United States maritime port authorities are unclear who to report to and what to report during a cyber attack, highlighting the need for the government to issue cybersecurity guidance for the nation’s port infrastructure.
The uncertainty arises because of the conflicting jurisdictions of government entities, two port security experts said during an Oct. 8 House Homeland Security Border and Maritime Security Subcommittee hearing.
“There is some confusion about what’s reported to whom. Our information management division tells us we defend against approximately a million potential penetrations a day,” said Randy Parsons, director of security services for the Port of Long Beach, California.
Furthermore, Jonathan Sawicki, security improvement program manager for the Ports of Brownsville and Harlingen, Texas, said ports were unsure as to what cyber attacks to report.
“I am not aware of any specific guidance on what constitutes a transportation security incident based on cyber, and I think for a majority of the facility’s security plans or port facility security plans there’s always a question on what is a breach, what is a potential breach and what is a near miss,” he said. “Helping define that will help port facilities and ports report incidents that do occur.”
Coast Guard Rear Adm. Paul Thomas said some cyber incidents are reported to his service under the Maritime Transportation Security Act. A loss of cargo or perimeter control associated with a cyber breach are two examples of what would be reported to the Coast Guard, he said.
“The confusion comes because cyber touches all aspects of port operations so if it’s the financial system for example, that’s been breached, well that would not be reportable to the Coast Guard because it’s not addressed under our authorities,” Thomas said. “It’s very confusing to figure out which type of incident gets reported to whom.”
Rep. Jim Langevin (D-R.I.), who has taken a special interest in cybersecurity issues, said in an interview with Federal News Radio after the hearing that the United States needs to step up its efforts and take cyber more seriously, and do everything it can to improve reporting requirements and close vulnerabilities in ports.
U.S. maritime ports handle more than $1.3 trillion in cargo each year, a Government Accountability Office report stated. Port operations increasingly rely on computerized information and communication technologies that are vulnerable to cyber attacks.
A June 2014 GAO report found cyber attacks could send ships off course or redirect shipping containers from their intended destinations.
Though port owners are ultimately responsible for the cybersecurity of their ports, federal agencies have specific roles and responsibilities for supporting those efforts, the report said.
The Department of Homeland Security’s National Infrastructure Protection Plan established a framework for operating and sharing system information between federal and nonfederal entities.
Legislation aims to improve information sharing
Though ports act in a pseudo-public realm, there still are some constraints on how they and private companies share data with the United States.
Congress has continually introduced a cyber sharing bill that would break down legal barriers for sharing cyber threat information between companies and the government.
Langevin said that bill is a step in the right direction for increasing port cybersecurity because the government can share threats with multiple industries.
“Just as if a major retailer … were to be attacked, when you can share that information quickly, widely, hopefully preferably at network speed, you can detect other [threats] of similar industries,” Langevin said.
Critics of the bill fear that the government will be able to collect the data companies store on citizens.
The House passed a version of the bill in April and Senate Intelligence Committee Chairman Richard Burr (R-N.C.) said he would bring cyber sharing legislation to the committee floor in this month.