On March 21, 2022, Secretary Mayorkas delivered remarks at the Maritime and Control Systems Cybersecurity Conference —Hack the Port 2022.
Thank you, General Moore, for your kind introduction. My thanks to the leadership of the Maryland Innovation and Security Institute for organizing Hack the Port 2022.
Last August, a major U.S. port was the target of a potentially devastating cyber intrusion. The incident involved a “zero-day vulnerability” that, left unnoticed, would have allowed the intruders unrestricted access to the port’s IT systems.
At risk were shipments entering and exiting the harbor – the lifeline of our economy – at a time when global supply chains were already stretched to their limits due to the pandemic.
That scenario never came to pass. A crisis with unknown cascading impacts was avoided thanks to the prompt action by the government and its local partners.
As soon as the intrusion was identified, the Coast Guard set up a Unified Command post, drawing on the resources of local law enforcement, the affected company, the FBI, and teams from the Department of Homeland Security.
The Department’s Cybersecurity and Infrastructure Security Agency, or CISA, provided expertise and support.
Together with our U.S. Coast Guard’s Cyber Protection Teams, they stepped forward to help the victims identify security gaps, assess their networks, identify threats to the broader port environment, and alert domestic and international critical infrastructure operators to the vulnerability.
It was a reminder of what might have been, but wasn’t – a potential disaster averted thanks to leadership and close collaboration across sectors and agencies.
It portrayed a microcosm of how DHS works year-round in the cybersecurity and maritime security realms: utilizing deep partnerships in the public and private sectors to protect our ports.
It was an experience that highlighted the vital nature of the Marine Transportation System – where industries intersect, responsibilities overlap, and the health of our economy and the strength of our security are intertwined.
It was an experience that also brought to the fore the very essence of America’s ports, each of them cross-sections of prosperity and public safety, sustainability and cybersecurity, immense threats and intense teamwork.
So too does that describe our DHS’s multilayered approach to the mission of maritime security.
This could not be more critical today.
We only need to turn on the news to see why: we face Russia’s unprovoked invasion into Ukraine. We know that past cyber assaults targeting Ukraine had impacts outside the region.
Many of you recall when the “NotPetya” malware infected a Ukrainian tax software in 2017 and then quickly spread worldwide, impacting shipping companies and ports along the way.
NotPetya caused billions of dollars in damage across Europe, Asia, and the Americas and became the most destructive and costly cyberattack in history.
That same danger persists today, which is why DHS launched its “Shields Up” campaign in December to warn our partners and to maximize our resilience.
We live in a moment of new and evolving threats, physical and digital, to our critical infrastructure. We know that what happens at our ports, on our rivers, coastlines, and waterways, across the maritime space, directly impacts American communities.
Indeed, our ports are targets of nefarious activity precisely because they are such vital economic engines for the United States.
The Marine Transportation System is comprised of an integrated network of hundreds of ports, thousands of docks, 25,000 miles of waters and rivers, collections of cargo vessels, cruise ships, passenger ferries, waterfront terminals, offshore facilities, buoys, beacons, bridges, and more.
All told, this integrated network fuels $5.4 trillion in economic activity each year and supports over 30 million U.S. jobs.
Port environments are highly dependent on synchronization and precision when it comes to moving cargo. Even a slight disruption – in cyberspace or in its daily operations – could have massive impacts, resulting in major delays in the movement of goods.
In short, ports sit at the nexus of our homeland security and national security, and ensuring their protection, defense, and functioning must be – and is – a top priority.
Fulfilling this duty calls on us to tap into who we are as a Department: fundamentally, a department of partnerships. Yet how we deploy those partnerships has shifted in the 21st century.
What concerns us is not solely a direct, physical assault on our maritime infrastructure. What we track now, more than anything, is the expanding role of cyberattacks like ransomware and malware and the risk they can pose with respect to the maritime sector, specifically.
