.
    My ask was pretty simple in that I wanted to utilize 
generic information. I did not want to know what was inside the 
container, how much it cost, or any other sensitive or 
proprietary data that Customs may hold.
    The point of bringing General Electric on was one of a 
company who has a great reputation of being a steward of 
information, and holds many Federal, State, and local contracts 
throughout the Nation.
    That information now in its earliest stages has been tested 
here at the Port of Los Angeles and with the permission of 
Board of Harbor Commissioners will be rolled out to the 
entirety of the port over the coming months.
    The idea is that the earlier line of site we have on this 
information the better we can mobilize our service providers 
and partners to move the cargo and its conveyance system in a 
much smoother way.
    Having earlier access to that data will also show, 
potentially, any abnormalities so this group of trusted 
partners can again convene and talk about what we can learn 
from those and how best we can protect our interests of our 
assets, people, and the cargo that moves through our port.
    Mr. Lowenthal. Thank you.
    As I yield back I also want to agree with Congressman 
Rohrabacher that we definitely need a sustainable revenue 
stream to enhance the movement of goods.
    Thank you.
    Chairman McCaul. The Chair recognizes gentleman from San 
Diego, Mr. Duncan Hunter.
    Mr. Hunter. Thank you, Mr. Chairman, and thanks for being 
here. San Diego.
    Let's start with this. The Chairman hasn't talked about it. 
But he has got a book called ``Failures of Imagination.'' Did I 
get that right? ``Failures of Imagination.'' It starts off with 
a pretty catastrophic attack in the District of Columbia. But 
it goes through things we haven't thought of yet.
    So the containers, where everybody is checking those, if 
there was one failure of imagination, something you that 
haven't thought about yet today, what is it? It is a big yacht 
that blows itself up? What would be our failure, sitting here, 
after something bad happening?
    Because we are checking out containers all the time now. 
You are focusing there. So if I was a bad guy, I would sure as 
heck not do anything on a container. I would do something else. 
Talked about we stopped using panga boats. We are now using 
recreational boats more. Right? Because they don't get flagged.
    Anyway, what is a failure of imagination here?
    Mr. Cordero. If I may, Congressman, says that is a great 
question.
    As I note in my testimony, part of the concerns or issues 
we were going to address is what are the new threats? To the 
question.
    The unmanned aircraft is that new threat. I mean, because 
when you start talking about the potential, what could happen, 
a catastrophe.
    I think, on the other hand, if we are proactive and make 
sure we approach this issue in a way that the port authorities 
would have the ability to restrict usage of the unmanned 
aircraft and/or drones as we know it, then of course it 
certainly would mitigate that type of threats.
    Mr. Familathe. In my testimony that was submitted, ILW used 
to inspect all the containers coming out of the waterfront. As 
the industry changed, cameras were installed at the gates in 
the terminals.
    We no longer open doors on containers. We know how 
vulnerable we are in this country from within. Empty containers 
are parked on the street. Truck drivers pick them up, bring 
them into the terminals. I believe that that is a huge 
vulnerability for us.
    When our guys used to open the doors, you could see if 
anything was inside. Now that doesn't take place. A camera is 
looking up top, but you are not seeing inside the container, of 
all the containers, of particularly a small port like San 
Diego.
    Mr. Hunter. Thank you.
    Gentlemen.
    I have got one more question too. So we got UAS not looking 
inside containers.
    Yes, Admiral.
    Admiral Sokalzuk. So, Chairman Hunter, what I would say, 
sir, is I think we have got to put that imagination into our 
exercises. Make sure that we fully explore things like when we 
have an incident, like some of the things that we have just 
had, where we are operating on backup systems and we are doing 
things manually that somebody can't do something that gets 
something through into this country.
    No matter what realm it is, whether it is within Customs' 
realm or the Coast Guard's realm, I think we have got to inject 
a lot of imagination into those exercises and really look at 
that particular piece when we are operating in manual mode.
    Mr. Hunter. Thank you.
    Mr. Martel. Sir, I would echo the admiral's comments.
    I would also add to your point. Private vessels, pleasure 
craft continue to be a challenge for us. You know, I think we 
need to strive to have better domain awareness of our 
responsibility. That is presently, you know, one of the 
challenges here locally within Los Angeles.
    I think working through the AMSC, through our regional 
coordinating mechanism, working with all the State and locals, 
getting out there and working with harbormasters and whatnot is 
part of our plan. It is what we are currently doing, to try to 
have more visibility as to what that threat is. But that 
continues to be the unknown because those vessels come in and 
out daily.
