- The Biden-Harris administration is announcing a series of measures to strengthen cybersecurity at U.S. ports.
- President Biden is expected to sign the executive order on Wednesday.
- One key issue, government officials said, is that 80 percent of the land cranes that trade in U.S. ports are manufactured in China.
A container ship in the Port of Los Angeles on November 22, 2021 in Los Angeles, California.
Mike Blake | Reuters
The Biden administration on Wednesday announced a series of measures to strengthen cybersecurity at U.S. ports, a major entry point for trade that employs 31 million people and generates more than $5.4 trillion for the U.S. economy.
The executive order signed by President Biden will strengthen maritime cybersecurity by ensuring that all owned and operated critical port infrastructure complies with international and industry-recognized safety regulations. become. The measure would require maritime cyberattacks to be reported to Coast Guard Cyber Command, in addition to onshore infrastructure at ports. The Coast Guard, which helps manage vessel movements that may pose a threat to national security, submits reports targeting specific regulated facilities and vessels to the Cybersecurity and Infrastructure Security Agency (CISA) and other governments. We plan to share it with institutions.
A new Director of Coast Guard will also be announced.
“We are taking a department-wide approach to addressing cyber threats to critical infrastructure,” a senior administration official told CNBC in a briefing ahead of the official announcement.
Biden officials said the new Supply Chain Resilience Center, announced last November, is part of efforts to strengthen port security. In addition to new rules and regulations, $20 billion will be used to strengthen U.S. port infrastructure through the Investing in America Agenda.
“With more than $5.4 trillion in economic activity and more than 90% of foreign trade passing through our ports, cyberattacks can have a cascading effect on domestic and global supply chains. ” said a senior government official.
One area of focus for the new port security effort is devices known as remote ship-to-shore cranes, which allow cargo containers to be moved from ships. Government officials cited data estimating that 80% of cranes moving trade at U.S. ports are made in China and use Chinese software, and the cranes are not used to monitor China. This is causing concern. There are more than 200 of these cranes, which are equipped with advanced sensors that can track container information.
These cranes have become the focus of debate among national security experts and port officials in recent years.
In early 2023, U.S. defense officials worried that Chinese ship-to-shore crane maker Shanghai Zhenhua Heavy Industries could be used by the Chinese government as a potential spying tool, increasing pressure on the administration from Capitol Hill. He said he is doing so. China said at the time that the concerns were “driven by paranoia.”
Biden administration officials have said that in the long term, they want to invest in domesticizing port crane manufacturing.
In its 2022 “Make and Move in America: Cranes and U.S. Port Equipment Port Equipment Shoring Initiative” report, the American Association of Port Administrators found that the most dominant manufacturers of these cranes are China, Japan, Austria, It states that it is based in Finland and Germany. .
Government officials said China is one of the key threats covered by the executive order, citing the example of Japan’s Nagoya port, which was disrupted by a ransomware attack last July. Concern was also a major factor, he said.
Maritime port security has been a priority since 9/11, when U.S. Customs and Border Protection began developing counterterrorism programs to ensure the security of trade to the United States. The Container Security Initiative (CSI) was established to ensure that all containers that pose a potential terrorist threat are identified and inspected at port before being loaded onto ships bound for the United States. Ta.
The first port in the United States to establish a Cyber Security Operations Center (CSOC) was the Port of Los Angeles in 2014 with a dedicated cybersecurity team. The CSOC is currently monitoring the port’s own technology environment to prevent and detect cyber incidents. The port was also the first to receive ISO 27001 information security management certification in 2015.
The Department of Transportation’s Maritime Administration said in a 2023 report that U.S. ports are vulnerable to cyberattacks because multiple stakeholders are involved in port operations, including access to facilities, terminal headquarters, communications, etc. It warned that risks related to operational technology systems have been identified. It includes systems and cargo handling equipment that affect the movement of ships and the complex logistics systems of port facilities, technologies such as positioning, navigation and timing services, and the sharing of network connectivity and USB storage devices between ships and ports.
The House has introduced port crane security bills in the past, the most recent being the Port Crane Safety Inspection Act of 2023, proposed in May 2023. It would restrict the use of foreign cranes and require CISA to potentially inspect foreign cranes. Security vulnerabilities. House Homeland Security Committee Chairman Mark Greene (R-Tenn.) recently announced he would not run for reelection shortly after leading the impeachment process against Biden’s Homeland Security Secretary Alejandro Mayorkas, but last year In a statement he said: It is “very concerning” that about 80% of U.S. port cranes use Chinese software manufactured by Chinese companies.
AAPA, which lobbies on behalf of the nation’s major container ports, has said in the past that there is no evidence to support claims about cyber vulnerabilities in Chinese-made cranes, and characterized the comments as “sensational.”
Public comment on the notice of proposed rulemaking will begin on Wednesday and end on April 22nd.