The White house announced initiatives to improve the cyber security of the US Port infrastructire, with enhanced authorities for the Coast Guard to inspect vessels and write minimum cybersecurity rules.
Additionally, the administration will invest over $20 billion to subsidize the manufacture of cranes in the US and Korea, to reduce a dependance on Chinese supply. There are no plans to replace the over 200 Chinese cranes already in place.
Today’s actions include:
President Biden will sign an Executive Order to bolster the Department of Homeland Security’s authority to directly address maritime cyber threats, including through cybersecurity standards to ensure that American ports’ networks and systems are secure.
Now, the U.S. Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s MTS by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbor.
The Executive Order will also institute mandatory reporting of cyber incidents – or active cyber threats – endangering any vessel, harbor, port, or waterfront facility.
Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure, and be able to inspect those vessels and facilities that pose a threat to our cybersecurity.
The U.S. Coast Guard will issue a Maritime Security Directive on cyber risk management actions for ship-to-shore cranes manufactured by the People’s Republic of China located at U.S. Commercial Strategic Seaports.
Owners and operators of these cranes must acknowledge the directive and take a series of actions on these cranes and associated Information Technology (IT) and Operational Technology (OT) systems.
This action is a vital step to securing our maritime infrastructure’s digital ecosystem and addresses several vulnerabilities that have been identified in the updated
U.S. Maritime Advisory, 2024-002 – Worldwide Foreign Adversarial Technological, Physical, and Cyber Influence, that was released today.
The U.S. Coast Guard has issued a Notice of Proposed Rulemakingon Cybersecurity in the Marine Transportation System. The Proposed Rule will strengthen these digital systems by establishing minimum cybersecurity requirements that meet international and industry-recognized standards to best manage cyber threats. T
The Administration continues to deliver for the American people by rebuilding the U.S.’s industrial capacity to produce port cranes with trusted partners. The Administration will invest over $20 billion, including through grants, into U.S. port infrastructure over the next 5 years through the President’s Investing in America Agenda, including the Bipartisan Infrastructure Law and the Inflation Reduction Act.
As a result, PACECO Corp., a U.S.-based subsidiary of Mitsui E&S Co., Ltd (Japan), is planning to onshore U.S. manufacturing capacity for its crane production. PACECO intends to partner with other trusted manufacturing companies to bring port crane manufacturing capabilities back to the U.S. for the first time in 30 years, pending final site and partner selection.
Rear Admiral Jay Vann, Commander of the United States Coast Guard Cyber Command appluded the initiative:
"The MTS enables critical national security sealift capabilities that enable the U.S. Armed Forces to project and maintain power around the globe. Any disruption to the MTS, whether man-made or natural, physical or in cyberspace, has the potential to cause cascading impacts to our domestic or global supply chains.
"The People’s Republic of China-manufactured ship-to-shore cranes make up the largest share of the global market and account for nearly 80 percent of cranes at U.S. ports. By design, these cranes may be controlled, serviced, and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation.
The Coast Guard is issuing a Maritime Security, or MARSEC, Directive based on the prevalence of PRC-manufactured cranes in the U.S. and threat intelligence related to PRC’s interests in disrupting U.S. critical infrastructure.
The MARSEC Directive will impose a number of cybersecurity requirements on the owners and operators of PRC-manufactured cranes. The specific requirements are deemed sensitive security information and cannot be shared publicly. Our captains of the port around the country will be working directly with crane owners and operators to deliver the directive and verify compliance.
So what is in the executive order is an enhancement — an addendum, if you will — to the Magnuson Act, which surrounds the captain of the port’s authority to prevent and respond to cyber incidents.
Finally, also as was mentioned, we’re announcing a notice of proposed rulemaking that will establish baseline cybersecurity requirements to protect the entire MTS from cyber threats. Those draft requirements are primarily based on the Cybersecurity and Infrastructure Security Agency’s cross-sector Cybersecurity Performance Goals, which the maritime industry should already be familiar with.
The proposed regulations would require a number of cybersecurity measures to be implemented by all regulated entities.
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies clarified the objectives for the manufacturing subsidies.
"At this point, we’re not exploring rip and replace for ports. What we are focused on is ensuring that all the investment in port infrastructure that I mentioned at the outset, that’s part of the Bipartisan Infrastructure Law, can go to buying trusted cranes and to bringing back manufacturing to the United States, given how important cranes are to port operations."
Comments
No comments on this item Please log in to comment by clicking here