    Mr. Hunter. Thank you.
    Last question. Try to do it in 1 minute.
    What percentage of the port or of the terminal operators 
are foreign-owned in Los Angeles and Long Beach?
    Mr. Seroka. Ninety-eight percent?
    Mr. Hunter. Are foreign-owned.
    Mr. Seroka. Yes.
    Mr. Hunter. Who approves who owns them?
    Meaning, can the Iranians operate a terminal? Can the 
Iranians--can somebody--can Pakistan operate a terminal? Or are 
they all happy countries that operate----
    Mr. Seroka. No. That would be a situational awareness with 
respect to how the vetting process goes with respect all the 
way down to municipal----
    Mr. Hunter. Ninety-eight percent of the ports.
    Mr. Seroka. Similar circumstances.
    Mr. Cordero. Yes, that is correct, Congressman.
    I would also say that the CPS process right now that is in 
the District of Columbia certainly addresses those issues. Of 
course that process specifically addresses the security threats 
with potential transactions.
    Mr. Hunter. Does CBP look at a terminal operator 
differently if they are--let's say that they are--name a good 
country; I don't want to say if there are good or bad countries 
because we are all wonderful.
    But let's just say a Western civilization, first-world 
country, versus Iran.
    Do you look at the normal operator differently if it is 
owned by different types of folks?
    Mr. Martel. Sir, that I would have to get back to you on in 
terms what we do at the Coast Guard.
    Mr. Hunter. You do game theory. That is how you determine 
what targets to go after to pick.
    Mr. Martel. Yes.
    Mr. Hunter. I would have to play into there. Right.
    Admiral Sokalzuk. Congressman Hunter, I don't think we look 
at them differently. We enforce the same standards on them for 
facility security, facility security plans, facility security 
assessments, unannounced spot checks. All those things.
    So I think that rigorous approach, while I am unaware that 
we have ever modified it for a certain national terminal owner, 
I think that is what really helps us maintain security in the 
port is that regimen.
    Mr. Hunter. Thank you.
    I yield back.
    Chairman McCaul. Good points.
    Thanks for the plug for my book as well.
    But I think imagination is important. Red team exercises to 
keep, you know, finding vulnerabilities. I think the cyber 
event demonstrate a vulnerability that we can hopefully make 
better.
    Mrs. Torres, is recognized.
    Mrs. Torres. Thank you, Mr. Chairman. Thank you again for 
inviting me to participate in this very important hearing right 
here in California, the Port of Los Angeles.
    I want to also thank Ranking Member Thompson and both of 
your staffs for helping me with my bill. Certainly, we could 
not have been able to get it through the committee without your 
assistance of your staffs and all of the commitment that we 
have seen today from the Members of the committee. So thanks 
again for that work.
    Going back to a comment that you made earlier today as we 
started this conversation, Mr. Seroka.
    The attack pointed at the company when we were talking 
about this last cyber attack in August. I forget.
    How can we not think that the attack was not necessarily 
targeted at a company but at global commerce? And they utilized 
the company to stage the attack?
    Certainly, someone could have known that, you know, these 
attacks were targeting major ports, not just in the United 
States, but globally, shutting down one of the biggest 
terminals here.
    The livelihood of my district is intimately connected with 
the work that all of you do here, not just in the Port of Los 
Angeles, but in the Port of Long Beach. It is critically 
important for me that, you know, you have the support that you 
need to ensure that you do your job. That is why this bill is 
so important to me. That is why in last Congress I worked with 
Buddy Carter to put permanently into law the FLETC program.
    I want to ask you about the MLETC program that you have 
here. So that is, what, a child of the FLETC program? That is, 
what, an MOU between FLETC and MLETC? Can you explain how that 
works?
    Is that only unique to the Port of Los Angeles Long Beach?
    Mr. Seroka. Yes, it is unique to the Port of Los Angeles 
where the maritime----
    Mrs. Torres. Exclusively.
    Mr. Seroka [continuing]. Where the Maritime Law Enforcement 
Center is domiciled here in the Port of Los Angeles, and under 
the direction of the FLETC, as you had outlined.
    One specific statement for the record. We have not 
predisposed anything with respect to how this or other cyber 
attacks were first looked at, where they were targeted, who 
they were going to impact.
