New Executive Order Targets Cybersecurity of US Ports
The plan strengthens additional authority for DHS to protect against attacks aimed at critical infrastructure like national ports.
A new executive order issued by the Biden-Harris administration is looking to improve the cybersecurity of U.S. ports by giving the Department of Homeland Security more authority to directly address maritime cyber threats.
The nation’s Marine Transportation System’s (MTS) increased use of technology has exposed it to more vulnerabilities from cyberattacks. The order gives the Coast Guard permission to require MTS transportation vessels, facilities and harbors to improve unsatisfactory cyber conditions. Additionally, Coast Guard captains can now control the movement of vessels that pose suspected or known cyber threats to the U.S. maritime infrastructure.
Additionally, the order codifies rules that require incidents and active threats be reported.
“It’s a shift from requesting to requiring,” Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger said during a roundtable with reports according to a White House transcript. “The Coast Guard is the regulator for ports, and the executive order takes their existing physical authorities to set security rules for ports and extends that to the cybersecurity domain. So ports will be required to report that to the Coast Guard.”
The administration also revealed additional measures government is taking to improve cybersecurity in the manufacturing industry. A Maritime Security Directive issued by the Coast Guard will outline steps to secure ship-to-shore Chinese-manufactured cranes at the U.S. Commercial Strategic Seaports.
“The People’s Republic of China-manufactured ship-to-shore cranes make up the largest share of the global market and account for nearly 80% of cranes at U.S. ports,” said Coast Guard Cyber Commander Rear Adm. John Vann. “By design, these cranes may be controlled, serviced and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation.”
The Maritime Security Directive will give crane owners and operators a set of new cybersecurity steps that they must follow.
“Our captains of the port will work directly with crane owners and operators to deliver the directive and verify compliance within a reasonable timeframe,” said Coast Guard Deputy Commandant for Operations, Vice Admiral Peter Gautier during a Wednesday press conference on the order.
The order is an effort to bring more crane manufacturing to the U.S.-based subsidiary of Mitsui E&S Co., U.S. PACECO Corp., and plans to revitalize crane manufacturing in the United States, according to officials. The order comes after the Biden-Harris Administration said it was investing more than $20 billion into U.S. port infrastructure over the next five years.
“PACECO has a deep history in the container shipping industry manufacturing the first dedicated ship-to-shore container cranes in 1958, and it continued U.S.-based craned manufacturing until the late 1980s,” Neuberger said. “PACECO intends to partner with other trusted manufacturing companies to bring port crane manufacturing capabilities back to the United States for the first time in 30 years.”
Along the MTS order, proposed rulemaking aims to set minimum cybersecurity requirements for MTS technology to meet. The new standards would be subject to a public comment period, upon which they would be formalized, including outlining the specifics for how failures to report attacks will be punished.
“After we receive public comment and input on the regulations, regulations will be finalized to include enforcement actions being defined,” Vann said.
Strengthening control systems and networks to industry-recognized standards would add an additional layer of protection against malicious cyber actors who try to gain daily unauthorized access to MTS technology. Officials noted that ports are a key critical infrastructure target for hackers.
“Our goal is focused that new investment is secure, and then the steps are being outlined here — minimum cybersecurity requirements, the Maritime Security Directive — being used to secure the existing infrastructure,” Neubuerger said. “These actions are part of the president’s strategy to secure our nation’s critical infrastructure online and build on steps the administration has taken via DHS to make good cybersecurity practices the norm across our nation’s pipelines, railways and airports.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Trump's DHS Secretary Pick Prioritizes Tech to Boost Security
South Dakota Governor Kristi Noem has prioritized advancements in cyber, quantum and biometrics to enhance state and national security.
7m read -
HUD’s New CIO Focuses on AI, Zero Trust
HUD's new CIO Sairah Ijaz is focusing on implementing artificial intelligence and zero trust to mature and secure the agency's IT framework.
4m read -
CMS Cyber Integration Center Leverages PenTesting to Protect Patient Data
Testing efforts help better identify vulnerabilities, coordinate incident response and mitigate risks.
15m listen -
DOD Cyber Crime Center Appoints New Executive Director
Lesley Bernys previously served as CIO at the Air Force Office of Special Investigations.
2m read