Port securityIT security at U.S. ports weak: GAO

Published 11 June 2014

The Government Accountability Office (GAO) reports that maritime security policies and plans at three high-risk U.S. ports do not effectively address how to assess, manage, and respond to cybersecurity threats. While all three ports have strategies to deal with physical security, there were few policies that specifically addressed cybersecurity.

The Government Accountability Office (GAO) reports that maritime security policies and plans at three high-risk U.S. ports do not effectively address how to assess, manage, and respond to cybersecurity threats. While all three ports have strategies to deal with physical security, there were few policies that specifically addressed cybersecurity. “While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities and consequences,” Gregory Wilshusen, GAO director of information security issues, said in the recently published report.

Gov Info Security reports that Coast Guard officials reiterated that they intend to conduct a risk assessment, but they failed to provide details of how that assessment would address cybersecurity. “Physical port security poses a wide variety of challenges and threats emanating from the global cybersecurity arena add a dimension of complexity that requires deliberative consideration,” Jim Crumpacker, director of DHSGAO-Office of Inspector General liaison office, said in response to the audit.

Wilshusen followed up saying that “until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.”

Strengthening cybersecurity for maritime critical infrastructure is instrumental to economic stability. Each year, U.S. ports facilitate roughly $1.3 trillion worth of cargo and much of the operations at these ports are supported by IT and communication systems that are vulnerable to cyberthreats. Failures in these systems could interrupt operations, and degrade the flow of trade. The GAO insists that federal agencies, particularly DHS, and industries using the ports have important roles in protecting maritime facilities from both physical and cyberthreats.

The GAO recommends that DHS help coordinate cybersecurity assessments with the Coast Guard, and use results from the assessment to develop maritime security polices. The GAO also encourages the reestablishment of a maritime industry coordinating council tasked with sharing cyberthreat information among non-federal stakeholders.

view counter
view counter