    We have got to keep a wide line of vision around what we 
know, what we learn. Putting a lot of that energy, which has 
also been a constant theme from the committee, as to how we can 
harness that energy looking forward and evaluating those 
threats that we don't know of today. How best--and I think the 
term was just used--how best we can look at what we don't know.
    Mrs. Torres. For example, the unmanned aircraft, the camera 
systems that are currently watching employees that could be 
targeted or used as a target to more than watch the employee 
activities for good or bad. But could, you know, be utilized to 
do harm.
    Mr. Seroka. Right. It is a daunting task, Congresswoman, 
because I don't think I would ever in good faith sit here and 
tell you that we will have everything covered coming out of 
this meeting.
    Our job here as stewards of this agency are to de-risk and 
minimize risk across a broad cross-section of potential areas 
of threat.
    Looking introspectively at our own vulnerabilities, those 
which others have cited, and working through that collaborative 
effort that I mentioned to try to find every way we can to push 
down----
    Mrs. Torres. My time is very limited. So I am going to have 
to cut you off there.
    Thank you for the effort in creating what you have called a 
vibrant environment for information sharing. I would love to 
see how that MLETC model can be implemented at all of our 
ports, including Ontario Airport, which is very dear and close 
to me, since I represent that airport.
    But also our ports, Oakland, San Diego, and moving on north 
within California.
    To our Coast Guard partners, I want to thank you for all 
the work that you do.
    I was recently in South America and saw some the work that 
you are doing there in bringing foreign partners to help you 
see and intercept the narco trafficking that is coming through 
the Pacific side.
    So thank you for your effort.
    I understand that you have issues and problems with aging 
craft. Not just the ships that you have, but other aircraft 
that you have.
    Thank you for doing everything that you are doing with 
limited resources.
    Maybe giving us an appointment to, you know, a Coast Guard 
academy might help in that.
    I yield back, Mr. Chairman.
    Chairman McCaul. Ranking Member is recognized.
    Mr. Thompson. Thank you, Mr. Chairman.
    I ask unanimous consent to enter into the record a 
statement from the National Treasury Employees Union.
    Chairman McCaul. Without objection, so ordered.
    [The information referred to follows:]
Prepared Statement of Anthony M. Reardon, National President, National 
                        Treasury Employees Union
                            October 30, 2017
    Chairman McCaul, Ranking Member Thompson, distinguished Members of 
the committee, thank you for the opportunity to submit this statement 
on Customs and Border Protection (CBP) staffing issues on behalf of the 
25,000 CBP Officers, Agriculture Specialists and trade enforcement 
personnel stationed at 328 land, sea, and air ports of entry across the 
United States (U.S.) and at preclearance stations currently in Ireland, 
the Caribbean, Canada, and United Arab Emirates airports represented by 
the National Treasury Employees Union (NTEU).
    As of September 2017, CBP's Office of Field Operations (OFO) had 
1,200 CBP Officer vacancies. The fiscal year House appropriations bill 
includes funding to fill the current vacancies to meet the fiscal year 
CBP Officer on-board target of 24,214, but provides no new funding to 
address the current CBP Officer staffing shortage of at least 2,500 
additional CBP Officers as stipulated by CBP's recently-released 
Workload Staffing Model and to fund an additional 720 CBP Agriculture 
Specialists as stipulated by CBP most recent Agriculture Resource 
Allocation Model.
              cbp at the ports of entry staffing shortage
    With the existing vacancy rate of nearly 1,200 funded CBP Officers 
and, according to CBP's analytic workload staffing model, the need to 
hire and fund an additional 2,500 CBP Officers to meet fiscal year 
staffing needs--there is a total CBP Officer staffing shortage of 3,700 
today.
    The economic cost of this shortage is staggering. For every 33 
additional CBP Officers hired, the United States can potentially gain 
over 1,000 private-sector jobs. If Congress fully staffed the ports 
with the needed 3,700 additional CBP Officers, 106,000 private-sector 
jobs could be created. Understaffed ports lead to long delays in travel 
and cargo lanes and also create a significant hardship for front-line 
employees. Both involuntary overtime and involuntary work assignments 
far from home disrupt CBP Officers' family life and destroy morale. 
Notably, on-going CBP staffing shortages directly contribute to CBP's 
perennial low ranking in Federal employee workforce satisfaction 
surveys.
    In addition to CBP's trade and travel security, processing and 
facilitation mission, CBP employees at the ports of entry are the 
second-largest source of revenue collection for the U.S. Government. In 
2016, CBP processed more than $2.2 trillion in imports and collected 
more than $44 billion in duties, taxes, and other fees.
