The Biden administration and U.S. ports are preparing for cyberattacks as the nation's infrastructure is being targeted.

• A report by Google's cybersecurity firm Mandiant has revealed links between Russian hackers and a January attack on a water filtration plant in a small Texas town, highlighting the growing threat of hacks on U.S. physical infrastructure.
• On Wednesday, cybersecurity officers from the Biden administration and key port executives discussed security concerns, including the Chinese-made cranes that have been under scrutiny this year, at the nation's largest ports.
• Gene Seroka, executive director for the Port of Los Angeles, stated that more needs to be done across the ports and supply chain, as the port stopped 750 million hacking attempts in 2023.

On Wednesday, a top Biden cybersecurity official advised the nation's ports to prioritize data encryption, promptly address any vulnerabilities in critical systems, and maintain a well-trained cyber team as the frequency of hacks targeting key U.S. infrastructure continues to rise.

In February, President Biden signed an executive order to enhance the cybersecurity of U.S. ports, which serve as the primary entry point for trade, employ 31 million people, and contribute over $5.4 trillion to the U.S. economy, as stated by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology.

"Port of Los Angeles executive director Gene Seroka, who has been advocating for a strong federal cybersecurity plan, stated that more action is required across the ports and supply chain, as the executive order has brought the issue to the forefront."

In 2014, the Port of Los Angeles was the first seaport in the US to establish a Cyber Security Operations Center (CSOC). In 2023, the port experienced the highest number of recorded cyberattacks, with the CSOC successfully stopping 750 cyber intrusion attempts.

The Department of Transportation Maritime Administration issued a warning in a 2023 report that U.S. ports are at risk of cyber attacks due to the involvement of multiple stakeholders in port operations. Risks were identified related to facility access, terminal headquarters, operational technology systems such as communication systems and cargo handling equipment, positioning, navigation, and timing services, which would impact vessel movements and complex logistics systems at port facilities. Additionally, sharing between ships and ports of network connections and USB storage devices poses a threat.

Biden's cybersecurity advisor, Neuberger, pointed out that the executive order has granted the Coast Guard the authority to respond to cyberattacks, mandated the reporting of cyberthreats, and enabled the agency to turn away ships that pose a national security risk.

The Biden administration and the executive order are concerned about the security of Chinese-made cranes, as over 80% of all cranes operating at US ports are manufactured in China, and some of the software used to operate those cranes is installed in China, which could compromise the crane's security and create fears about a "trojan horse" for spying or controlling ports remotely.

The $1 trillion bipartisan infrastructure bill passed in 2021 can be tapped by ports to fund the construction of U.S. shipping cranes by a U.S. subsidiary of the Japanese industrial company Mitsui, as noted by Neuberger.

State-linked hackers attacking U.S. physical operations

U.S. infrastructure is increasingly being targeted by foreign hackers, particularly Chinese hackers, who have infiltrated the country's cyber infrastructure in an attempt to cause harm. In February, the FBI warned Congress that Chinese hackers have burrowed deep into the United States' cyber infrastructure, targeting vital services such as transportation, food supply, and health care. FBI Director Christopher Wray stated that Chinese government hackers are specifically targeting water treatment plans, the electrical grid, transportation systems, and other critical infrastructure within the U.S.

On Wednesday, Mandiant, Google's cybersecurity firm, released a report detailing an analysis of a Russian-linked hacking group and a January attack on a water filtration plant in Muleshoe, Texas, where a water tank overflowed due to a cyber intrusion.

"The water filtration plant, located in a small town near Cannon AFB in Clovis, New Mexico, is in an arid part of Texas and is therefore a cause for concern, according to Adam Isles, head of cybersecurity practice for Chertoff Group."

Officials from the US stated in November of the previous year that Iran was responsible for a cyberattack at a water plant in Pennsylvania. Recently, the Biden administration cautioned governors about the potential threat to water systems. According to Isles, "Water security is the least developed."

The American Association of Port Authorities has previously stated that there is no evidence to support the claims about Chinese-manufactured crane cyber vulnerabilities, characterizing the comments as "sensational."

Neuberger directed CNBC to the Coast Guard when requested an update on the review of the 200 plus cranes. According to an email from a Coast Guard spokesperson, as of a few weeks ago, 92 of the more than 200 cranes manufactured in China had been evaluated.

The executive order's rulemaking received public comments from February 21 to April 22.

Identifying critical safety and business systems at the nation's ports is important, according to Isles.

""You must identify the critical assets at the port to ensure its security," he emphasized."

Isles emphasized the importance of deterrence in cybersecurity. He stated that we need to assume that these systems will be compromised at some point and focus on not only the minimal operating capacity but also their resiliency and survivability. This approach helps achieve an offense-informed defense. Additionally, Isles highlighted the need for accountability for offenders.

The Port of Los Angeles CSCO is celebrating its ten-year anniversary in September. The CSOC oversees the port's technology environment to prevent and detect cyber incidents, and it was the first port to obtain ISO 27001 information security management certification in 2015.

The Port of Los Angeles is experiencing a surge in activity, as evidenced by its first-quarter performance and March 2023 container activity, which show a 19% increase in container volumes and eight consecutive months of growth.