President Joe Biden has signed an executive order and created a federal rule to enhance cybersecurity at US ports, in response to the growing threat of cyberattacks on critical infrastructure. The administration is implementing a set of cybersecurity regulations for port operators across the country to prevent cyberattacks and protect the ports, which employ approximately 31 million people and contribute $5.4 trillion to the economy. The standardized requirements aim to modernize the protection of critical infrastructure and ensure the resilience and security of US ports [283dbfc3].
The new regulations will be subject to a public comment period and will be enforced with penalties for non-compliance. The Coast Guard will have the authority to respond to cyberattacks on ports, further strengthening the nation's maritime cybersecurity. This move comes as incidents in Australia and the temporary halt of operations at the nation's largest fuel pipeline due to a ransomware attack highlight the significant threat of cyberattacks on ports [283dbfc3] [3a94307f].
The Biden administration's initiatives to strengthen supply chain security and port cybersecurity demonstrate its commitment to addressing vulnerabilities and reducing dependence on foreign suppliers in critical sectors. By coordinating efforts across government agencies and engaging with industry stakeholders and international partners, the administration aims to enhance collaboration and information sharing to ensure the resilience and security of critical supply chains and port infrastructure [8f90aeed] [aa44c58c] [89a906c9] [19d67197] [283dbfc3] [3a94307f].
The new regulations aim to address vulnerabilities in port operations, including the remote control of cranes, which are often sourced from China. The US has also disrupted a state-backed Chinese effort to plant malware for potential damage to civilian infrastructure [3a94307f].
In a recent development, Capt. Michael Cribbs, deputy commander of CGCYBER, discussed the three lines of effort of the Coast Guard Cyber Command (CGCYBER) during the Potomac Officers Club's 2024 Cyber Summit. The first line of effort focuses on safeguarding the Coast Guard Enterprise Mission Platform, the organization's IT infrastructure. The second line of effort aims to protect the Marine Transportation System (MTS), which supports $5.4 trillion of the nation's economic activity. The third line of effort involves operating in and through cyberspace to counter cyber threats and illicit maritime activity. CGCYBER works alongside the U.S. Cyber Command to synchronize their cyber defense priorities. The Coast Guard has been given expanded authorities and has signed a maritime security directive to address cyber risk management actions. They are also developing cybersecurity regulations for facilities and vessels they regulate [40ec6fa0].
Shanghai Zhenhua Heavy Industries (ZPMC), a Chinese state-owned maker of heavy industrial equipment, including cranes used in U.S. ports, has denied that its cranes pose cybersecurity risks to the U.S. In a filing, ZPMC stated that their cranes are designed and manufactured in accordance with international standards and do not pose a network security risk. This comes after a congressional investigation found suspicious communications equipment on China-built port cranes. Chinese-made cranes account for 80% of all cranes used in U.S. ports. The Biden administration plans to invest $20 billion to boost domestic production of ship-to-shore cranes and the U.S. Coast Guard will increase inspections and intervene if malicious cyber activity is suspected. American officials are concerned that Chinese-made cranes could allow Beijing to surveil trade flows and potentially hijack the cranes remotely. ZPMC, which commands 70% of the global market share for cargo cranes, has received direct state support and preferential government policies, giving it an advantage over foreign firms. China is also pushing for highly automated intelligent ports globally. The U.S. will need to address port security risks beyond cargo cranes [040683a4] [56de807a].
The Biden administration and U.S. ports are preparing for cyberattacks as the nation's infrastructure is increasingly targeted. Google's cybersecurity firm Mandiant released a report linking Russian hackers to an attack on a water filtration plant in Texas. The largest ports in the U.S. are also at risk, and cybersecurity officers and port executives held a call to discuss security issues, including Chinese-made cranes that have received government scrutiny. The Port of Los Angeles stopped 750 million hacking attempts in 2023. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, urged ports to encrypt their data, patch vulnerabilities, and have a well-trained cyber team. The executive order signed by President Biden in February aims to strengthen the cybersecurity of U.S. ports. The security of Chinese-manufactured cranes is a key concern, as over 80% of all cranes in U.S. ports are made in China. Foreign hackers, including those from China and Iran, are increasingly targeting U.S. infrastructure. The American Association of Port Authorities has said there is no evidence to support claims about Chinese-manufactured crane cyber vulnerabilities. The Coast Guard is evaluating the cranes, and public comments on the executive order's rulemaking will end on April 22. It is important to identify critical safety and business systems at ports and have a continuous diagnosis of operations and networks. The Port of Los Angeles has a Cyber Security Operations Center and achieved ISO 27001 information security management certification in 2015. The port's activity is picking up, with a 19% improvement in container volumes in the first quarter of 2023. [c9ea69c6] [78f53b88].
The US Coast Guard has renewed Greece’s participation in the QUALSHIP 21 initiative for 2024-2025, acknowledging Greece as a Quality Flag State. The decision is based on the excellent performance of Greek-flagged vessels under US Coast Guard Port State Control over the past three years [7cb200b7].