President Biden will sign an executive order to keep hackers out of ports, cargo ships
President Biden will sign an executive order Wednesday aimed at toughening cybersecurity at U.S. shipping ports and elsewhere in the maritime sector.
Why it matters: Chinese government-linked hackers have already shown interest in targeting U.S. critical infrastructure, including ports, as it prepares for a potential invasion of Taiwan.
- A cyberattack on the maritime sector — including cargo ships and ports — could prompt major disruptions in the global supply chain.
Details: Biden's executive order will give the U.S. Coast Guard new powers to issue basic cybersecurity requirements for transportation vessels and ports, a group of U.S. officials told reporters during a briefing.
- Port and ship operators will soon be required to report cyber incidents to the Coast Guard under the executive order.
- The order will also give the Coast Guard the ability to move any vessels that present a "known or suspected cyber threat," Rear Adm. John Vann, commander of the Coast Guard Cyber Command, told reporters.
What they're saying: "This interconnected system within our transportation critical infrastructure is vital to national security and economic prosperity," Vann said.
- "America's system of ports and waterways accounts for over $5.4 trillion of our nation's annual economic activity, and our ports serve as a gateway for over 90% of all overseas trade," he added.
Meanwhile, the Coast Guard also plans to issue a maritime security directive establishing new cyber requirements specifically for China-owned and manufactured cranes based in the United States.
- Vann declined to share what the specific requirements will be, noting that they are considered "sensitive security information."
- However, Vann did say that Chinese manufactured ship-to-shore cranes make up nearly 80% of all cranes found at U.S. ports.
- "By design, these cranes may be controlled, serviced and programmed from remote locations," he said.
The big picture: The maritime sector is a target for both nation-state hackers and cybercriminals, Anne Neuberger, deputy national security adviser for cyber at the White House, told reporters.
- A ransomware attack last year targeting Japan's largest port canceled all shipments for a day.
- Like other critical infrastructure sectors, maritime organizations have struggled to modernize vulnerable legacy IT systems.
Between the lines: Many of Wednesday's announcements won't go into effect until after the Coast Guard receives public comments on how it will define and enforce new procedures.
Yes, but: Some of the Biden administration's most recent attempts to issue new cybersecurity requirements for critical infrastructure have hit political pushback.
- Last year, the Environmental Protection Agency had to roll back new requirements to audit the cybersecurity practices at water systems following a GOP-led lawsuit.