The White House announced on Wednesday that the Biden-Harris administration is issuing an executive order to boost the cybersecurity of US ports, highlighting the risks posed by the use of cranes made by China.
Ports, vessels, shipping companies, and other entities in the maritime sector are regularly impacted by cyber incidents, as shown by the maritime cyberattack database launched last year by a Dutch University. Studies have shown that many incidents involve operational technology (OT) systems.
Experts have warned that vulnerabilities in the IT and OT systems used in the maritime industry can pose a significant threat to supply chains and the global economy.
The new executive order aims to bolster the DHS’s authority to directly address maritime cyber threats.
The Coast Guard will have the authority to require waterfront facilities and vessels to address vulnerabilities and other issues that could pose a safety threat.
The Coast Guard has proposed new rules that would require marine transportation systems, including control systems and networks, to meet minimum cybersecurity standards.
In addition, the Coast Guard will be able to control the movement of ships that could pose a cyber threat to maritime infrastructure. The military arm will also have the ability to inspect facilities and ships that could pose a cybersecurity threat.
The executive order will also introduce the mandatory reporting of cyber incidents impacting the maritime industry.
As for Chinese ship-to-shore cranes, the Coast Guard will issue a Maritime Security Directive focusing on cyber risk management. Owners and operators will be required to take action to secure cranes, as well as associated IT and OT systems.
An updated maritime advisory published on Wednesday by the Department of Transportation highlights the vulnerabilities introduced to maritime infrastructure IT and OT systems by the use of China-made equipment and software. The advisory summarizes specific cybersecurity best practices that should be followed by industry stakeholders.
Related: Operations at Major Australian Ports Significantly Disrupted by Cyberattack
Related: Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager