Security News > 2024 > February > Biden asks Coast Guard to create an infosec port in a stormy sea of cyber threats

Biden asks Coast Guard to create an infosec port in a stormy sea of cyber threats
2024-02-21 22:10

President Biden has empowered the US Coast Guard to get a tighter grip on cybersecurity at American ports - including authorizing yet another incident reporting rule.

Port Captains, USCG officers responsible for laying down the law in US ports, can now declare "Security zones," inside of which they'll have broad authority to prevent "Access of persons, articles, or things, including any data, information, network, program, system, or other digital infrastructure, to vessels, or waterfront facilities."

"The security of the US is endangered by reason of disturbances in the international relations of the US that exist as a result of persistent and increasingly sophisticated malicious cyber campaigns against the United States," Biden said in his EO, seemingly calling attention to recent threats like the targeting of US critical infrastructure by the allegedly Chinese-sponsored Volt Typhoon hacking crew.

While not admitting the USCG executive order was tied to the Volt Typhoon warnings, Coast Guard Cyber Command commander Rear Admiral Jay Vann said the USCG was issuing a maritime security, or MARSEC, directive to address potential threats from the more than 200 Chinese ship-to-shore cranes in US ports.

Along with its new search and seizure authorities, the Coast Guard also said it plans to issue a notice of proposed rule changes to establish new minimum cybersecurity requirements for MTS systems.

Finally, the EO is also creating yet another cybersecurity reporting standard for a critical infrastructure industry to follow, much like those that have recently been published for federal contractors and by the FTC, FCC, and SEC. The executive order gives relatively bare-bones incident response rules, only saying that evidence of any cyber incident that endangers a vessel or port "Shall be reported immediately" to the FBI, CISA, and the USCG. It's not immediately clear whether the USCG will further define cybersecurity reporting rules for MTS operators; we've asked the Coast Guard but haven't heard back.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/21/uscg_cybersecurity_powers/