Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes

A new Biden executive order to boost the cybersecurity of US ports highlights the risks associated with the use of Chinese cranes.

Maritime cybersecurity

The White House announced on Wednesday that the Biden-Harris administration is issuing an executive order to boost the cybersecurity of US ports, highlighting the risks posed by the use of cranes made by China.

Ports, vessels, shipping companies, and other entities in the maritime sector are regularly impacted by cyber incidents, as shown by the maritime cyberattack database launched last year by a Dutch University. Studies have shown that many incidents involve operational technology (OT) systems

Experts have warned that vulnerabilities in the IT and OT systems used in the maritime industry can pose a significant threat to supply chains and the global economy. 

The new executive order aims to bolster the DHS’s authority to directly address maritime cyber threats.

The Coast Guard will have the authority to require waterfront facilities and vessels to address vulnerabilities and other issues that could pose a safety threat. 

The Coast Guard has proposed new rules that would require marine transportation systems, including control systems and networks, to meet minimum cybersecurity standards.

In addition, the Coast Guard will be able to control the movement of ships that could pose a cyber threat to maritime infrastructure. The military arm will also have the ability to inspect facilities and ships that could pose a cybersecurity threat.

The executive order will also introduce the mandatory reporting of cyber incidents impacting the maritime industry. 

Advertisement. Scroll to continue reading.

As for Chinese ship-to-shore cranes, the Coast Guard will issue a Maritime Security Directive focusing on cyber risk management. Owners and operators will be required to take action to secure cranes, as well as associated IT and OT systems.

An updated maritime advisory published on Wednesday by the Department of Transportation highlights the vulnerabilities introduced to maritime infrastructure IT and OT systems by the use of China-made equipment and software. The advisory summarizes specific cybersecurity best practices that should be followed by industry stakeholders.  

Related: Operations at Major Australian Ports Significantly Disrupted by Cyberattack

Related: Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager

Related: Maritime Cybersecurity: Securing Assets at Sea

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Cyberwarfare

US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Funding/M&A

Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.

Cloud Security

Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government.

Government

NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

Government

CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...