Biden signs executive order to give Coast Guard added authority over maritime cyber threats
President Joe Biden issued an executive order Wednesday morning aimed at increasing the defenses of maritime ports through additional authorities to the Coast Guard and started a rulemaking process to add cyber requirements for the sector.
The executive order will give the Coast Guard the authority to respond to cybersecurity incidents while requiring the maritime sector to beef up digital defenses and to report cyber incidents to the Coast Guard. The administration will also invest over $20 billion in port infrastructure over five years.
“The continuity of their operations has a clear and direct impact on the success of our country, our economy and our national security. And that’s why the Biden administration is taking a series of actions to strengthen the cybersecurity of our nation’s ports to not just shore up our cyber defenses, but fortify our supply chains and deliver for the American people,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, said during a media briefing Tuesday.
The order follows a series of warnings from U.S. national security officials over a China-linked hacking group called Volt Typhoon that has successfully targeted critical infrastructure sectors around the U.S. like the maritime sector. China has an outsized influence in U.S. ports, with companies that own almost 80% of ship-to-shore cranes — the giant cranes that load and unload shipping containers at docks.
“America’s system of ports and waterways accounts for over $5.4 trillion of our nation’s annual economic activity, and our ports serve as a gateway for over 90% of all overseas trade,” Rear Adm. Jay Vann, commander of the U.S. Coast Guard Cyber Command, said during the briefing. “Any disruption to the [maritime transportation system], whether manmade or natural, physical or in cyberspace has the potential to cause cascading impacts to our domestic or global supply chains.”
The executive order amends federal legislation to give the Coast Guard the authority to control the movement of vessels that present a cyber threat, requiring maritime facilities to shore up their defenses if they fall below a baseline standard, and inspect vessels and waterfront facilities.
The Coast Guard is also issuing a nonpublic maritime security directive that requires cranes manufactured by China to face “a number of security requirements,” Vann said. Cranes that are able to be operated remotely could potentially leave them vulnerable to hackers, Vann said. However, Neuberger noted that “rip and replace” requirements are currently not being considered by the administration.
The notice of proposed rulemaking, meanwhile, is over mandatory cybersecurity regulations and is based on the Cybersecurity and Infrastructure Security Agency’s cross-sector cybersecurity performance goals, Vann said.
However, these actions began before the recent Volt Typhoon campaign. Neuberger said that the executive order and proposed rulemaking has been in the works for almost 18 months.
Additionally, Neuberger said that criminal ransomware gangs are another reason for the executive order.
Maritime concerns are not new but only recently began to be brought to the forefront. The 2023 National Defense Authorization Act required the Department of Homeland Security to study port crane cybersecurity concerns specifically. The Pentagon, meanwhile, saw ship-to-shore cranes as a possible spying tool for Beijing.
One of last major updates to cybersecurity for maritime came during the Trump administration, with the issuing of an updated national maritime security strategy.
Correction: An earlier version of this story misstated when Biden will sign the executive order.