Critical Infrastructure Security
,
Government
,
Industry Specific
US Coast Guard Will Publish Proposed Rule Establishing Cybersecurity Minimums
U.S. President Joe Biden is set Wednesday to sign an executive order aimed at bolstering cybersecurity in maritime ports, including a directive for the Coast Guard to develop minimum cybersecurity standards for the marine transportation system.
See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government
The order will strengthen the Coast Guard’s ability to respond to cyberattacks and require vessel operators to report incidents, said Anne Neuberger, deputy national security advisor for cyber and emerging technology.
Neuberger also told reporters during a Tuesday evening phone call that the Coast Guard will publish a notice of proposed rulemaking establishing minimum cybersecurity standards for the maritime industry. The administration additionally pledged over $20 billion for U.S. port infrastructure over the next five years.
The Coast Guard in 2022 began requiring port operators to conduct cybersecurity risk assessments and incorporate cybersecurity measures into facility security plans, but critics say the enormity of cyber risk in maritime operations remains unaddressed.
Approximately a quarter of annual U.S. gross domestic product flows through maritime ports annually while 90% of U.S. imports and exports enter or leave the country through a maritime port. Maritime infrastructure hasn’t escaped the deluge of ransomware attacks washing over American critical infrastructure.
A ransomware attack by now apparently defunct ransomware group LockBit in 2022 paralyzed Seattle-based logistics and freight-forwarding giant Expeditors International during a three-week operations halt while it recovered from the attack. The company reported losing $47 million to cargo overstay fines assessed by ports and spending $18 million in incident-related costs. Federal officials disclosed in 2021 that the Port of Houston thwarted an attempted attack apparently launched by a nation-state attacker. The port annually moves more than 247 million tons of cargo.
The executive order will amend federal regulations to provide U.S. Coast Guard port captains with the authority to control vessels that present known or suspected cyber threats, and requires facilities to correct unsatisfactory cyber conditions that could pose threats to port safety and security, federal officials told reporters.
The commandant of the Coast Guard will also be tasked under the executive order with developing measures “to prevent, detect, assess and remediate an actual or threatened cyber incident,” said Rear Adm. John Vann, commander of the Coast Guard Cyber Command.
Department of Homeland Security officials said that there are at least 200 cranes across U.S. ports that were developed in China, though there are currently no plans to “rip and replace” those with American-made dockside equipment.