The maritime industry is undergoing a significant transformation that involves increased use of cyber-connected systems, coinciding with increased nation-state and cybercriminal targeting of cyber systems in ports and maritime assets. Globally, a number of ports and other maritime assets have been targeted by ransomware attacks with serious disruptions to operations. In response to this trend, the US government has announced a series of regulatory actions to combat cyber threats in the maritime domain—broadly targeted at US flag commercial vessels, waterfront facilities, and certain offshore facilities regulated by the US Coast Guard (USCG).
First, the USCG issued Maritime Security Directive 105-4 (MARSEC Directive 105-4), which requires owners and operators of ship-to-shore cranes manufactured by Chinese companies (PRC-manufactured STS cranes) to take action to address cyber threats and vulnerabilities that have been identified by the USCG. PRC-manufactured STS cranes are reportedly used at ports throughout the United States.
Second, President Biden also issued an Executive Order on 21 February 2024 (Executive Order), updating regulations in 33 C.F.R. Part 6, to explicitly address cyber threats in the US maritime domain, resulting in expanded authorities for the USCG and additional cyber incident reporting requirements for the maritime industry, among other changes.
Read the rest of the story at The National Law Review, here.
