US President Joe Biden will be issuing an Executive Order (EO) to strengthen US maritime cybersecurity amid increased reliance on digital technology in the shipping sector.
The Order is part of the White House’s ambition to bolster the nation’s supply chains and critical infrastructure, as set out in the Administration’s National Cybersecurity Strategy published in March 2023.
The new EO will give new powers to the Department of Homeland Security to directly address maritime cyber threats. This includes the development of new cybersecurity standards for the security of US ports’ networks and systems.
The order provides for the following actions:
- The US Coast Guard will have the “express authority” to require vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility or harbor.
- The Coast Guard will have the authority to control the movement of vessels that present a known or suspected cyber threat to US maritime infrastructure.
- It will be mandatory to report any cyber incidents or active cyber threats endangering any vessel, harbor, port or waterfront facility.
- A Maritime Security Directive will be issued by the Coast Guard to provide cyber risk management actions for the operators of any ship-to-shore cranes manufactured by Chinese companies. The crane owners and operators must take a series of actions to secure associated IT and OT systems, including addressing several vulnerabilities identified in the updated US Maritime Advisory, 2024-00X.
- The US Coast Guard has also issued a proposed rule to strengthen the security of Marine Transportation System (MTS) control systems.
As part of the EO, the Biden Administration will also invest $20bn in modernizing US port infrastructure over the next five years.
Growing Cyber Threats to Maritime Sector
The White House’s statement emphasized that MTS owners and operators are reliant on digital systems for critical operations, including ship navigation, the movement of cargo, engineering and security monitoring.
“These systems have revolutionized the maritime shipping industry and American supply chains by enhancing the speed and efficiency of moving goods to market, but the increasing digital interconnectedness of our economy and supply chains have also introduced vulnerabilities that, if exploited, could have cascading impacts on America’s ports, the economy, and everyday hard-working Americans,” commented the White House.
The dangers posed by the interconnected nature of the maritime sector was highlighted by the ransomware attack on a Norwegian software supplier in January 2023. The attack on the firm’s ShipManager software impacted around 1000 shipping vessels.
The shipping sector is also particularly vulnerable to cyber-attacks due to the variety of technologies and types of vessels in the commercial fleet, and siloed approaches.
The size and importance of the industry also makes it a major target for cybercriminals and nation-state groups. The White House noted that the nation’s MTS supporting $54 trillion worth of economic activity each year and 95% of cargo entering the US.
Commenting on the story, Raymond Waid, Shareholder and maritime lawyer at Liskow, said that the White House's "aggressive action" is a sign that the government has identified a credible threat to the maritime sector, and recognize the potential for severe economic consequences from any disruption to the shipping supply chain.
"This government focus on shipping vulnerabilities is likely driven by a series of recent events, such as the systemic port congestion in 2021 (referred to as "Containergeddon" by those in the industry), the blockage of the Suez Canal, the Panama Canal drought, and the current situation with attacks in the Red Sea. The odds are high that maritime issues will continue to have renewed prominence in national news and policy,” noted Waid.
Image credit: mariakray / Shutterstock.com