The Biden-Harris Administration and the Department of Homeland Security (DHS) have taken several actions to protect American maritime critical infrastructure, bolster port cybersecurity, and improve supply chain resilience.
Executive Order on Port Security
“Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States,” issued by President Biden on February 21, 2024, bolsters the Department of Homeland Security’s authority to directly address maritime cyber threats, including through cybersecurity standards, to ensure that American ports’ networks and systems are secure. The EO also institutes mandatory reporting of cyber incidents, and authorizes the Coast Guard to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure, and inspect vessels and facilities that pose a threat to cybersecurity.
Notice of Proposed Rulemaking on Cybersecurity in Maritime Transportation System
The U.S. Coast Guard (USCG) has issued a Notice of Proposed Rulemaking on Cybersecurity in the Marine Transportation System, intended to strengthen digital systems by establishing minimum cybersecurity requirements that meet international and industry-recognized standards. The proposed regulations would require a number of cybersecurity measures including account security, device security, network segmentation, data security, training, incident response planning, and drills and exercises. Regulated entities would also be required to identify a Cybersecurity Officer responsible for overseeing implementation of the new requirements.
Noted in the DHS announcement, “Consistent with the Administration’s goal of regulatory harmonization, DHS has leveraged common frameworks from the National Institute of Standards and Technology (NIST) and CISA to inform both voluntary cybersecurity practices and relevant regulatory requirements. Key USCG and TSA baseline cybersecurity elements are aligned to the NIST Cybersecurity Framework and CISA’s Cross-Sector Cybersecurity Performance Goals.”
Comments on the Proposed Rule can be submitted until April 22, 2024. See the Federal Register notice for submission information.
“Marine Transportation System owners and operators rely on digital systems to enable their operations, to include ship navigation, the movement of cargo, engineering, safety, and security monitoring,” according to the White House release. “These systems have revolutionized the maritime shipping industry and American supply chains by enhancing the speed and efficiency of moving goods to market, but the increasing digital interconnectedness of our economy and supply chains have also introduced vulnerabilities that, if exploited, could have cascading impacts on America’s ports, the economy, and everyday hard-working Americans.”
Learn more in the DHS fact sheet and White House fact sheet.
