The Threat Is Not Theoretical — It’s Happening Every Three Seconds
At a May 15 media briefing, Port of Long Beach CEO Noel Hacegaba opened with a single statistic: the port blocks or stops a cyberattack every three seconds. He paused to let the math land. By the time he finished that sentence, another attempt had already been deflected. In the first five minutes of his briefing alone, port cybersecurity experts had shut down a hundred attacks.
That number is not a projection or a worst-case estimate. It is the port’s operational reality, every day, around the clock.
The frequency places the Port of Long Beach alongside financial institutions and hospitals as one of the most aggressively targeted infrastructure systems in the country. Banks and health networks have spent years building public awareness around their cyber vulnerabilities and securing corresponding investment. Ports have not. They have absorbed the same volume of attacks while operating with significantly less dedicated cybersecurity infrastructure and far less public scrutiny.
What makes Hacegaba’s framing significant is not just the numbers — it is the tone. Port officials describe cyberattacks as routine operational events. Not emergencies. Not anomalies. Incidents that happen between one sentence and the next during a press briefing. That normalization reflects years of sustained, high-frequency targeting that has quietly reshaped how port leadership thinks about digital risk.
The Port of Long Beach moves roughly $300 billion in trade annually. Every crane, terminal system, vessel tracking tool, and cargo manifest database represents a potential entry point. Attackers know this. Three hundred attempts per minute would mean nothing if a single successful breach disrupted container flow for days — which is exactly what happened to the Port of Los Angeles in 2018 and to global shipping giant Maersk in the 2017 NotPetya attack, an incident that cost the company an estimated $300 million. The threat has already proven it can stop global supply chains. Long Beach is not preparing for a hypothetical future. It is defending against a present and relentless assault.
What the $3.5M Center Actually Does — And What It Doesn’t
The Port of Long Beach spent $3.5 million building a Cyber Defense Operations Center that runs 24 hours a day, seven days a week. The CDOC pulls the port’s existing detection and protection tools into a single hub and layers in new programs that were not previously part of the security architecture. Port CEO Noel Hacegaba unveiled the center on May 15 alongside Harbor Commission President Frank Colonna and U.S. Coast Guard Rear Admiral Jeffrey Novak.
The center also reinforces several data networks tied directly to port operations. That detail matters. Hardening existing networks implies those networks carried real vulnerabilities before the CDOC came online — weaknesses inside one of the busiest cargo ports in the United States, handling billions of dollars in goods moving through the global supply chain.
What the center does not do is finish the job. Hacegaba described the CDOC as the port’s “latest initiative” to strengthen cybersecurity capabilities — language that signals a step in a longer effort, not a closing statement. The port blocks or stops a cyberattack every three seconds. Hacegaba made that point explicitly during the briefing, noting that in the five minutes since it began, the port’s team had shut down roughly a hundred attacks. A $3.5 million operations center absorbs that volume better than scattered tools did, but the attack frequency itself reveals the scale of exposure that no single facility investment resolves.
Partners including the California Governor’s Office of Emergency Services and the U.S. Coast Guard are embedded in the effort, which broadens the response capacity beyond the port’s own staff. That federal and state involvement reflects how seriously agencies now treat port infrastructure as a national security concern — and how clearly they recognize that the port alone cannot defend it.
Why Supply Chains Make Ports a Uniquely Dangerous Target
A cyberattack on the Port of Long Beach does not stop at Long Beach. The port moves goods that stock shelves, build cars, and sustain millions of American jobs. Knock it offline for even a few days, and the damage radiates outward through every retailer, manufacturer, and logistics company tied to its cargo flows.
The scale makes that threat concrete. In April 2025 alone, the port processed nearly 818,000 TEUs. That volume represents an enormous pipeline of physical goods in motion — electronics, pharmaceuticals, industrial components, consumer products. A ransomware attack or systems intrusion that freezes terminal operations for 72 hours does not just inconvenience a port authority. It backs up vessels, empties warehouse shelves downstream, and forces shippers to scramble for alternatives that often do not exist at the same capacity.
Port CEO Noel Hacegaba has stated directly that the Port of Long Beach is “no stranger to hackers trying to cripple our operations,” and that ransomware, nation-state actors, and supply chain attacks have become a daily operational reality. That language matters. Hacegaba is not describing occasional nuisance attempts. He is describing persistent, sophisticated adversaries who understand exactly what they are targeting.
