The Biden-Harris administration has announced an executive order with the intent to improve the security of the nation’s ports. The executive order also aims to improve maritime cybersecurity and supply chain security.
The executive order is intended for the following actions:
- Granting the Department of Homeland Security increased authority to directly deal with maritime cyber threats.
- Ensuring cyber threat management plans by mandating a Maritime Security Directive for ship-to-shore cranes constructed by the People’s Republic of China.
- Strengthening MTS control systems by enforcing baseline cybersecurity requirements.
- Investing more than $20 billion into U.S. port infrastructure.
Security leaders weigh in
Dr. Brett Walkenhorst, CTO at Bastille:
“The Biden Administration’s recent Executive Order is a critical step forward in protecting U.S. ports from cyberattacks and securing America’s supply chains,” said Dr. Brett Walkenhorst, CTO at Bastille. “To ensure proper defense against malicious actors accessing port-side networks, attention must also be paid to common wireless vulnerabilities. Attacks leveraging Wi-Fi, Bluetooth, and IoT protocols may be used to access authorized infrastructure including IT and OT systems. Monitoring such wireless threats is an important element in a comprehensive approach to upgrading the defenses of our nation’s critical infrastructure.”
Itay Glick, OT expert and VP of Products at OPSWAT:
“The maritime industry stands as a cornerstone of global economies and trade, its significance pinned by its role in fueling international commerce. However, the sector faces vulnerabilities in its infrastructure for several reasons. One significant challenge is the convergence of IT and OT, alongside the increasing digitization of industrial control systems and satellite communications. These advancements, including the integration of Industrial Internet of Things (IIoT) for various sensors and systems such as bridge controls, safety mechanisms, propulsion, navigation, and port supply chain management, etc., expose maritime operations to cyber threats. Also, many critical networks and infrastructures in the maritime sector still rely on outdated technologies not designed for internet connectivity. Processes like updating systems via USB drives can inadvertently introduce vulnerabilities, posing risks to the integrity and security of maritime operations.
“OT cybersecurity is often overlooked, leaving critical maritime systems susceptible to exploitation and attack. For example, look at the incident from last July when Japan's port of Nagoya fell victim to the LockBit 3.0 ransomware attack. The incident brought operations to a standstill for several days, impeding the loading and unloading of cargo from ships. This type of threat gains entry into victim networks through various means, including exploitation of Remote Desktop Protocol (RDP), phishing campaigns, abuse of valid accounts, and the exploitation of public-facing applications.
“The advisory suggests that port operators follow globally recognized cybersecurity best practices, including regular backups of critical software programs, stringent physical security measures, and meticulous access control over devices and infrastructure. It also emphasizes the importance of promptly notifying relevant authorities such as the Coast Guard, CISA, and the FBI upon detecting compromised equipment or suspicious activities within marine transportation systems, as well as OT and IT assets.
“I would recommend additional best practices, including securing data. There are cases where information would come from removable media, the industry should adopt a comprehensive peripheral media protection program to safeguard their systems. Also, the OT network for a maritime port is no different than an OT network for other critical infrastructure verticals. On ships, data diodes have been deployed to securely get data off of ships without compromising critical systems like navigation, weapons and operational control.
“While the Coast Guard is in the process of accepting comments on establishing minimum cybersecurity requirements for the maritime industry, the Executive Order signifies an important step towards enhancing the security of one of the nation's most critical industries and our supply chain.”
Darron Makrokanis, CRO at Xage Security:
“Biden’s executive order is a move in the right direction from a regulation standpoint and a crucial step in addressing the pressing cyber risks facing our nation's critical infrastructure. However, efforts need to be made to enable respective agencies to expedite the adoption of advanced cybersecurity technologies. These efforts should aim to enhance protection and breach prevention. There needs to be a strong focus moving forward on streamlining evaluation and acquisition processes and facilitating swift deployments of advanced cybersecurity technologies across enterprises. The stakes are high for U.S. maritime infrastructure, where cyberattacks have the potential to disrupt commerce and supply chains, delay the flow of food and other critical goods, and endanger overall operational safety and financial stability.
“To safeguard against evolving threats, we must establish a standardized level of proactive defense and move beyond just monitoring and detection. Taking control of the supply chain for both software and hardware that powers our maritime infrastructure and other critical industries is a big step in the right direction. Embracing secure-by-design cyber protection with multi-layer MFA, defense in depth and adopting a zero trust methodology is also paramount. All industries tied to ports need to adhere to rigorous security mandates; otherwise, they should receive authorization from TSA/USCG or other governing bodies to do business. Our resilience as a nation hinges on proactive security measures, unified standards, and staying vigilant.”