When the risk of cyberattacks on critical national infrastructure is discussed, you can bet that the picture in most people’s mind’s eye is a land-based one. For example, cast your mind back to the ransomware attack in May 2021 on the Colonial Pipeline oil pipeline system. That system originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States.

Now think of maritime cybersecurity. This covers cybersecurity on the coast and at ports, dealing with infrastructure that works with cargo. It is relevant because the US government is investing $20bn in US maritime cybersecurity to thwart any cyberattacks on its port-based infrastructure.

In an executive order issued on 21 February 2024, the Biden administration warned that America’s prosperity is directly linked to maritime trade and the integrated network of ports, terminals, vessels, waterways, and land-side connections that constitute the US’s Marine Transportation System (MTS). This system supports $5.4 trillion worth of economic activity each year, employs more than 31 million Americans, and supports nearly 95% of cargo entering the US.

Critical thinking

Outlining its thinking, the current administration said: “The security of our critical infrastructure remains a national imperative in an increasingly complex threat environment. MTS owners and operators rely on digital systems to enable their operations, including ship navigation, the movement of cargo, engineering, safety, and security monitoring. “These systems have revolutionised the maritime shipping industry and American supply chains by enhancing the speed and efficiency of moving goods to market, but the increasing digital interconnectedness of our economy and supply chains have also introduced vulnerabilities that, if exploited, could have cascading impacts on America’s ports, the economy, and everyday hard-working Americans.”

The key cyber role of the US Coast Guard

Specifically, President Biden’s Executive Order will increase the Department of Homeland Security’s authority to directly address maritime cyber threats, including the introduction of cybersecurity standards to ensure that American ports’ networks and systems are secure. It means the US Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s MTS by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbour.

The Executive Order will also institute mandatory reporting of cyber incidents—or active cyber threats—endangering any vessel, harbour, port, or waterfront facility. Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to US maritime infrastructure and be able to inspect those vessels and facilities that pose a threat to our cybersecurity.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The US Coast Guard will issue a Maritime Security Directive on cyber risk management actions for ship-to-shore cranes manufactured by China located at US Commercial Strategic Seaports. Owners and operators of these cranes will have to acknowledge the directive and act on these cranes and associated Information Technology (IT) and Operational Technology (OT) systems.

The US Coast Guard will also be able to establish minimum cybersecurity requirements to best manage cyber threats.

$20bn for coastal cyber surety

Although it is the Biden administration’s executive order that has brought maritime cybersecurity more into the public domain, other work has been going on for some time. For example, in April 2023, the European Commission published its Critical Maritime Routes Program Monitoring, Support and Evaluation Mechanism (CRIMSON III) study, which discussed cybersecurity in maritime critical infrastructure. The work was carried out with the Royal United Services Institute (RUSI).

The bottom line is that all parts of critical national infrastructure are at risk of cyberattack. It is easy to forget that maritime infrastructure is as vital as ‘land’ infrastructure. The US Government’s $20bn investment in US maritime cybersecurity to thwart cyberattacks more than makes the point.