If the stakes feel higher today, that is because indeed they are. Russia’s unjustified war in Ukraine has widened the dangers to global security. It has driven up the risk that a conflict waged on the battlefields of Eastern Europe may open on new fronts in cyberspace. It has reinforced the urgency of our resilience and our vigilance, online, at our ports, and everywhere.
That is our focus as the lead federal agency for domestic preparedness in this crisis. We stood up the Unified Coordination Group to lead this effort, which acts much like the Unified Command post at a port: connecting federal and local actors, the private sector, and other institutions to mitigate against cyber risks related to the ongoing Russia-Ukraine crisis.
We are mindful of the potential for Russia to escalate its destabilizing actions beyond Ukraine.
So we must be prepared and fortified. We must build up the workforce, vision, policies, platforms, and partnerships to meet the threats of our time.
We, at DHS and throughout the Biden-Harris Administration, understand the scope, depth, and breadth of what we confront.
We have worked from day one to assess the threats posed to our security and to combat them with urgent action.
Our strategy starts with taking a step back, with examining and evaluating the landscape of cybersecurity and other threats to the Marine Transportation System and our broader transportation infrastructure.
To that end, the Coast Guard released a Cyber Strategic Outlook last year focused on three lines of effort: ensuring they are mission-ready to defend their own cyberspace; protect the maritime sector in cyberspace; and operate in and through cyberspace to counter threats.
Around the same time, our Department launched a cybersecurity transportation sprint, a 60-day effort focused on increasing cyber resilience across aviation, rail, mass transit, pipelines, and the maritime space.
What emerged from that exercise was a series of steps DHS is deploying to strengthen vulnerability assessments; do a better job of assessing and mitigating risks at our ports; and deepen engagement with the maritime industry specifically on cybersecurity.
Each of these efforts speaks to the fundamental priorities at the heart of our maritime security strategy: Preventing threats whenever and wherever we can; investing in resilience against future assaults before threats materialize into full-fledged cyberattacks; responding swiftly and effectively when cyber incidents do strike maritime infrastructure; and reinforcing our cooperation across law enforcement, state and local government, and industry.
That last point speaks, once again, to the importance of partnerships in everything we do: cyber risk management in the maritime sector is a shared responsibility, and it is built on a series of sound practices across our critical infrastructure sectors.
This begins with accountability and focus.
Companies need to identify and empower a responsible point-person with the authority to address cyber challenges.
Companies need to have a plan in place and hold regular exercises so every employee is aware of their policies and procedures – and so cybersecurity is ingrained in their operations.
If a cyber intrusion does occur, companies need to immediately report them to CISA, where it will be shared with the Coast Guard and other federal agencies.
Reporting cyber incidents enables us to spring into action quickly to help respond and limit the damage of an attack. And it allows us to keep other businesses or institutions informed and on alert in case they might be the next target.
Even as we ask the private sector to always do its part, we at DHS will do ours.
We will keep deepening operational collaboration.
We will keep sharing information and intelligence.
And we will consider what additional, directive action might be necessary to address urgent cyber threats, as we saw with the TSA security directives focused on surface transportation and pipelines following the Colonial Pipeline ransomware attack.
These steps form the foundation of our efforts in maritime security. There is far more to come in the weeks and months ahead.
We have CISA and the Coast Guard building a lab that emulates processes found in a port environment, so they can constantly train to respond to any incident.
We are hosting gatherings in April and May with international partners, drawn from governmental and industry, technical experts, and maritime regulatory authorities, to exchange best practices and risk management tactics in protecting the Marine Transportation System from cyber threats.
We will keep ourselves trained on these maritime challenges. Because a cyberattack on our shipping industry can disrupt our daily lives and economies, and have effects far beyond our shores.
We cannot allow that to happen. We must ensure our Marine Transportation system is resilient and able to withstand and absorb any potential disruption – physical or virtual.
Together, across government and industry, at home and abroad, resilient and vigilant, we will continue to safeguard our ports and our maritime system, and we will do so in partnership with all of you.
Thank you very much.