Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed

The US Department of Homeland Security is seeking help to assess the security of tech at maritime ports, to safeguard the 13 million jobs and $649 billion of economic activity generated by the nation’s docks.

The department’s ambitions were revealed this week in a request for information (RFI)

that aims to “produce a research study analyzing maritime port networks, to understand how the resources are deployed, as well as identify research, development, test, and evaluation needs that are unique to [maritime ports].”

That info will be used to create a "Maritime Port Resiliency and Security Research Testbed" that will help port stakeholders study, test and modify their systems.

"Our goal is to successfully design and develop a virtual testbed where tactics, techniques, and procedures can be created for effective response to threats to critical maritime infrastructure without impacting real-world operations," Homeland Security Science And Technology Directorate project manager Jason McCasland said. "For that to be successful, we require baseline information on the equipment US ports are utilizing in their daily operations."

Cybersecurity at maritime ports is a well-established concern. Last year alone LockBit paralyzed Japan's Nagoya Harbor last year, and a major Australian shipping logistics company was hit by a cyberattack that disrupted activities at ports down under.

Homeland Security, through its subsidiary the US Coast Guard, was given responsibility for port cybersecurity through an executive order signed by President Joe Biden this past February.

• Critical infrastructure security will stay poor until everyone pulls together
• America's enemies targeting US critical infrastructure should be 'wake-up call'
• NCSC says cyber-readiness of UK's critical infrastructure isn't up to scratch
• Seattle airport 'possible cyberattack' snarls travel yet again

Biden Administration officials in April urged port operators to improve their security posture due to the threat posed by nation-state threat actors against critical infrastructure, a recommendation echoed by the Department of Transportation.

"Recent events have highlighted the fragile and complicated nature of the [maritime transportation system], as well as primary, secondary, and further reaching effects once there is a tragic disruption," Homeland Sec noted under reasons for participation in the RFI.

Submissions are being sought from subject matter experts who work for or support the maritime port infrastructure space, and from businesses that manufacture equipment for ports. The deadline is October 4, after which point interviews will be conducted to further discuss the provided information.

It's not clear when the Testbed might emerge. We've asked DHS and USCG for details but at the time of publication have not received a response. ®