Biden administration to enhance port security and supply chain resilience with Executive Order, $20 billion investment

The U.S. administration will issue an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity, fortify the nation’s supply chains, and strengthen the industrial base. The Biden-Harris administration will also announce its intent to bring domestic onshore manufacturing capacity back to America to provide safe, secure cranes to U.S. ports, with over US$20 billion investment in U.S. port infrastructure under President Biden’s Investing in America Agenda. 

In a Fact Sheet released on Wednesday, the administration outlined its initiative to secure the country’s supply chains and strengthen the cybersecurity of its nation’s critical infrastructure against 21st-century threats. This effort has been a focus of the administration since it took office.

As part of the announcement, U.S. President Joe Biden will sign an Executive Order to bolster the authority of the Department of Homeland Security (DHS) to directly address maritime cyber threats, including through cybersecurity standards to ensure that American ports’ networks and systems are secure. Now, the U.S. Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s MTS by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbor. 

The Executive Order will also institute mandatory reporting of cyber incidents – or active cyber threats – endangering any vessel, harbor, port, or waterfront facility. Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure and be able to inspect those vessels and facilities that pose a threat to our cybersecurity. 

The U.S. Coast Guard will issue a Maritime Security Directive on cyber risk management actions for ship-to-shore cranes manufactured by the People’s Republic of China located at U.S. Commercial Strategic Seaports. Owners and operators of these cranes must acknowledge the directive and take a series of actions on these cranes and associated IT and OT (operational technology) systems. 

The move is critical to securing maritime infrastructure’s digital ecosystem and addresses several vulnerabilities that have been identified in the updated U.S. Maritime Advisory, 2024-00X – Worldwide Foreign Adversarial Technological, Physical, and Cyber Influence, also released Wednesday.

The document outlines that maritime industry stakeholders, including vessel owners/operators, shippers, and port operators exposed to cyber risks should apply cybersecurity best practices for access control (identity and access management), vulnerability mitigation, and configuration management. 

They should position themselves to increase their cybersecurity and cyber resiliency to respond to and report any incidents that could inhibit their ability to continue operations, maintain a comprehensive understanding of data sharing and network access permissions within contractual agreements; and stress to their personnel the importance of understanding and knowing who maintains access to maritime technology throughout any port or facility they utilize.

Furthermore, these asset owners and operators should be wary of untrusted network traffic and treat all traffic transiting their networks – especially third-party traffic – as untrusted until it is validated as legitimate. They must ensure infrastructure operational resiliency, regarding system security, as well as the ability to maintain equipment and sourcing for critical parts and upgrades, maintain fully recoverable backups and practice recovery from backups, and partner with academia and government to develop and maintain optimal cybersecurity hygiene by participating in information sharing exchanges and cyber drills and exercises.

It also provided mitigation measures to be utilized to reduce the risks associated with automated port cranes. 

The White House also said that the U.S. Coast Guard has issued a Notice of Proposed Rulemaking on Cybersecurity in the Marine Transportation System.  Every day malicious cyber actors attempt to gain unauthorized access to MTS (Marine Transportation System) control systems and networks throughout the nation. 

The Proposed Rule will strengthen these digital systems by establishing minimum cybersecurity requirements that meet international and industry-recognized standards to best manage cyber threats. These actions build on prior actions by DHS including those taken by the Transportation Security Administration (TSA), and reflect the administration’s commitment to leverage regulatory requirements in pursuit of safeguarding critical infrastructure.

The U.S. administration continues to deliver for the American people by rebuilding the U.S.’s industrial capacity to produce port cranes with trusted partners. The administration will invest over $20 billion, including through grants, into U.S. port infrastructure over the next five years through the President’s Investing in America Agenda, including the Bipartisan Infrastructure Law and the Inflation Reduction Act. 

As a result, PACECO Corp., a U.S.-based subsidiary of Mitsui E&S Co., Ltd (Japan), plans to onshore U.S. manufacturing capacity for its crane production. PACECO has a deep history in the container shipping industry, manufacturing the first dedicated ship-to-shore container crane in 1958 as PACECO Inc., and it continued U.S.-based crane manufacturing until the late 1980s. PACECO intends to partner with other trusted manufacturing companies to bring port crane manufacturing capabilities back to the U.S. for the first time in 30 years, pending final site and partner selection. 

The announcement is part of the Biden-Harris Administration’s fourth Investing in America tour, where White House and administration officials are traveling across the country to highlight the impacts of the President’s Investing in America agenda on communities, families, small businesses and the United States’ economic and national security. 

It also follows up on the White House Council on Supply Chain Resilience’s efforts to strengthen America’s supply chains, particularly by addressing supply chain risks resulting from threats and vulnerabilities inside U.S. ports.

Last month, the U.S. House Homeland Security Committee along with the Select Committee on the Chinese Communist Party (CCP) deepened their joint investigation into security vulnerabilities in the nation’s maritime sector, particularly relating to CCP cybersecurity and supply chain risks. In their latest move, the committee requested Swiss Company ASEA Brown Boveri Ltd. (ABB) testimony on its ‘concerning’ ties to Chinese state-owned enterprises.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.