President Biden signed a new executive order (EO) today that looks to strengthen the cybersecurity of our nation’s ports, as well as bolster maritime cybersecurity and supply chains more generally.
The EO will expand the authority of the Department of Homeland Security (DHS) – which houses the U.S. Coast Guard – to directly respond to maritime cybersecurity threats.
“That includes through establishing new cybersecurity minimum standards to lock the digital doors of American ports, networks, and systems,” said Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, today during a press conference on the EO.
“Now, the U.S. Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s marine transportation system by requiring vessels and waterfront facilities to address cyber risks that could endanger the safety of vessels, facilities, or harbors,” Neuberger explained.
Additionally, the Coast Guard will now have the authority to inspect and control the movement of vessels that pose a known or suspected cyber threat to U.S. maritime infrastructure.
The executive order also mandates the reporting of cyber incidents or active cyber threats endangering any vessel, harbor, port, or waterfront facility. According to the text of the EO, these incidents will need to be reported immediately to authorities, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
In concert with the EO, the Coast Guard has also issued a notice of proposed rulemaking on cybersecurity, which aims to establish minimum cybersecurity requirements to best manage maritime cyber threats.
The Coast Guard also plans to announce a new maritime security director on cyber risk management actions.
As part of today’s announcements, the Biden administration said it will dedicate $20 billion to strengthen U.S. port infrastructure, including cranes, over the next five years through the Investing in America Agenda.
“The actions announced today are critical to improving the safety and security of our Maritime Transportation System,” National Cyber Director Harry Coker said at today’s press conference. “The cybersecurity challenges that we face as a nation are real, and the cyber threats to the port facilities and our maritime transportation network are substantial and growing.”
Coker noted that these announcements look to address the “unacceptable” cyber risks posed by the People’s Republic of China (PRC) to U.S. critical infrastructure.
Earlier this month, Federal agencies issued an urgent call for mitigations after alerting that a PRC state-sponsored cyber actor known as Volt Typhoon has been infiltrating U.S. critical infrastructure provider networks for years in preparation for future cyberattacks.
“We often talk about critical infrastructure – the systems that are vital to our way of life. Today, we are reaffirming that protection of our nation’s ports from physical and cyber risk is a matter of national security,” Coker said. “And the Coast Guard will now have the authorities it needs to protect the maritime entryways to our great nation.”
