US Executive Order on port cybersecurity

  • August 26, 2024
  • William Payne

In February, the Biden White Office issued an Executive Order to enhance the cybersecurity of US ports and strengthen the United States’ supply chains. The Executive Order gives greater power to the Department of Homeland Security over maritime security threats, expands the role of the US Coast Guard, and requires action from the US Coast Guard to secure cranes, IT and IoT systems either built in China or containing Chinese made components.

The Executive Order is directing $20 billion of investment to US port infrastructure, including the direction of funds to domestic crane manufacture and associated IT and IoT systems.

The Order has received pushback from the American Association of Port Authorities who argue that it will increase costs for US port operators and for American consumers, as US ports are heavily dependent on Chinese made cranes.

The Biden Administration issued the Order to address what it sees as a growing threat to the nation’s critical infrastructure posed by cyberattacks and supply chain vulnerabilities, particularly those originating from China. US ports are vital to the nation’s economy and security.

The US Marine Transportation System (MTS) supports $5.4 trillion of economic activity annually and 31 million jobs. Maritime trade has however become a point of vulnerability as increasing digital interconnectedness of ports and the country’s wider supply chain has created opportunities for cyberattacks and disruption.

Cyberattacks on ports appear to be a growing trend. One of the largest recent attacks took place in July 2021, when South Africa suffered a wave of cyberattacks that closed ports across the country, including the largest port in Africa, Durban. In all, four separate ports were attacked, and the economic consequences of the attacks affected countries across southern and central Africa. The cyberattack is thought to have emanated from Russia.

The Order is driven by a number of key objectives. Chief among these is a perceived need to strengthen overall port cybersecurity. The Order empowers the Department of Homeland Security, specifically the US Coast Guard, to enforce stronger cybersecurity measures in the maritime sector. This includes the authority to set and enforce minimum cybersecurity standards, mandate the reporting of cyber incidents and threats, and control the movement of vessels deemed a cyber risk to maritime infrastructure. The order represents a shift from “requesting to requiring” compliance with cybersecurity standards.

There are specific concerns about Chinese-manufactured cranes. US ports source roughly 80% of their cranes from Chinese firms. These cranes incorporate IT and OT systems which can be controlled remotely, potentially providing an attack vector for threat actors. The Executive Order specifically tasks the US Coast Guard with issuing a Maritime Security Directive focusing on the cyber risk management of these Chinese-manufactured cranes at US ports.

The Order also incorporates a broader strategy to bolster US supply chain resilience. It forms part of a wider effort by the Biden-Harris Administration to enhance the security and resilience of US supply chains. The administration has expressed concerns about potential disruptions to the US economy and national security posed by cyberattacks on the MTS.

In addition to strengthening cybersecurity protocols, the Biden Administration is also aiming to revitalise domestic crane manufacturing to reduce dependence on Chinese-made cranes. This initiative includes a $20 billion investment in US port infrastructure, part of which will support PACECO Corp., a US-based subsidiary of a Japanese firm, to restart crane production in the US.

The American Association of Port Authorities (AAPA) has criticised the Executive Order on Ports as part of a general criticism of the Administration’s policies as they affect the country’s ports. In particular, the AAPA has attack the imposition of a set of tariffs on Chinese ship-to-shore cranes imported from China. This is a separate but related issue, and not part of the Executive Order on Ports. Rather it is part of a broader set of tariffs on various Chinese goods announced by the Biden administration, including electric vehicles, solar cells, medical products, steel, and semiconductors. These new measures impose on 25% tariff on Chinese manufactured cranes, and came into effect on August 1st. The AAPA argues this will harm port efficiency and capacity, strain supply chains, increase consumer prices and weaken the US economy. They estimate that the tariff will add roughly $131 million in unexpected costs for ports that have already placed orders for 35 Chinese cranes. This could force terminal operators to “scale back” infrastructure investment plans.