On Feb. 21, President Biden signed an executive order amending regulations relating to the safeguarding of U.S. vessels, harbors, ports and waterfront facilities, updating the Code of Federal Regulations to explicitly address cyber threats.
“This executive order ensures Coast Guard authorities are aligned with emerging cybersecurity threats, and reflects the commitment of the Biden administration, the Department of Homeland Security and the U.S. Coast Guard to safeguard maritime critical infrastructure,” Coast Guard Assistant Commandant for Prevention Policy Rear Admiral Wayne Arguin said.
Section 70051 of title 46, United States Code, commonly referred to as the Magnuson Act, authorizes the President to issue regulations to safeguard American vessels, harbors, ports and waterfront facilities against destruction, loss, or injury from sabotage or other subversive acts, accidents, or other similar causes.
Since the Magnuson Act’s enactment in 1950, Presidents from multiple administrations have issued executive orders updating regulations to meet emerging threats and challenges. For example, in 2002 President George W. Bush signed an executive order empowering Captains of the Port to prevent and respond to terrorist attacks.
This latest executive order explicitly addresses cyber threats. Among other amendments, the updated regulations provide a Captain of the Port with authority to:
- Respond to malicious cyber activity by establishing security zones.
- Control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure.
- Inspect and search vessels and waterfront facilities—including cyber systems and networks as consistent with law, and:
- Require facilities to correct unsatisfactory cyber conditions that may endanger the safety of a vessel, facility or harbor.
The updated regulations also empower the Commandant of the Coast Guard to prescribe conditions and restrictions for the safety of waterfront facilities and vessels in port, including measures to prevent, detect, assess and remediate an actual or threatened cyber incident.