WASHINGTON — President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.
The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other type of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against that.
The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.
The threat continues to grow. Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.
For example, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. The company, Colonial Pipeline, paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.
In the U.S., roughly 80% of the giant cranes used to lift and haul cargo off ships onto U.S. docks come from China, and are controlled remotely, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. That leaves them vulnerable to attack, he said.
AI DEBATE
The Biden administration is wading into a contentious debate about whether the most powerful artificial intelligence systems should be “open-source” or closed.
The White House said Wednesday it is seeking public comment on the risks and benefits of having an AI system’s key components publicly available for anyone to use and modify. The inquiry is one piece of the broader executive order that Biden signed in October to manage the fast-evolving technology.
Tech companies are divided on how open they make their AI models, with some emphasizing the dangers of widely accessible AI model components and others stressing that open science is important for researchers and startups. Among the most vocal promoters of an open approach have been Facebook parent Meta Platforms and IBM.
Biden’s order described open models with the technical name of “dual-use foundation models with widely available weights” and said they needed further study. Weights are numerical values that influence how an AI model performs.
When those weights are publicly posted on the internet, “there can be substantial benefits to innovation, but also substantial security risks, such as the removal of safeguards within the model,” Biden’s order said. He gave Commerce Secretary Gina Raimondo until July to talk to experts and come back with recommendations on how to manage the potential benefits and risks.
Now the Commerce Department’s National Telecommunications and Information Administration says it is also opening a 30-day comment period to field ideas that will be included in a report to the president.
“One piece of encouraging news is that it’s clear to the experts that this is not a binary issue. There are gradients of openness,” said Alan Davidson, an assistant Commerce secretary and the NTIA’s administrator. Davidson told reporters Tuesday that it’s possible to find solutions that promote both innovation and safety.
Information for this article was contributed by Colleen Long and Matt O’Brien of The Associated Press.
