Critical Infrastructure Security , Government , Industry Specific
Biden to Sign Executive Order Raising Maritime Cybersecurity
US Coast Guard Will Publish Proposed Rule Establishing Cybersecurity MinimumsU.S. President Joe Biden is set Wednesday to sign an executive order aimed at bolstering cybersecurity in maritime ports, including a directive for the Coast Guard to develop minimum cybersecurity standards for the marine transportation system.
See Also: Use Cases: Censys for Federal Agencies
The order will strengthen the Coast Guard's ability to respond to cyberattacks and require vessel operators to report incidents, said Anne Neuberger, deputy national security adviser for cyber and emerging technology.
Neuberger told reporters during a Tuesday evening phone call that the Coast Guard will publish a notice of proposed rule-making that establishes minimum cybersecurity standards for the maritime industry. The administration also pledged over $20 billion for U.S. port infrastructure over the next five years.
The Coast Guard in 2022 began requiring port operators to conduct cybersecurity risk assessments and incorporate cybersecurity measures into facility security plans, but critics say the enormity of cyber risk in maritime operations remains unaddressed.
Approximately one-quarter of annual U.S. gross domestic product flows through maritime ports annually, and 90% of U.S. imports and exports enter or leave the country through a maritime port. Maritime infrastructure hasn't escaped the deluge of ransomware attacks washing over American critical infrastructure.
A ransomware attack by now apparently defunct ransomware group LockBit in 2022 paralyzed Seattle-based logistics and freight-forwarding giant Expeditors International for three weeks while operations were halted as it recovered from the attack. The company reported losing $47 million to cargo overstay fines assessed by ports and spending $18 million in incident-related costs. Federal officials disclosed in 2021 that the Port of Houston had thwarted an attempted attack apparently launched by a nation-state attacker. The port annually moves more than 247 million tons of cargo.
The executive order will amend federal regulations to provide U.S. Coast Guard port captains with the authority to control vessels that present known or suspected cyberthreats, and it requires facilities to correct unsatisfactory cyber conditions that could pose threats to port safety and security, federal officials told reporters.
The commandant of the Coast Guard will be tasked under the executive order with developing measures "to prevent, detect, assess and remediate an actual or threatened cyber incident," said Rear Adm. John Vann, commander of the Coast Guard Cyber Command.
Department of Homeland Security officials said that at least 200 cranes across U.S. ports were developed in China, and there are currently no plans to rip and replace them with American-made dockside equipment.