President Biden on Wednesday signed an Executive Order aiming to strengthen cybersecurity at U.S. ports amid growing threats to America's vital maritime supply chains.
The directive bolsters the Department of Homeland Security’s authority to address maritime cyber threats, including through the creation of new standards to ensure the security of networks and systems throughout the nation’s marine transportation system (MTS), which supports $5.4 trillion in economic activity each year.
"Most critical infrastructure owners and operators have a list of safety regulations they have to comply with, and we want to ensure that there are similar requirements for cyber, when a cyberattack can cause just as much, if not more, damage than a storm or another physical threat," said
Anne Neuberger, White House deputy national security adviser.
The order gives the U.S. Coast Guard express authority to respond to malicious cyber activity in the nation’s MTS and institutes mandatory reporting of cyber incidents or threats endangering any vessel, harbor, port or waterfront facility. The Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure, and be able to inspect those vessels and facilities that pose a threat to our cybersecurity.
Cybersecurity is a growing concern for maritime stakeholders, with rapid digital transformation leading to more cyber incidents in shipping. These range from criminal acts, like the placement of ransomware and malware, to foreign entities using digital assets for espionage.
"Every day malicious cyber actors attempt to gain unauthorized access to MTS control systems and networks throughout the nation," the White House said.
The White House effort narrows in on concerns over cyber risks presented by foreign-built port equipment, especially Chinese-built ship-to-shore (STS) cranes, which are seen as particularly vulnerable. The U.S. Maritime Administration (MARAD) on Wednesday issued an advisory alerting maritime stakeholders of these vulnerabilities.
Rear Admiral Jay Vann, Commander of the Coast Guard's Cyber Command, said there are more than 200 Chinese-manufactured cranes across U.S. ports and regulated facilities, including nearly 80% of the nation's STS. "By design, these cranes may be controlled, serviced and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation," he said.
A new Maritime Security Directive from the Coast Guard will require owners and operators of Chinese manufactured STS cranes to take a series of actions on these cranes and associated information technology (IT) and operational technology (OT) systems.
"The specific requirements are deemed sensitive security information and cannot be shared publicly," Vann said. "Our captains of the port around the country will be working directly with crane owners and operators to deliver the directive and verify compliance."
Vann said enforcement actions are to be determined as part of the rulemaking process.
In addition to the Executive Order, the Biden Administration said it will support efforts restore crane manufacturing capabilities in the United States. This is part of a planned investment of more than $20 billion in U.S. port infrastructure over the next five years through the President’s Investing in America Agenda, including the Bipartisan Infrastructure Law and the Inflation Reduction Act.
In line with these efforts, PACECO Corp., a U.S.-based subsidiary of Japan's Mitsui E&S Co., Ltd, is planning to onshore U.S. manufacturing capacity for its crane production. PACECO, which manufactured ship-to-shore container cranes in the U.S. until the late 1980s, intends to partner with other manufacturers to bring port crane manufacturing capabilities back to the U.S.