(WASHINGTON) — On Feb. 21, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, announced that President Biden has issued an executive order to bolster the Department of Homeland Security’s authority to directly address maritime cyberthreats.
Neuberger observed that America’s marine transportation system supports $5.4 trillion of annual economic activity, contributes to the employment of more than 31 million Americans, and supports nearly 95 percent of the cargo entering the United States. She also said that “the security of that infrastructure, physically and digitally, is a national priority.”
The executive order authorizes the Coast Guard to establish minimum cybersecurity standards; require vessels, ports and facilities to address cyber-risks; institute mandatory reporting of cyberincidents; and control the movement of vessels that present cyberthreats.
In conjunction with the executive order, the Coast Guard is issuing a maritime security directive on cyber-risk management actions to operators of Chinese-built ship-to-shore cranes. Neuberger also announced that PACECO Corp., a U.S. subsidiary of the Japanese maritime engineering and construction company Mitsui E&S Group, is planning to onshore port crane manufacturing capability to take advantage of port infrastructure investments and grants created by the Bipartisan Infrastructure Law and Inflation Reduction Act.
Timed to the issuance of the executive order, the Coast Guard has published a notice of proposed rulemaking (NPRM) that would establish minimum cybersecurity requirements for U.S. vessels and facilities regulated under the Maritime Transportation Security Act. The NPRM would require vessel and facility operators to conduct a cybersecurity assessment and develop and implement a Coast Guard-approved cybersecurity plan, which may be combined with an existing vessel or facility security plan.
The cybersecurity plan would include personnel training, drills and exercises, account security measures, device security measures, data security measures, risk management, and supply chain management, among other items. The Coast Guard has also released Navigation and Vessel Inspection Circular 02-24, which expands reporting requirements for breaches of security and suspicious activity to include cyber incidents.
The NVIC states that an actual or threatened cyberincident involving or endangering any vessel, harbor, port, or waterfront facility must be reported immediately to the Federal Bureau of Investigation, the Cyber and Infrastructure Security Agency, and the cognizant Coast Guard captain of the port, per the executive order.
The American Waterways Operators will be reviewing the NPRM and NVIC and will convene interested members to inform its comments to the Coast Guard, which are due April 22. If you or a colleague would like to participate, or if you need more information, contact Liam Morcroft atlmorcroft@americanwaterways.com.
– American Waterways Operators
