The 2024 Presidential campaign touched the cybersecurity community today as President Biden announced plans to sign an executive order (EO) that gives the U.S. Coast Guard the authority to more effectively respond to cybersecurity incidents and require the maritime industry to report cyberattacks to the Coast Guard.
Cybersecurity has been a consistent priority for the Biden administration since its May 2021 EO and successive attempts to launch a National Cybersecurity Strategy in 2023.
The EO fact sheet released by the White House this morning had the air of a political document, as the administration said today’s actions are “clear examples of the President’s work to invest in America, secure the country’s supply chains, and strengthen the cybersecurity of our nation’s critical infrastructure against 21st century threats.”
Like many of the Biden administration cybersecurity initiatives, the document was long on lofty policy goals and short on specifics. For example, today’s release did not outline what the new cyber standards are and any specifics on the reporting time period. However, the federal government will hold a public comment period as part of the standard rulemaking process.
Ports are viewed as economically strategic as they employ more than 31 million people and contribute $5.4 trillion annually to the economy and could be left vulnerable to a ransomware or other type of cyberattack, said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, at a media briefing late Tuesday.
While no U.S. port has experienced a known cyberattack, a cybersecurity incident in Australia late last year forced one of the country’s largest maritime operators to suspend operations for three days.
Here in the United States, roughly 80% of the giant cranes used to haul cargo off ships onto U.S. docks come from China, and are controlled remotely, which leaves them vulnerable to attack, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. The Center for Strategic and International Studies has also published studies on the extent of China’s oversized influence in the global maritime supply chain.
Keep in mind that this push to strengthen the cybersecurity of the maritime industry comes on the heels of the FBI taking down the KV botnet tied to China-backed Volt Typhoon. A joint advisory issued by the Cybersecurity and Infrastructure Agency (CISA) and other global security agencies found that Volt Typhoon lurked in victim networks for up to five years seeking to take down critical infrastructure.
Morgan Wright, chief security advisor at SentinelOne, and an SC Media columnist, said there are two aspects to the Volt Typhoon connection.
First, is the element of reconnaissance and espionage, the main objective of Volt Typhoon, said Wright. This serves the needs of the Chinese military and government to identity weaknesses in our systems, especially power. Second is obtaining market dominance.
“In a sense, the presence of Chinese maritime assets such as cranes and rail cars provides an outpost almost everywhere in the world,” said Wright. “The fact that all Chinese companies must cooperate with the People’s Liberation Army and Ministry of State Security, well it doesn’t take a lot of imagination to conclude China is exploiting every possible piece of technology to its advantage.”
John Bambenek, president at Bambenek Consulting, said the order for the U.S. Coast Guard to issue a Maritime Security Directive likely is directly tied to observed actions by CISA in infiltrating critical infrastructure generally.
“CISA and the FBI have grown increasing vocal in the variety of ways Chinese affiliated hackers have been infiltrating systems,” said Bambenek. “The directive to build ship-to-shore cranes with trusted (American) manufacturers is all but an admission the international supply chain risk cannot be safely managed when it comes to critical infrastructure.”
John Gunn, chief executive officer at Token, added that while it’s smart to protect critical U.S. infrastructure from cyberattacks of all types, Gunn said it’s hard to imagine that China would ever do anything to impede the ability of U.S. ports to receive goods.
“It would jeopardize the inflow of half-trillion dollars worth of goods they export to the U.S. each year,” said Gunn. “The U.S. is China’s largest customer, and the Chinese state would never allow Chinese-based hackers to attack our ports, and it is extremely unlikely that North Korean, Russian, or Iranian hackers would want to incur the wrath of the Chinese cyberattacking complex.”
