House Committee Reviews Port Cybersecurity in Latest Hearing
On Wednesday, May 10, the Subcommittee on Transportation and Maritime Security under the House Committee on Homeland Security met to discuss port security. The subcommittee explored high-risk security vulnerabilities and the processes used to evaluate them at U.S. ports through the testimony of three expert witnesses:
- Rear Admiral Wayne R. Arguin Jr, Assistant Commandant for Prevention Policy, U.S. Coast Guard (USCG)
- Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA)
- Neal Latta, Assistant Administrator for Enrollment Services and Vetting Programs, Transportation Security Administration (TSA)
According to the Subcommittee Chair, Rep. Carlos Gimenez (R-FL), the United States has 361 commercial maritime ports, 25,000 miles of navigable channels, and 95,000 miles of shoreline. 95 percent of imports and exports enter or leave the U.S. by ship generating $4 trillion of economic activity: there is a lot at stake. “There is an alarming potential for actors to steal sensitive data and impact operations at our ports,” he adds. Gimenez indicated that legislation he introduced last year limits the operation of foreign software and cranes at U.S. ports in an attempt to mitigate some of this risk.
Through his testimony, Rear Admiral Arguin emphasized that protecting the marine transportation system (MTS) is a top priority for the U.S. Coast Guard (USCG). Arguin notes that the MTS is being shaped by a need for increased capacity, pressure to reduce transportation’s environmental footprint and increase sustainability, and the introduction of new and complex technologies (that are implemented to help alleviate the first two pressures). He describes these pressures as a triple challenge. USCG determines risks in the MTS and develops mitigation strategies in partnership with other agencies and private stakeholders. Security assessments start with individual assessments at facilities. USCG also conducts on-site compliance activities. Finally, USCG coordinates national-level, and even international-level activities, assessing foreign ports and foreign ships in U.S. ports.
Eric Goldstein detailed the Cybersecurity and Infrastructure Security Agency’s (CISA) mission to protect critical infrastructure against cyber threats. CISA partners daily with USCG and the Transportation Security Administration (TSA), but most importantly, they partner with owners and operators of critical infrastructure across the country. CISA is acutely aware of Chinese technological attacks on U.S. infrastructure and the risks associated with it. CISA aims to reduce this risk in a timely way through its partnerships.
Neal Latta shared insights into the Transportation Security Administration’s (TSA) efforts to protect U.S. ports. TSA vets maritime workers through its Transportation Worker Identification Credential (TWIC) program. Port workers undergo a Security Threat Assessment – as mandated by the Maritime Transportation Security Act of 2002 (MTSA) – and if approved receive a TWIC card that allows them access to secure areas at ports.
The subcommittee expressed concerns about the TWIC application process and its potential to keep workers out of good-paying jobs. Latta reassured them that they take the judicial processing times very seriously. 60 percent of TWIC enrollments are approved within 24 hours and receive their TWIC card in the mail in 7-10 days. A vast majority of those who are not approved because of past criminal history apply for waivers, and many are granted them once it is determined they are not a security threat.
Another big concern of the subcommittee was a February visit of members from a Cuban delegation which included a tour of the USCG headquarters in Washington, D.C. At the time, Gimenez raised concerns about the tour and it was cancelled, but the rest of the scheduled activity continued. Gimenez noted that sanctions had been in place on members of that delegation since 2021, but they were still invited to tour our cybersecurity infrastructure. Arguin explained that the USCG has a responsibility to ensure port security and international norms, so they need reciprocity for those ports that are of interest to the USCG; they want to better understand the security measures of ports in Cuba and elsewhere so that they can effectively evaluate the security of U.S. ports when inbound ships have passed through foreign ports. After additional questioning from subcommittee ranking member Shri Thanedar (D-MI), Arguin assured that sensitive information can be safeguarded in this sharing of best practices. He continued to say that it would be irresponsible to stop these bilateral inspections of ports as we would not be afforded the opportunity to learn from others would also hinder USCG efforts to elevate security in other ports.
Cybersecurity continues to be a big concern at U.S. ports. While there are existing precautions in place, the work of CISA, USCG, and TSA will continue to be important in evaluating cybersecurity risks in a constantly changing world.