Governance & Risk Management , Standards, Regulations & Compliance
US Coast Guard Expands Cyber Command to Combat New Threats
Officials Express Concern Over Growing Potential for Chinese Maritime CyberthreatsThe U.S. Coast Guard is expanding its Cyber Command operations and building out cybersecurity protection teams, officials testified Thursday.
See Also: Cyber Insurance Assessment Readiness Checklist
Rear Admiral John Vann, commander of the Coast Guard Cyber Command, told lawmakers the military branch has increasingly "invested in growing and maturing Coast Guard Cyber Command to assess, identify and respond to cyber risks and threats" in recent years.
"The growing reliance on cyber physical systems and operational technologies requires a comprehensive approach by all stakeholders to manage cyber risks and ensure safety and security of the [maritime transportation system]," Vann said during a House Homeland Security subcommittee on transportation and maritime security hearing on port cybersecurity.
President Joe Biden signed an executive order earlier this month strengthening the military branch's ability to respond to cyberattacks and mandating incident reporting requirements for vessel operators. Maritime security experts told Information Security Media Group the proposed regulations should significantly improve collaboration between federal cyber authorities and U.S. ports (see: Experts Praise White House Port Cybersecurity Initiatives).
In response to the executive order, the Coast Guard issued a directive requiring specific cyber risk management actions for all owners and operators of cranes manufactured by Chinese companies. The branch is also adding members to a third cyber protection team that is expected to reach full operational capacity later this summer. Coast Guard CPTs are deployable units of active duty and civilian cybersecurity professionals trained in delivering three core capabilities: vulnerability assessments, threat hunting and incident response.
The U.S. increasingly relies on port technologies and systems with remote access capabilities developed in China to operate a vast network of maritime infrastructure. Administration officials and security experts have also raised concerns over the use of nearly 200 ship-to-shore cranes manufactured by the PRC operating across U.S. commercial strategic seaports.
The Coast Guard, which serves as the Department of Homeland Security's maritime security agency, released a proposal following the executive order to establish new cybersecurity standards for U.S. ports and vessels. The military branch is also aiming to extend its current maritime security regulations to include the cybersecurity landscape and is expected to announce a new maritime security director.
Rear Admiral Wayne Arguin Jr., the Coast Guard's assistant commandant for prevention policy, told lawmakers the branch is also participating in an ongoing cross-agency effort led by the Cybersecurity and Infrastructure Security Agency "to ensure that there is a seamless connection to federal entities that need to know about incident reporting."
The Coast Guard's proposed rule would require ports and vessels to report certain data breaches to federal cyber agencies, including CISA and the FBI. Stakeholders have until April 22 to provide comments on the proposal.