Posted on March 4, 2024
Biden Administration Announces Actions to Strengthen Maritime Security; Coast Guard Releases Cybersecurity NPRM. On February 21, Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger announced that President Biden has issued an Executive Order to bolster the Department of Homeland Security’s authority to directly address maritime cyber threats. DNSA Neuberger observed that America’s marine transportation system supports $5.4 trillion of annual economic activity, contributes to the employment of more than 31 million Americans, and supports nearly 95% of the cargo entering the U.S., and declared that “the security of that infrastructure, physically and digitally, is a national priority.” The Executive Order authorizes the Coast Guard to establish minimum cybersecurity standards; require vessels, ports, and facilities to address cyber risks; institute mandatory reporting of cyber incidents; and control the movement of vessels that present cyber threats. In conjunction with the Executive Order, the Coast Guard is issuing a Maritime Security Directive on cyber risk management actions to operators of Chinese-built ship-to-shore cranes, and DNSA Neuberger announced that PACECO Corp., a U.S. subsidiary of the Japanese maritime engineering and construction company Mitsui E&S Group, is planning to onshore port crane manufacturing capability to take advantage of port infrastructure investments and grants created by the Bipartisan Infrastructure Law and Inflation Reduction Act.
Timed to the issuance of the Executive Order, the Coast Guard has published a Notice of Proposed Rulemaking that would establish minimum cybersecurity requirements for U.S. vessels and facilities regulated under the Maritime Transportation Security Act. The NPRM would require vessel and facility operators to conduct a Cybersecurity Assessment and develop and implement a Coast Guard-approved Cybersecurity Plan, which may be combined with an existing Vessel or Facility Security Plan. The Cybersecurity Plan would include personnel training, drills and exercises, account security measures, device security measures, data security measures, risk management, and supply chain management, among other things. The Coast Guard has also released Navigation and Vessel Inspection Circular 02-24, which expands reporting requirements for breaches of security and suspicious activity to include cyber incidents. The NVIC states that an actual or threatened cyber incident involving or endangering any vessel, harbor, port, or waterfront facility must be reported immediately to the Federal Bureau of Investigation, the Cyber and Infrastructure Security Agency, and the cognizant Coast Guard Captain of the Port, per the Executive Order.
AWO will be reviewing the NPRM and NVIC and will convene interested members to inform our comments to the Coast Guard, which are due April 22. If you or a colleague would like to participate, or if you need more information, please contact Liam Morcroft.
