Biden seeks to bolster port cybersecurity with executive order

President Joe Biden will sign an executive order designed to implement new cybersecurity requirements for the nation’s port owners and operators amid growing concerns that hackers could roil crucial supply chains.

The order will give the US Coast Guard new authority to respond to malicious cyber activity, require maritime vessels and facilities to bolster their cybersecurity, and impose new rules requiring the reporting of cyber incidents at ports.

“The continuity of their operations has a clear and direct impact on the success of our country, our economy and our national security,” Anne Neuberger, deputy national security advisor for Cyber and Emerging Technology, told reporters.

The Coast Guard is expected to begin a rulemaking process establishing minimum maritime cybersecurity requirements, as well as a security directive affecting crane owners and operators. 

Administration officials said they were concerned that more than 200 ship-to-shore cranes at US ports are manufactured by China and can be serviced and programmed remotely, creating a security vulnerability. Chinese manufacturer Shanghai Zhenhua Heavy Industries Co. – known as ZPMC – controls large swaths of both the global and US markets for the cranes, which are crucial to loading and unloading cargo ships.

At the same time, a US-based subsidiary of Japanese manufacturing conglomerate Mitsui E&S Co Ltd is planning to increase its domestic crane capacity to the US, with hopes of accessing some of the $20 billion in federal money for port infrastructure authorized across legislation signed during Biden’s presidency.

The announcements come after the Biden administration earlier this month warned that a state-sponsored group of Chinese hackers known as Volt Typhoon has for years been working to access critical maritime, aviation, mass transit, and pipeline operations, in what the US described as an effort of “prepositioning themselves on IT networks” ahead of a possible effort to disrupt critical functions.

While work on the executive order began long before that effort was publicly revealed, administration officials said the possibility of malign Chinese activity did weigh on its development. Aides said they were also alarmed by a ransomware hack on the Japanese port of Nagoya, which last summer halted activities there for days.