    As you know, the President's January Executive Order calls for 
hiring 5,000 additional Border Patrol agents and 10,000 new Immigration 
and Customs Enforcement (ICE) agents, but does not ask for one 
additional CBP Officer new hire, despite the fact that CBP Officers at 
the ports of entry in 2016 encountered over 274,000 undocumented 
immigrants and seized over 600,000 pounds of illegal drugs, and over 
$62 million in illicit currency, while processing over 390 million 
travelers and $2.2 trillion in imports through the ports.
        cbp staffing at the ports of los angeles and long beach
    The Port of Los Angeles is the No. 1 port by container volume and 
cargo value in the United States and, along with the Port of Long 
Beach, is part of the biggest port complex in the United States. NTEU 
represents approximately 800 CBP frontline employees at the Ports of 
Los Angeles and Long Beach (LA/LB). In addition to CBP Officers and 
Agriculture Specialists, these 800 employees also include non-uniformed 
trade specialists in the LA/LB based Electronics Center for Excellence 
and Expertise (CEE) along with trade specialists screening incoming 
commodities represented by all ten CEEs. Since April 2017, the number 
of front-line employees at LA/LB has been reduced by approximately 45 
positions. Staffing shortages at seaports Nation-wide are especially 
acute. Of the 2,000 CBP Officer new hires funded in fiscal year 2014, 
fewer than 20, or 1 percent, were assigned to seaports.
    The staffing shortage at the CBP San Diego Field Office, that 
includes the San Ysidro land port, the LA/LB seaport and the Los 
Angeles International Airport, is indeed critical. In March 2017, there 
were 350 CBP Officers vacancies at the ports within the San Diego Field 
Office. Because of the on-going staffing shortages at the Nations' 
ports, CBP Officers at some ports work up to 16 hours a day and since 
2015, CBP OFO has had to divert several hundred CBP Officers from 
already short-staffed sea, air, and land ports to the critically short-
staffed land ports at San Ysidro and Tucson for 90-day stints.
                            recommendations
    Delays at the U.S. ports of entry result in real losses to the U.S. 
economy. Understaffed ports lead to long delays in travel and cargo 
lanes, hurting businesses and consumers, and also create a significant 
hardship for front-line employees. The 1,200 existing vacancies at U.S. 
ports of entry must be filled first and 2,500 new CBP Officer and 720 
CBP Agriculture Specialists positions need to be funded by Congress.
    We ask Congress to reconsider CBP's funding priorities as it 
finalizes its fiscal year appropriations bills. Unlike other DHS 
components operating between the ports of entry and at ICE, both of 
which received significant increases in personnel funding in the fiscal 
year appropriation bill recently approved by the House, CBP at the 
ports of entry has established and documented Workload Staffing Models 
that justify the need to hire 2,500 CBP Officers and 720 Agriculture 
Specialists today.
    If Congress is serious about improving port security, as well as 
facilitate legal international trade and travel, there is an 
opportunity to address the justified and documented need to fund 
additional CBP staffing at the ports in the Omnibus bill that will be 
considered later this year. On behalf of the men and women represented 
by NTEU at the Nation's ports of entry, I urge you to authorize and 
fund CBP Officers and Agriculture Specialists at least to the levels 
that Border Patrol and ICE agents are funded in the recently approved 
fiscal year House appropriations bill.
    Thank you for the opportunity to submit this statement to the 
committee.

    Chairman McCaul. Let me thank all the witnesses for your 
testimony. It is very valuable.
    I want to thank both the Long Beach and L.A. Port Authority 
for the tours that we received today.
    Want to thank everybody who is attending and for your 
service day in and day out to protect America's largest port. 
It is very important to me. That is why I am here.
    But as a Texan, I must say, in closing, go Astros.
    May not be too popular here.
    The committee stands adjourned.
    [Whereupon, at 3:06 p.m., the committee was adjourned.]



                            A P P E N D I X

                              ----------                              

      Letter From the National Association of Waterfront Employers
                                  October 24, 2017.
The Honorable Michael McCaul,
Chairman, Committee on Homeland Security.
The Honorable Bennie Thompson,
Ranking Minority Member, Committee on Homeland Security.
