Admin Biden, ports prepare for cyberattacks as US infrastructure is targeted

A top Biden cybersecurity official urged the nation’s ports in a joint call Wednesday to encrypt their data, quickly patch any vulnerabilities in critical systems and have a well-trained cyber team as targeted attacks against key U.S. infrastructure increase.

Anne Neuberger, deputy national security adviser for cyber and emerging technologies, cited President Biden’s signing in February of an executive order to strengthen cybersecurity at U.S. ports. The nation’s port system is the primary entry point for trade, employs 31 million people and generates more than $5.4 trillion for the U.S. economy.

“More needs to be done at ports and in the supply chain,” said Port of Los Angeles Executive Director Gene Seroka, who has been fighting for a robust federal cybersecurity plan for years. “The executive order has elevated the discussion.”

The first U.S. seaport to establish a Cyber ​​Security Operations Center (CSOC) in 2014, the Port of Los Angeles, according to Seroka, fought the highest number of cyberattacks recorded against the port in 2023, with the CSOC having stopped 750 computer intrusion attempts.

In a 2023 report, the administration’s Department of Marine Transportation warned that U.S. ports are vulnerable to cyberattacks due to the multiple stakeholders involved in port operation, with risks identified related to access to facilities, location of terminal, to operational technological systems such as communications systems and equipment for cargo handling, positioning, navigation and timing services, which would impact ship movements and complex logistics systems in port facilities, and sharing between ships and ports of network connections and USB storage devices, among other technologies.

Neuberger, who advises Biden on cybersecurity, digital innovation and emerging technologies, noted that the executive order gave the Coast Guard the ability to respond to attacks, instituted mandatory reporting of cyber threats and removed vessels that could represent a danger to national security.

One of the main concerns of the Biden administration and the executive order is the safety of cranes made in China. More than 80% of all cranes operating in U.S. ports are made in China, and some of the software used to operate those cranes is installed in China, which could compromise crane safety, creating fears of a “horse Trojan” for spying or controlling ports remotely.

Neuberger noted that ports can tap into funds from the bipartisan $1 trillion infrastructure bill passed in 2021 to support the construction of U.S. naval cranes by a U.S. subsidiary of Japanese industrial company Mitsui.

State-linked hackers attack US physical operations

Foreign hackers are increasingly targeting U.S. infrastructure across vital services, from transportation to food delivery and healthcare. In February, the FBI warned Congress that Chinese hackers had infiltrated U.S. computer infrastructure in an attempt to cause harm. FBI Director Christopher Wray said Chinese government hackers are targeting water treatment plans, the power grid, transportation systems and other critical infrastructure in the United States

On Wednesday, Google’s Mandiant cybersecurity firm released a report that included analysis of a Russian-linked hacking group and a January attack on a water filtration plant in a small Texas town, Muleshoe, where a water tank overflowed due to a computer intrusion.

“The city may be small but it’s in an arid part of Texas and is near Cannon AFB in Clovis, New Mexico,” said Adam Isles, cybersecurity practice manager for Chertoff Group, describing the location of the water filtration system as “concerning.”

In November last year, US officials said Iran was behind a cyberattack on a Pennsylvania water plant. Biden administration officials recently warned the nation’s governors about the threat to water systems. “The water is among the least mature in terms of safety,” Isles said.

The American Association of Port Authorities, which lobbies on behalf of the nation’s major container ports, has said in the past that there is no evidence to support remote control claims about cyber vulnerabilities in cranes made in China, calling the comments “sensational “.

When asked for an update on the overhaul of the more than 200 cranes, Neuberger directed CNBC to the Coast Guard. In an email to CNBC, a Coast Guard spokesperson said that, as of a few weeks ago, 92 of the more than 200 cranes made in China had been evaluated.

Public comments on the executive order rulemaking began on February 21 and will end on April 22.

Isles said it is important to identify critical safety and business systems at the nation’s ports.

“We cannot protect everything, so it is necessary to identify high-value assets in the port,” he said. “You need to identify what is central to the management of a port or what is central to an adversary.”

Isles says that once assets are identified, there is a need for ongoing diagnostics of operations and networks for durability. “We have to assume that these systems will be compromised at some point and we have to address not only the minimum operational capability, but also its resilience and survivability. This helps achieve an informed defense on the offensive in cybersecurity,” she said. Equally important, Isles stressed, is deterrence. “There must be accountability for offenders.”

September marks the 10th anniversary of the Port of Los Angeles CSCO. The CSOC currently monitors the port’s technological environment to prevent and detect cyber incidents, and became the first port to achieve ISO 27001 information security management certification in 2015.

Activity at the Port of Los Angeles is on the rebound, with first-quarter performance and March 2023 container activity released Wednesday, showing a 19% improvement in container volumes and eight consecutive monthly periods of growth.