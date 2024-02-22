



WASHINGTON — President Joe Biden signed an executive order Wednesday and created a federal rule aimed at better securing the nation's ports against possible cyberattacks.

The administration is laying out a set of cybersecurity regulations that port operators must follow across the country, much like standardized security regulations that aim to prevent injury or damage to people and infrastructure.

We want to ensure that there are similar requirements for cyberattack, where a cyberattack can cause as much, if not more, damage as a storm or other physical threat, said Anne Neuberger, deputy national security adviser at the White House.

Nationally, ports employ about 31 million people and contribute $5.4 trillion to the economy, and could be vulnerable to ransomware or another form of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against this.

The new requirements are part of the federal government's efforts to modernize how critical infrastructure such as power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of national standards governing how operators should protect themselves against potential online attacks.

The threat continues to grow. Hostile activities in cyberspace, from espionage to installing malware to infect and disrupt a country's infrastructure, have become a hallmark of modern geopolitical rivalry.

For example, in 2021, the operator of the nation's largest fuel pipeline had to temporarily halt operations after falling victim to a ransomware attack in which hackers hold a victim's data or devices hostage in exchange for money. The company Colonial Pipeline paid $4.4 million to a Russian-based hacking group, although Justice Department officials later recovered much of the money.

Ports are also vulnerable. In Australia last year, a cyber incident forced one of the country's largest port operators to suspend operations for three days.

In the United States, about 80% of the giant cranes used to lift and transport cargo from ships to U.S. docks come from China and are remotely controlled, said Adm. John Vann, commander of the Coast Guard's Cyber ​​Command. American. This makes them vulnerable to attacks, he said.

Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. Vann said this type of potential attack is a concern as officials push for new standards, but they also worry about the possibility of criminal activity.

The new standards, which will be subject to a public comment period, will be mandatory for any port operator and enforcement action will be taken for non-compliance with the standards, although officials did not specify these. They require port operators to notify authorities when they are victims of a cyberattack. These actions also give the Coast Guard, which regulates the nation's ports, the ability to respond to cyberattacks.

