A top Biden cybersecurity official urged the nation’s ports in a joint call on Wednesday to have their data encrypted, rapidly patch any vulnerabilities in critical systems, and have a well-trained cyber team as hacks targeting key U.S. infrastructure increase.
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, cited President Biden’s signing in February of an executive order to strengthen the cybersecurity of U.S. ports. The nation’s port system is the main point of entry for trade, employs 31 million people, and generates over $5.4 trillion for the U.S. economy.
“More needs to be done across the ports, and supply chain,” said Port of Los Angeles executive director Gene Seroka, who has been fighting for years for a robust federal cybersecurity plan. “The executive order has elevated the discussion.”
The first seaport in the United States to establish a Cyber Security Operations Center (CSOC) in 2014, the Port of Los Angeles, according to Seroka, fought the highest number of recorded cyberattacks against the port in 2023, with the CSOC stopping 750 million cyber intrusion attempts.
In a 2023 report, the Department of Transportation Maritime Administration warned that U.S. ports are vulnerable to cyber attacks due to the multiple stakeholders involved in the operation of the port, with risks identified related to facility access, terminal headquarters, operational technology systems such as communication systems and cargo handling equipment, positioning, navigation, and timing services, which would impact vessel movements and complex logistics systems at port facilities, and sharing between ships and ports of network connections and USB storage devices, among other technology.
Neuberger, who advises Biden on cybersecurity, digital innovation, and emerging technologies, noted that the executive order had given the Coast Guard the ability to respond to attacks, instituted mandatory reporting of cyber threats, and turned away ships that could pose a national security danger.
One key area of concern for the Biden administration and the executive order is the security of Chinese-manufactured cranes. Over 80% of all cranes operating at ports in the United States are manufactured in China, and some of the software used to operate those cranes is installed in China. This could compromise the crane’s security, creating fears about a “trojan horse” for spying or controlling ports remotely.
Neuberger noted that ports could tap funds from the $1 trillion bipartisan infrastructure bill passed in 2021 to support the building of U.S. shipping cranes by a U.S. subsidiary of the Japanese industrial company Mitsui.
Foreign hackers are increasingly targeting U.S. infrastructure across vital services, from transportation to food supply and health care. In February, the FBI warned Congress that Chinese hackers have burrowed deep into the United States cyberinfrastructure in an attempt to cause damage.
FBI Director Christopher Wray said that Chinese government hackers are targeting water treatment plans, the electrical grid, transportation systems, and other critical infrastructure inside the U.S.
On Wednesday, Google’s cybersecurity firm Mandiant released a report that included analysis of a Russian-linked hacking group and a January attack on a water filtration plant in Muleshoe, Texas. A cyber intrusion caused a water tank to overflow.