Securing Our Ports: Where to Start

As dusk descends upon our nation's ports, casting shadows over the waterfront, another shadow looms in the digital landscape — the threat of cyber warfare. In an era where connectivity reigns supreme, our maritime infrastructure stands at a critical juncture, balancing vulnerability and resilience. The recent White House announcement of a Presidential Executive Order, and a hefty $20 billion in Inflation Reduction Act funding proposal to fortify our ports, underscores the gravity of the situation.

It is a fact that at this time China has manufactured 80% of our nation’s ship-to-shore cranes, which are essential to keep port operations up and running. Though this may raise an eyebrow, it is crucial to make the distinction these cranes are not utilizing Chinese-manufactured software, instead operating software is installed by trusted vendors in allied nations such as Switzerland, Germany, and Japan. With the hysteria of China spying on our nation’s ports through software due to China’s significant portion of market share, potential risks and vulnerabilities should not be overlooked by ports.

This isn't merely a tale of foreign influence; it's also a narrative of domestic oversight. The digital interconnectedness of our ports leaves them exposed to cyber threats, posing a potential risk to our national security and economic stability. As we embark on efforts to revitalize our port infrastructure, it's imperative that cybersecurity be a central focus of our endeavors.

So, where do we begin? It starts with collaboration and coordination within the port community. Terminal operators must unite their IT, facility, and operational teams to assess vulnerabilities and develop response plans. Simple cyber hygiene tasks like updating passwords, upgrading software, implementing employee training, and securing remote wireless access can significantly reduce risk. Through tabletop exercises and scenario simulations, ports can better prepare for and recover from potential cyber incidents.

Next, the Coast Guard can provide expertise and specialized capabilities through Cybersecurity Protection Teams to assist port operators with threat intelligence and discovery tools. They need to focus on finding and disabling non-operational modems and other transmitting devices not controlled by the port.

Additionally, the proposed $20 billion investment presents an opportunity to bolster our cyber defenses. By allocating funds for specialized vendor technologies tailored to port cybersecurity, we can enhance access management, monitoring capabilities, and response protocols. These investments will lay a solid foundation for a more resilient maritime infrastructure.

In addition to the aforementioned solutions, Congress has drafted bipartisan legislation (H.R. 4993) which would extend eligibility criteria for the Capital Construction Fund (CCF) so that marine terminal operators can deposit a portion of their taxable operating income into a tax-deferred CCF account. This proposal marks a significant step forward in bolstering maritime cybersecurity as it incentivizes private capital investment in domestic manufacturing and technologies that will in turn strengthen our maritime cybersecurity.

Furthermore, existing programs like the Department of Transportation's Port Infrastructure Development Program (PIDP) and the Department of Homeland Security’s Port Security Grant Program can be leveraged to prioritize cybersecurity in grant awards. By incentivizing projects that enhance cyber safety and reliability and are also consistent with the Cybersecurity and Infrastructure Security Agency (CISA) recommendations, we can ensure that federal resources are allocated effectively.

But perhaps most crucially, we must adopt a proactive approach to cybersecurity. This means scrutinizing procurement processes, specifying cyber protections in acquisition documents, and investing in post-purchase software protections. The National Association of Waterfront Employers has developed and posted a detailed checklist of actions to start eliminating risk today. By taking preemptive measures, we can mitigate the risks posed by cyber threats before they materialize.

In conclusion, the challenge ahead is clear, but so too are the opportunities for progress. By working together and prioritizing cybersecurity, we can navigate the storm to improve future resilience and safety for our nation's ports. The time to act is now.