Biden issues new mandates to protect ports from hackers
Add Axios as your preferred source to
see more of our stories on Google.
The Hapag-Lloyd Antwerpen Express container ship being in Jersey City, New Jersey. Photo: Gary Hershorn via Getty Images.
President Biden will sign an executive order Wednesday aimed at toughening cybersecurity at U.S. shipping ports and elsewhere in the maritime sector.
Why it matters: Chinese government-linked hackers have already shown interest in targeting U.S. critical infrastructure, including ports, as it prepares for a potential invasion of Taiwan.
- A cyberattack on the maritime sector — including cargo ships and ports — could prompt major disruptions in the global supply chain.
Details: Biden's executive order will give the U.S. Coast Guard new powers to issue basic cybersecurity requirements for transportation vessels and ports, a group of U.S. officials told reporters during a briefing.
- Port and ship operators will soon be required to report cyber incidents to the Coast Guard under the executive order.
- The order will also give the Coast Guard the ability to move any vessels that present a "known or suspected cyber threat," Rear Adm. John Vann, commander of the Coast Guard Cyber Command, told reporters.
What they're saying: "This interconnected system within our transportation critical infrastructure is vital to national security and economic prosperity," Vann said.
- "America's system of ports and waterways accounts for over $5.4 trillion of our nation's annual economic activity, and our ports serve as a gateway for over 90% of all overseas trade," he added.
Meanwhile, the Coast Guard also plans to issue a maritime security directive establishing new cyber requirements specifically for China-owned and manufactured cranes based in the United States.
- Vann declined to share what the specific requirements will be, noting that they are considered "sensitive security information."
- However, Vann did say that Chinese manufactured ship-to-shore cranes make up nearly 80% of all cranes found at U.S. ports.
- "By design, these cranes may be controlled, serviced and programmed from remote locations," he said.
The big picture: The maritime sector is a target for both nation-state hackers and cybercriminals, Anne Neuberger, deputy national security adviser for cyber at the White House, told reporters.
- A ransomware attack last year targeting Japan's largest port canceled all shipments for a day.
- Like other critical infrastructure sectors, maritime organizations have struggled to modernize vulnerable legacy IT systems.
Between the lines: Many of Wednesday's announcements won't go into effect until after the Coast Guard receives public comments on how it will define and enforce new procedures.
Yes, but: Some of the Biden administration's most recent attempts to issue new cybersecurity requirements for critical infrastructure have hit political pushback.
- Last year, the Environmental Protection Agency had to roll back new requirements to audit the cybersecurity practices at water systems following a GOP-led lawsuit.
