The outgoing Trump administration on Tuesday released an action plan for strengthening the cyber security posture of the nation's maritime transportation subsector during the next five years with an eye to economic security.
The 36-page National Maritime Cybersecurity Plan directs a number of priority actions in three areas: risks and standards, information and intelligence sharing, and the creation of a cyber security workforce for the maritime transportation System (MTS).
"The MTS contributes to one quarter of all United States gross domestic product, or approximately $5.4 trillion," White House National Security Adviser Robert O'Brien said in a statement. "MTS operators are increasingly reliant on information technology (IT) and operational technology (OT) to maximize the reliability and efficiency of maritime commerce. This plan articulates how the United States government can buy down the potential catastrophic risks to our national security and economic prosperity created by technology innovations to strengthen maritime commerce efficiency and reliability."
Under risks and standards, the plan puts forth four priority actions, including directing the National Security Council staff to coordinate policy to sort out maritime security roles and responsibilities across the federal government and identify gaps in legal authorities. Another priority is to have the Coast Guard review its existing guidance to the maritime transportation subsector entities for reporting on cyber security breaches and activities to ensure that a broader range of incidents are disclosed.
Another risk mitigation effort is to include language for cyber security contracts in federal contracts with port operators. The fourth priority action is to create a cyber security risk framework for ships and port systems to include vulnerability inspections.
The plan calls for the Departments of Defense and Homeland Security to conduct maritime cyber security assessments of port facilities and vessels and directs DHS to offer grants for ports to protect themselves from malicious cyber activity.
The cyber security plan also calls for the government to share information with the maritime sector and to push for collaboration among domestic and international partners to bolster best practices. The information shared includes intelligence, both unclassified, and in some cases, classified, with industry stakeholders so they can take action to protect their systems.
A third action area under intelligence and information sharing prioritizes the collection of maritime cyber security intelligence, providing public and private stakeholders "insights into adversarial tactics, actions, motives, and intent," the new plan says.
Efforts to bolster the nation's cyber security workforce are widespread and the maritime plan offers three action items. The first calls on the Coast Guard to develop related career paths and incentives to build a maritime cyber workforce. The second item calls for the Coast Guard and Navy to develop exchange programs with industry and national laboratories for cyber security personnel "with an approach toward port and vessel cybersecurity research and application."
The final priority action directs the Coast Guard to use its cyber force protection teams to help regulated facilities and to help in investigations of marine-related cyber incidents.