International Trade Today is a Warren News publication.

CBP Expanding Partnership With HSI on Cyberattacks

FORT LAUDERDALE -- CBP is expanding its partnership with the Homeland Security Investigations Cyber Crimes Unit, and is including large brokers and software developers in the effort to use "these HSI resources to help identify cyber attacks before they happen, said Shari McCann, director of commercial operations for CBP's Office of Trade.

Sign up for a free preview to unlock the rest of this article

If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.

CBP invited the top Customs Trade Partnership Against Terrorism customs brokers by volume to participate, as well as software developers, and has 10 participants in the effort so far, as well as seven other companies that are interested, she said at the National Customs Brokers & Forwarders Association of America annual conference April 17.

Both prior to and since the partnership began, "HSI has been able to get to" companies that are victims of cyber attacks and have them bring their systems down "so that the impact of the cyber attack was not as severe as it would have been otherwise. So that's a significant effort in the works."

McCann noted that the incidence of cyber attacks on the trade community has been increasing. In FY 2022, two large brokers were "hit with significant cyber attacks," followed by "12 cyber attacks on our trade partners" in 2023, she said. In FY 2024 to date, there have been "seven cyber attacks on our trading partners."

"While the scope has varied in each incident -- every incident has been absolutely different and individual -- I think it's safe to say that the government and industry have had far more far-reaching impacts from each of the incidents than expected," McCann said. "They've all been learning experiences for CBP and for the trade community."

CBP recently issued two recent guidance documents, one on "indicators of compromise," or forensic evidence on a computer or network that indicates the security of the network has been breached, and one on broker cybersecurity incident procedures (see 2403130041), McCann said. The incident procedures document is a "living document" and CBP is working with the Commercial Customs Operations Advisory Committee to review the document.

CBP has held two tabletop exercises for cybersecurity incidents, the first focused on brokers, the second on carriers, McCann said. CBP potentially will look to expand tabletop exercises to other areas such as outbound and anywhere that CBP is "interchanging data," such as the Automated Export System or other platforms, said panelist Brad Slutsky, director CBP's Cargo Security and Controls Division.

The agency also is reviewing communication procedures, including entry and post-entry aspects, Slutsky said, as well as its IT infrastructure and its potential impact on brokers' systems and how they are interconnected to CBP systems, he said.