Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

US Maritime Administrator to study port crane cybersecurity concerns | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The 2023 National Defense Authorization Act (NDAA) passed by Congress and signed by President Biden in late December 2022 was filled with a host of military-related cybersecurity provisions. One little-noticed provision in the bill called for a study of cybersecurity and national security threats posed by foreign-manufactured cranes at United States ports.

Under this provision, the Maritime Administrator, working with Homeland Security, the Pentagon, and the Cybersecurity and Infrastructure Security Agency (CISA), is required to conduct a study to assess whether foreign manufactured cranes at United States ports pose cybersecurity or national security threats. It must be completed by late December 2023 and submitted to the Senate Commerce and Armed Services committees and House Transportation and Armed Services committees.

Crane security study origins unclear

Little information is available on why this study appeared in the NDAA or why a study of port crane security was deemed critical enough to include in the annual must-pass legislation. However, the study could be a concession to Representative Carlos Gimenez (R-FL), who introduced a bill last year, H.R.6487, the Port Crane Security and Inspection Act of 2022, that died in committee.

Gimenez’s bill limited the operation at US ports of foreign cranes made by US adversaries. It required CISA to inspect foreign cranes before they are placed into operation for potential security vulnerabilities and assess the threat posed by security vulnerabilities on existing or newly constructed foreign cranes. Gimenez’s bill also called for CISA to report to Congress about critical and high-risk security vulnerabilities posed by foreign cranes at US ports. Gimenez’s office did not respond to requests for comments on his bill or the NDAA-mandated study.

FBI boarded Chinese ship in a mysterious incident

Concerns about cybersecurity at the nation’s increasingly digitized ports have been rising for years. As far back as 2013, a Brookings study concluded that the cybersecurity awareness and culture level in US port facilities was low and that basic cybersecurity hygiene measures were missing in most ports. Of the ports studied by the Brookings researchers, only one had conducted a cybersecurity vulnerability assessment, and none had developed a cyber incident response plan.

In 2015, cybersecurity firm CyberKeel, now owned by Improsec, warned that 37% of maritime companies with Windows web servers weren’t adequately installing security patches from Microsoft. Earlier in 2015, US Coast Guard officials reported that interference with GPS signals disrupted operations for seven hours at a significant, unidentified east coast port, affecting four cranes.

Copyright © 2023 IDG Communications, Inc.


Click Here For The Original Source.

National Cyber Security