Biden Takes Aim at Cybersecurity Threats to Ports with $20 Billion Investment and Executive Order

President Joe Biden is set to sign an executive order and establish a federal rule on Wednesday, aimed at enhancing the security of the nation’s ports against potential cyberattacks.

According to The Wall Street Journal, more than $20 billion from the 2021 $1 trillion infrastructure bill will be allocated to bolster port security over the next five years. This investment includes the transition of cargo crane production from China to the U.S.

Anne Neuberger, deputy national security adviser at the White House, emphasized the necessity of establishing cybersecurity regulations for port operators nationwide. She highlighted the need for similar requirements in cybersecurity, as cyberattacks can inflict as much or even more damage than physical threats.

With approximately 31 million people employed at ports nationwide and contributing $5.4 trillion to the economy, these critical infrastructure sites could be vulnerable to ransomware or other cyberattacks. The standardized cybersecurity requirements aim to mitigate these risks.

The forthcoming requirements, slated for publication on Wednesday, are part of the federal government’s broader efforts to modernize the protection of critical infrastructure. There is currently no uniform set of standards governing cybersecurity measures for operators.

Cyber threats have become increasingly prevalent, with incidents ranging from espionage to infrastructure disruption. For instance, in 2021, the largest fuel pipeline operator in the U.S., Colonial Pipeline, temporarily halted operations due to a ransomware attack.

To address strategic risks, the investment will redirect funds to a U.S. subsidiary of Japan’s Mitsui to manufacture ship-to-shore cranes domestically for the first time in 50 years. This move aims to mitigate vulnerabilities associated with cranes manufactured by China’s ZPMC, which currently dominates the market.

Rear Adm. John Vann, who heads the Coast Guard cyber command, emphasized the susceptibility of ports to cyber threats, citing incidents in Australia and concerns about state-backed cyber intrusions from China.

The new standards, subject to a public comment period, will mandate compliance from all port operators. Enforcement actions will be taken against those failing to adhere to the standards, empowering the Coast Guard to respond to cyber attacks effectively.