Dear Chairman and Ranking Member: I am writing on behalf of the 
National Association of Waterfront Employers (NAWE) to provide comments 
pertinent to the House Committee on Homeland Security's field hearing 
on ``Examining Physical Security and Cyber Security at our Nation's 
Ports.'' NAWE is the voice of marine terminal operators (MTO) and 
stevedores and has participated in discussions of these issues since 
the enactment of the Maritime Transportation and Security Act of 2002 
and its implementation by the United States Coast Guard (CG). Marine 
terminal operators buy and operate equipment and hire labor to act as 
the master link in the global intermodal marine transportation system. 
The oft characterized importance of the economic contribution by this 
system cannot be underestimated.
    The Department of Homeland Security (DHS) under the Authority of 
the Congress and the leadership of successive Presidents has 
orchestrated a system of layered physical security in addressing 
threats made apparent following 9/11. This layered security includes 
international port assessments and container inspections by the CG and 
United States Customs and Border Protection (CBP). It includes advanced 
notices of arrival and offshore boarding by the CG and CBP. And it 
includes compliance with CG and CBP regulations by marine terminal 
operators who form the membership of NAWE. Specifically, it is the 
marine terminal operator who must have an approved Facility Security 
Plan (FSP), a designated Facility Security Officer (FSO) and obtain 
releases for cargo from CBP's Automated Customs Environment (ACE). 
Recently, NAWE was deeply involved in the planning for a Transportation 
Workers Identification Card biometric reader and response to the CG's 
request for comments to its draft Navigation and Vessel Inspection 
Circular. It is also the MTO that is singularly focused on the success 
of the business, attending to the diverse objectives of productivity 
and safety/security. Today's safety/security preserves tomorrow's 
productivity. NAWE and its members are committed to ensuring that our 
port's physical and cyber security remain the best in the world.
                           physical security
    Following 9/11, NAWE and it members partnered in the formulation 
the layered physical security for the global maritime supply chain 
through the various public forum including local Area Maritime Security 
Committees. NAWE's members are today a significant investor in and 
integral component of this system. Efforts in foreign ports and on the 
high seas/customs waters go relatively unnoticed. However, the 
continued efforts of the marine terminal operator to be most productive 
in transferring cargo as the master link in our Nation's cargo chain 
receive continuous review as necessary to meet their responsibilities 
under MTSA, the FSP, and the goals of layered security for our ports. 
The marine terminal operator must evolve and improve while CG and CBP 
regulations remain constant. The question is whether CG and CBP 
regulations are able to blend the need for strong security and 
commercial efficiency.
    NAWE applauds the CG's and other agencies current efforts to review 
its security regulations. However, NAWE seeks continued cooperation 
with the CG and CBP to develop a unified DHS port security approach 
including developing a ``one-DHS'' approach to the FSP and Customer 
Trade Partnership (CTPAT) as indicators of our collective commitment to 
the Nation's maritime security. With this much-needed review of 
regulations and the potential for Congress to act to reauthorize DHS, 
we see an opportunity to not only improve security at our Nation's 
ports, but to also improve on the public-private partnerships that are 
key to that security. NAWE hopes these actions can result in improved 
security that works seamlessly with much-needed advancements in 
commercial efficiencies. If changes to laws and regulations governing 
our Nation's physical port security are made with input from private-
sector partners, NAWE believes both goals can be achieved.
                             cybersecurity
    One need only review the morning news to understand the critical 
role of strong cybersecurity in our Nation's ports. To understand NAWE 
commitment to cybersecurity, I refer the committee to NAWE's published 
response to the CG NVIC 05-17. The NVIC describes the CG interpretation 
of MTSA to include Cyber requirements throughout the FSP as well as 
forecasting a ``governance'' process for the future. Two underlying 
principles are contained in this response: (1) While MTSA provides 
clear authority over physical security in protection against kinetic 
threats, it does not do so over the broad cyber spectrum and (2) NAWE 
and its members strongly endorse vigorous and vigilant attention to 
cybersecurity.
    First, a few comments on the nature of cyber and cyber systems at 
port operating facilities. Cyber as something of value is not likely to 
be the servers and various data terminals, it is likely to be the 
``information'' or ``data.'' Further, the real value is not solely in 
the information or data, it is in the capability to distribute the 
information or data within and beyond the facility. It is this 
distribution capability, especially beyond the facility, which also 
becomes its vulnerability. This capability is called the World Wide 
Web--it's the global cyber space.
