US president Joe Biden is expected to launch new regulations aimed at better securing US ports from potential cyberattacks.
The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardised safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Ports across the US employ roughly 31 million people and contribute 5.4 trillion dollars to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, Ms Neuberger said.
The new requirements, to be published on Wednesday, are part of the government’s focus on modernising how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely.
There is no set of nationwide standards that govern how operators should protect against potential attacks online.
Meanwhile, the threat continues to grow. Hostile activity in cyberspace – from spying to the planting of malware to infect and disrupt a country’s infrastructure – has become a hallmark of modern geopolitical rivalry.
For example, in 2021, the operator of the largest fuel pipeline in the US had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money.
The company, Colonial Pipeline, paid 4.4 million dollars to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.
In the US, roughly 80% of the giant cranes used to lift and haul cargo off ships onto US docks come from China, and are controlled remotely, said Admiral John Vann, commander of the US Coast Guard’s cyber command.
That leaves them vulnerable to attack, he said.
Late last month, US officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure.
Commander Vann said this type of potential attack was a concern as officials pushed for new standards, but they are also worried about the possibility for criminal activity.
The new standards, which will be subject to consultation, will be required for any port operator and there will be enforcement actions for failing to comply with the standards, though the officials did not outline them.
They require port operators to notify authorities when they have been victimised by a cyberattack.
The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyber attacks.
