ICYMI: Port Security Hearing Highlights High-Risk Vulnerabilities, Public and Private Sector Information Sharing
May 11, 2023
ICYMI: Port Security Hearing Highlights High-Risk Vulnerabilities, Public and Private Sector Information Sharing
WASHINGTON, D.C. – This week, the House Homeland Security Subcommittee on Transportation and Maritime Security, led by Chairman Carlos Gimenez (R-FL), held a hearing on port security vulnerabilities, in which Members highlighted high-risk threats posed to U.S. maritime ports by cyber criminals and our adversaries. In the hearing, the Subcommittee heard testimony from the U.S. Coast Guard, the Cybersecurity and Infrastructure Security Agency (CISA), and the Transportation Security Administration (TSA).
Read highlights of the hearing below.
WATCH: Chair Gimenez Questions Witnesses on Growing Cyber Threat Posed by the CCP, Other Adversaries
In his opening line of questioning, Chair Gimenez highlighted his efforts to get answers on the cybersecurity threats posed to military and industrial operations by Chinese-manufactured cranes operating at U.S. ports:
“I have continued to raise concerns about the widespread presence of Chinese-manufactured cranes at our nation’s ports. I’m particularly concerned about the use of Chinese technology equipment, as well as the ports industries over-reliance on Chinese cranes. On April 3, I joined several of my colleagues in sending a letter to DHS asking about their efforts to address the vulnerabilities related to these cranes. DHS has yet to respond. Can you explain what security measures the Coast Guard has in place to evaluate foreign-manufactured equipment and software in use at our ports?”
Rear Admiral Wayne Arguin of the U.S. Coast Guard answered:
“The Coast Guard’s role in ensuring port security from the local level, the local sector commander, captain of the port, uses its maritime security specialists to engage those entities that have ZPMC cranes. At that local level, they’ve had conversations about potential vulnerabilities identified with our partnership with CISA. We’ve also engaged out cyber protection team, elements of our Coast Guard Cyber Command to perform voluntary assessments of those networks to better understand the vulnerabilities associated with those systems, as well as systems throughout the ports. At the regional level, the Air and Maritime Security Committee, we’ve had conversations with each of those entities to ensure they understand the potential vulnerabilities and the likelihood of a potential disruption. At the national level, I’ve had similar conversations with leadership, with port authorities around the country to make sure that they’re aware of the potential vulnerabilities and that they get a better understanding of the potential impacts that those vulnerabilities may have.”
WATCH: Rep. Lee Highlights Public-Private Cooperation & Information Sharing in Maritime Port Security
Rep. Laurel Lee (R-FL) asked CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein, about the crucial role that cooperation between the Department of Homeland Security (DHS) and the private sector plays in cybersecurity:
“How are you utilizing the partnership and the information that you receive from your private sector partners to help build those sector-specific goals and strengthen the infrastructure overall?”
Mr. Goldstein answered:
“One of the biggest challenges in cybersecurity today is to understand the unique vulnerabilities that are facing particular sectors and the unique ways that adversaries are targeting each particular sector. So, information from our partners in industry that is specific to incidents, intrusions, [and] campaigns targeting a different sector will help us make recommendations to these specific controls or risk reduction measures that can help the sector maximize its security, which we can then codify in the performance goals.”
WATCH: Rep. LaLota Detailed Cyber Threats to Maritime Ports Following Colonial Pipeline Attack
Rep. Nick LaLota (R-NY) detailed the cyber threats posed to U.S. maritime ports following attacks on other critical infrastructure sectors:
“Following the Colonial Pipeline ransomware attack in 2021, TSA issued several cybersecurity regulations requiring pipeline owners and operators to improve their cybersecurity practices. They’ve also extended these cybersecurity regulations to the rail and aviation sectors. My question is, looking at the devastating impact of the Colonial ransomware attack, has CISA or Coast Guard considered additional cybersecurity regulations for our maritime ports?”
Mr. Goldstein answered:
“At CISA, our goal is to really establish that baseline of technical measures that are most effective against the threats that we are seeing. Last Fall, and then refreshed this Spring, we released our cybersecurity performance goals, as directed by a Presidential memorandum. These performance goals are really that succinct set of the most effective security practices, prioritized by complexity, cost, and impact that all entities can use on a voluntary basis to know where to invest next.”
###