At a glance.
- Port crane software threat (and the cost of addressing it).
- US rail cybersecurity conference coming.
- NSA's Cybersecurity Directorate plans expansion.
- An Irish Information Command is mooted.
New US bill bans port crane software from adversaries.
US Congress has introduced the Port Crane Security and Inspection Act of 2022, a bill that would ban port cranes sold under contracts with countries deemed US foreign adversaries from being used in US ports, and operators already using such cranes would be required to remove any crane software manufactured by those countries within five years. This would include cranes made in China, which just happens to be the leading world manufacturer of ship-to-shore gantry cranes. Chinese company ZPMC dominates about 70% of the global crane market, and their cranes are currently operating in the US’s largest container ports.
Experts predict the legislation will put a major crimp in an already overburdened supply chain. The Maritime Transportation System Information Sharing and Analysis Center Institute’s executive director Scott Dickerson told FreightWaves, “These are major investments for industry and to place a prohibition for certain cranes to no longer operate [with current software] within five years would severely impact shoreside operations and ultimately the general public. It’s not as simple as swapping out the software…The supply chain issues we are seeing today would likely be significantly worse under this proposed legislation.” The Port Cranes for America Act, which would establish a grant program that could pay for up to 80% of the cost of gantry cranes for terminal operators, could offset the logistical costs of the new law, but Dickerson worries that coordination of grant approval could pose its own challenges.
Conference on rail cybersecurity planned for May.
As we noted previously, the US Department of Homeland Security's Transportation Security Administration (TSA) has introduced new legislation to shore up cybersecurity in the transportation sector. The Cyber Senate Rail Cybersecurity USA conference, taking place on May 12th in Arlington, Virginia, will allow key stakeholders a venue to address how these new directives will impact the US rail industry. Digital Journal reports that Sonya Proctor, TSA’s Assistant Administrator for Surface Operations, will discuss how the rail industry can approach risk management across surface transportation modes, and the Cybersecurity and Infrastructure Security Agency’s Benjamin Gilbert will address the top vulnerabilities faced by the rail sector.
The future of NSA’s Cybersecurity Directorate.
The US National Security Agency’s (NSA) Cybersecurity Directorate is making plans for expansion, C4ISRNet reports. The directorate was created two years ago to help communicate details about threats to the private sector and defense industrial base. As heightened international tensions (Russia, anyone?) increase the threat of potential cyberattacks, the directorate is looking to level up. At a virtual presentation yesterday, the directorate’s technical director Neal Ziring stated, “We’ve been using intelligence and letting it drive risk mitigations and building up partnerships. How do we do that at greater scale?…How do we start getting cyber threat information out to lots and lots of partners and doing it at relevant speed?” One solution: Ziring says NSA plans to learn about the vulnerabilities posed by machine learning and artificial intelligence, technologies which are gaining popularity at the Department of Defense.
Irish Information Command to focus on national cybersecurity.
Ireland’s Commission on the Defence Forces (CoDF) has recommended the establishment of a government cyber administration body, called “Information Command,” focused on preventing online attacks against the state. The Defense Post explains that the body would take on a “frontline role in detecting and deterring cyberattacks, countering misinformation, and protecting the integrity of Irish elections from online threats.” Inspired by similar structures in Sweden, Germany, and the UK, the body will consist of several subunits and employ up to three hundred personnel while also relying on civilian staff and reservists. CoDF also issued recommendations calling for a complete overhaul of command and control structures, the establishment of a new chief of defense position, and the creation of a joint strategic headquarters. Officials predict the proposal will likely be carried out, as last year’s massive cyberattack on the country’s Health Service Executive has increased the country’s focus on cybersecurity.