When the risk of cyberattacks on critical national infrastructure is discussed, you can bet that the picture in most people’s mind’s eye is a land-based one. For example, cast your mind back to the ransomware attack in May 2021 on the Colonial Pipeline oil pipeline system. That system originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States.
Now think of maritime cybersecurity. This covers cybersecurity on the coast and at ports, dealing with infrastructure that works with cargo. It is relevant because the US government is investing $20bn in US maritime cybersecurity to thwart any cyberattacks on its port-based infrastructure.
In an executive order issued on 21 February 2024, the Biden administration warned that America’s prosperity is directly linked to maritime trade and the integrated network of ports, terminals, vessels, waterways, and land-side connections that constitute the US’s Marine Transportation System (MTS). This system supports $5.4 trillion worth of economic activity each year, employs more than 31 million Americans, and supports nearly 95% of cargo entering the US.
Critical thinking
Outlining its thinking, the current administration said: “The security of our critical infrastructure remains a national imperative in an increasingly complex threat environment. MTS owners and operators rely on digital systems to enable their operations, including ship navigation, the movement of cargo, engineering, safety, and security monitoring. “These systems have revolutionised the maritime shipping industry and American supply chains by enhancing the speed and efficiency of moving goods to market, but the increasing digital interconnectedness of our economy and supply chains have also introduced vulnerabilities that, if exploited, could have cascading impacts on America’s ports, the economy, and everyday hard-working Americans.”
The key cyber role of the US Coast Guard
Specifically, President Biden’s Executive Order will increase the Department of Homeland Security’s authority to directly address maritime cyber threats, including the introduction of cybersecurity standards to ensure that American ports’ networks and systems are secure. It means the US Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s MTS by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbour.
The Executive Order will also institute mandatory reporting of cyber incidents—or active cyber threats—endangering any vessel, harbour, port, or waterfront facility. Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to US maritime infrastructure and be able to inspect those vessels and facilities that pose a threat to our cybersecurity.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe US Coast Guard will issue a Maritime Security Directive on cyber risk management actions for ship-to-shore cranes manufactured by China located at US Commercial Strategic Seaports. Owners and operators of these cranes will have to acknowledge the directive and act on these cranes and associated Information Technology (IT) and Operational Technology (OT) systems.
The US Coast Guard will also be able to establish minimum cybersecurity requirements to best manage cyber threats.
$20bn for coastal cyber surety
Although it is the Biden administration’s executive order that has brought maritime cybersecurity more into the public domain, other work has been going on for some time. For example, in April 2023, the European Commission published its Critical Maritime Routes Program Monitoring, Support and Evaluation Mechanism (CRIMSON III) study, which discussed cybersecurity in maritime critical infrastructure. The work was carried out with the Royal United Services Institute (RUSI).
The bottom line is that all parts of critical national infrastructure are at risk of cyberattack. It is easy to forget that maritime infrastructure is as vital as ‘land’ infrastructure. The US Government’s $20bn investment in US maritime cybersecurity to thwart cyberattacks more than makes the point.