The White House’s priorities for improving maritime cybersecurity include having federal agencies work with the General Services Administration to revise their contracting language.
“Port services such as, but not limited to, loading, unloading, stacking, ferrying, or warehousing Federal cargo requires cybersecurity contracting clauses to safeguard the flow of maritime commerce, Maritime Transportation System users, and our economic prosperity,” the plan reads. The plan stipulates agencies will work with GSA “to develop and implement mandatory contractual cybersecurity language for maritime critical infrastructure owned, leased, or regulated by the United States government to decrease cybersecurity risk to the nation.”
The plan comes just a fortnight before the Trump administration leaves office, but highlights shortcomings specific to the maritime sector, which it said is increasingly under attack. The United States Committee on the Maritime Transportation System estimates a quarter of all U.S. gross domestic product comes from the sector. Attacks like NotPetya in 2017—which affected global shipping for days—emphasize the risk of lax cybersecurity, the White House said.
The White House noted military and commercial vessels are also frequent targets of jamming and spoofing attacks on the Global Positioning System, the subject of Executive Order 13905.
In addition to revisiting existing standards and listing cybersecurity requirements in government contracts, the plan prioritizes greater collection and dissemination of related intelligence and boosting the workforce.
The Homeland Security and Defense departments would also conduct assessments of port facilities, vessels and other infrastructure to protect against attacks, under the plan.
For the most part, cybersecurity standards already