CBP Guidance on Cybersecurity

U.S. Customs and Border Protection (CBP) released Monday a new guidance document containing best practices for customs brokers on how to prepare for and respond to a cyber-attack.

The new resource makes recommendations on how to prevent, respond to, and recover from potential cyber-attacks on customs broker data systems, from proactively putting in place plans and preventative IT controls to resuming normal business operations upon system remediation.

“Preparing for a disaster means thinking about the worst things that could happen, or even things that are just disruptive, and having a plan in place to handle each of those scenarios,” said Office of Trade’s Executive Assistant Commissioner AnnMarie R. Highsmith during her opening remarks at the tabletop exercise. “The time for preparedness is now.”

The Cyber Incident Guidance for Customs Brokers, released by the U.S. Customs and Border Protection (CBP), provides best practices to prevent and protect against cyber incidents, communicate with stakeholders during a cyber event, respond to cyber incidents, and recover from them.

Prevent & Protect: Cybersecurity Planning and Risk Management

1. Maintain written cybersecurity policies based on industry frameworks like the NIST Cybersecurity Framework and review them frequently.
2. Utilize, update, and validate IT controls, including firewalls, anti-virus, anti-spyware software, and vulnerability scans.
3. Maintain up-to-date Interconnection Security Agreements (ISA) and submit them to CBP at least every three years.
4. Protect data by backing it up, storing sensitive data in encrypted format, and keeping backups offsite or in the cloud.
5. Develop a communication plan for stakeholders during cybersecurity incidents, including whom to notify, when, and what information to share.
6. Manage risk by accounting for supply chain risks in business continuity plans, screening new business partners, and verifying client's Partner Government Agency (PGA) requirements.

Communicate: Initial Notification and Ongoing Stakeholder Coordination

1. Notify CBP's Office of Information Technology Security Operations Center (SOC) immediately.
2. Communicate with CBP client representatives and relevant PGAs.
3. Reach out to importer clients and coordinate messaging with CBP HQ.
4. Hold frequent calls with CBP HQ and PGA contacts for status updates.

Respond: Maintain Movement of Lawful Cargo While Managing Risk

1. CBP may work with brokers to implement downtime procedures to facilitate lawful trade and cargo release.
2. CBP may make accommodations for post-release procedures where appropriate and legally permissible.

Recover: Reconnect System and Work to Resume Business

1. Brokers must provide evidence of system remediation before CBP authorizes reconnection to ACE.
2. Brokers must keep a full accounting of entries during cyber incidents and input the data into ACE for CBP processing.

The guidance emphasizes the importance of having cybersecurity plans, risk management strategies, and communication channels in place to prevent, respond to, and recover from cyber incidents affecting customs brokers.