President Joe Biden took action on Wednesday by signing an executive order and establishing a federal rule with the aim of enhancing the security of the nation’s ports against potential cyber threats.
The administration is introducing a set of cybersecurity regulations that must be adhered to by port operators nationwide. These regulations are comparable to standardized safety protocols intended to mitigate harm to individuals and infrastructure.
Anne Neuberger, the deputy national security adviser at the White House, emphasized the necessity for similar cybersecurity requirements, highlighting the potential for cyberattacks to cause as much or more damage than physical threats such as storms.
Across the country, ports employ approximately 31 million individuals and contribute $5.4 trillion to the economy. Neuberger cautioned that they could be susceptible to ransomware or other types of cyberattacks. The standardized regulations are crafted to mitigate this vulnerability.
Joe Biden (Credits: Bloomberg)
These new requirements form part of the federal government’s broader initiative to modernize the protection of critical infrastructure, including power grids, ports, and pipelines, as they increasingly rely on online management and control systems. Currently, there are no nationwide standards governing how operators should defend against potential online attacks.
The threat of cyber hostility continues to escalate, with activities ranging from espionage to the deployment of malware to disrupt a country’s infrastructure becoming commonplace in modern geopolitical rivalries.
For instance, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily cease operations following a ransomware attack. Colonial Pipeline, the company affected, paid $4.4 million to a Russia-based hacker group, although a significant portion of the money was later recovered by Justice Department officials.
Similarly, ports are also vulnerable to cyber incidents. In Australia last year, a cyber incident forced one of the country’s major port operators to suspend operations for three days.
In the United States, Admiral John Vann, commander of the U.S. Coast Guard’s cyber command, pointed out that roughly 80% of the large cranes used in U.S. ports are manufactured in China and are operated remotely. This leaves them susceptible to potential attacks.
Recently, U.S. officials disclosed the disruption of a state-backed Chinese effort to implant malware capable of damaging civilian infrastructure. Vann expressed concern over such potential attacks, emphasizing the need for new standards. Additionally, officials are wary of the possibility of criminal activity.
The new standards, which will undergo a public comment period, will be obligatory for all port operators. Non-compliance may lead to enforcement actions, though specific measures were not detailed. Among other provisions, port operators will be required to report cyberattacks to authorities. These actions grant the Coast Guard, responsible for regulating the nation’s ports, the authority to respond to cyber incidents.