That distinction separates ports from most other critical infrastructure. A hospital breach is catastrophic for the patients whose data or care is compromised. A port breach operates at a different level of leverage. Disrupting cargo movement at a facility that handles nearly a billion dollars’ worth of goods each month functions as economic infrastructure warfare. It pressures supply chains, triggers shortages, and inflicts financial damage far beyond the facility itself. That combination of scale, systemic dependency, and cascading consequence is precisely what attracts state-level actors and sophisticated criminal organizations — not just opportunistic hackers looking for a ransom payment.
The $3.5 million Cyber Defense Operations Center exists because the threat calculus has changed. Ports are no longer background infrastructure. They are high-value strategic targets, and their exposure runs directly through the global supply chains they enable.
Who’s Actually at the Table — The Multi-Agency Defense Model
When the Port of Long Beach opened its Cyber Defense Operations Center, the guest list told the real story. U.S. Coast Guard Rear Admiral Jeffrey Novak, Commander of the Southwest District and Deputy Commander of the Pacific Area, stood alongside Frank Colonna, President of the Long Beach Board of Harbor Commissioners, and Port CEO Dr. Noel Hacegaba. The California Governor’s Office of Emergency Services and a coalition of federal, state, and local agencies signed on as operational partners. This is not a vendor showcase or an IT department upgrade — it is a national security apparatus grafted onto a commercial port.
That multi-agency structure is the actual breakthrough, not the $3.5 million price tag or the detection software running inside the facility. Most ports, rail yards, and logistics hubs operate with fragmented security arrangements where a cyberattack triggers confusion about who owns the response. Long Beach built a governance model that answers that question before the breach happens. The Board of Harbor Commissioners — a public body with statutory authority — sits at the same table as federal military commanders. That combination of local accountability and federal reach gives the port a coordination advantage that privately operated infrastructure almost never has.
Rear Admiral Novak’s presence at the launch signals how the Coast Guard now views port cybersecurity: as a maritime domain awareness problem, not a corporate IT problem. A ransomware attack that freezes terminal operating systems or corrupts vessel scheduling data creates the same operational crisis as a physical threat to navigable waterways — it stops ships, backs up cargo, and ripples through supply chains that touch millions of American jobs.
The multi-agency model exists because a single organization cannot hold all the necessary authority. Customs data runs through federal systems. Emergency declarations require state coordination. Physical port security falls under Coast Guard jurisdiction. Cyber incidents at Long Beach will almost certainly cross all three domains simultaneously. Having those agencies pre-positioned as partners — not called in after the fact — is the structural innovation that most coverage of the center ignores entirely.
The Missing Context: What One Port’s Move Tells Us About the Rest
The Port of Long Beach is not a second-tier operation scrambling to catch up. It is one of the busiest seaports in the United States, a technology-forward facility with established federal partnerships and a CEO who speaks fluently about ransomware and nation-state threats. It took that port until May 2025 and a $3.5 million investment to open a dedicated Cyber Defense Operations Center. That timeline is the story most coverage is missing.
If Long Beach — with its resources, its Coast Guard relationships, its California Governor’s Office of Emergency Services partnerships — was only now formalizing around-the-clock cyber monitoring, the logical question is what smaller ports along the Gulf Coast, the Pacific Northwest, or the Atlantic seaboard are actually running right now. The honest answer is: far less. Most lack the budget, the technical staff, and the federal coordination that Long Beach assembled to build even this baseline.
The timing compounds the stakes. Long Beach processed nearly 818,000 TEUs in April, a number that sounds strong until you see it dropped 5.7 percent year-over-year, with imports falling 7.1 percent. Trade uncertainty is already squeezing volume. A successful cyberattack on a port operating under that kind of economic pressure does not hit a system running at full resilience — it hits one already absorbing losses.
Long Beach CEO Noel Hacegaba disclosed that the port blocks or stops a cyberattack every three seconds. In the first five minutes of his May 15 briefing, his team had shut down a hundred attempts. That rate of attack is not unique to Long Beach. Ransomware, nation-state intrusions, and supply chain attacks are hitting every major logistics node. What is unique to Long Beach is that it now has a dedicated operations center to fight back.
This is a template story. Every major port, rail hub, and freight logistics node in the country faces a version of the same threat. Almost none of them have built what Long Beach just built. The $3.5 million center is not the end of a problem — it is a marker showing how exposed the rest of the system remains.