    At port operating facilities you will find the HR, finance, and 
scheduling capabilities existing at every business of similar size and 
sophistication around the country. Unique cargo moving systems include 
load planning, terminal operating systems (TOS), and customs' release 
authority. Load planning if not on a white board is often done at a 
centralized location and customs' release is done by the government. 
The piece of cyber most key to port operations are the TOS. Various 
terminal operators do not use the same system or even a consistent 
level of capability. Some operators might be able to function 
adequately without a technology solution, some could no longer. Higher-
end TOS often represents proprietary software and included security 
measures from the start.
    Regarding the record of cyber ``incidents,'' there have been 
several examples: Releasing cargo (contraband) to the wrong recipient 
at a European facility, ship-to-shore cranes losing GPS feed, and 
recently malware which shut down operations at a global operating 
company. What were the impacts, the causes, the vulnerabilities, and 
the threats? Was data or cargo compromised? Did they impact the 
Nation's marine transportation system or even the port-wide system? Are 
there unifying recovery actions available? What actions, if taken by 
the Congress or DHS, would have prevented them? These are important 
questions. MTSA sets out a requirement for assessments such as these 
questions prior to formulating responsive plans.
    As a unifying theme connecting NAWE's first two observations and 
the following cyber basics, significant public-private partnerships 
occurred in the development of MTSA physical security in protection 
from kinetic events. Out of that partnership came the articulation of a 
``transportation security incident (TSI).'' No such discourse or set of 
definitions exist today with respect to cyber. In fact, NAWE members 
observe disparate characterizations by the CG of last summer's port 
cybersecurity event impacting several U.S. port operations. Some have 
not even recognized that the ``event'' occurred outside the United 
States. At a minimum, the Nation and DHS is not prepared to establish 
policy to provide security from cyber intrusions. Although not able to 
substantiate its assertion, NAWE believes its members (particularly 
those most dependent on cargo cyber systems) have as good of 
understanding of and response to cybersecurity imperatives as the DHS 
components. NAWE's members are certainly incentivized. This raises the 
question of whether there is a value-add in governmental well-intended 
efforts or whether the marketplace is the better incentivizing arena 
for the port operator's sector. As we develop further technology 
solutions NAWE members continue to spur better cybersecurity.
    NAWE observes recent discussions of the importance of ``personal'' 
actions in vulnerabilities and protective measures in cybersecurity. It 
is interesting that ``people'' have been raised as more important than 
technology to cybersecurity at the same time that the full anticipated 
value of TWIC biometric readers to physical security at marine terminal 
operations has been reduced.
    NAWE's members acknowledge the existence of the NIST framework for 
cybersecurity. It has value, but is its value in having a lockstep 
citation within a facility security plan as presented in the recent 
NVIC or is it a means for the growing cybersecurity industry to be 
guaranteed work. NAWE members and their cybersecurity teams go beyond 
frameworks and look for the best practices to assure protection of 
their data and business practices from unwanted intrusions. Are best 
practices an effort that the Congress and DHS can contribute to and 
how? Is it one that even the disparate terminal operators can gain from 
working together? These are important questions, yet hard to answer. 
NAWE is available to continue this discussion.
    NAWE members value the CG's protection of SSI information and CBP's 
efforts to maintain ACE in the face of cyber attacks. Members also 
value Nationally-accessed information not commercially available which 
might stimulate the most valuable cybersecurity measures. Like the 
physical security realm, NAWE members would value National efforts to 
defeat global criminal and terrorist networks which are the source of 
many attacks. These efforts might extend to foreign shores but at least 
should preserve the use of the global cyber space (also known as the 
World Wide Web) for peaceful and economic purposes as is done for 
commerce on the high seas. Following events, NAWE members recognize the 
value of the CG, CBP, and Port Authorities in recovery efforts. These 
are the kind of efforts DHS (specifically the CG) addressed 
contemporaneously in developing MTSA and FSP requirements.
    NAWE asks that Congress support these efforts of DHS mission focus 
and most important to the safety and security of our Nation's ports, 
support the direct involvement of the marine terminal operators in the 
development, implementation, and execution of port security policies. 
For NAWE and its members to be effective partners, they need to know 
that the agencies we work with are empowered to be partners at every 
step. NAWE members are committed to their contributions to the global 
marine transportation system, the stimulation of the best productivity 
possible and the preservation of businesses, jobs, and lives through 
state-of-the-art safety and security practices.
            Sincerely,
                                               John Crowley
    President, National Association of Waterfront Employers (NAWE).

                                 [all]