31 May 2023Article
US Customs announce guidelines to improve cybersecurity

US Customs and Border Protection releases latest guidelines for Customs Brokers to help prevent, and better respond to, cyber-attacks

With a cyber-attack occurring every 11 seconds, it's important to take online security seriously. The U.S. Customs and Border Protection (CBP) has reviewed the number of cyber-attacks against the trade community in recent years and found that four companies were impacted by cyber attacks, having a ripple effect in the trade community resulting in $60 billion in lost revenue. As a result, CBP has released new guidelines for Customs Brokers to help prevent and better respond to cyber-attacks.

As part of the new guidelines, CBP has introduced four pillars to ensure Customs Brokers are well equipped to prevent, control and respond to cyber threats.

The four pillars set forth by CBP are:

Prevent & Protect: Cybersecurity planning and risk management


Ensure that your company has initiated or completed cybersecurity policies and procedures to protect your IT systems from cyber-attacks. The National Institute of Standards and Technology (NIST) has created a Cybersecurity Framework for Brokers to use as a guideline and implement the proper program/policies that relates to their business. It doesn’t just involve implementing a program, it must be continuously updated, reviewed, and validated to ensure the proper IT controls in place. If you are using a 3rd party system to support your brokerage operations, it is important to have an up-to-date Interconnection Security Agreement (ISA) with your vendors. This, on top of other measures, protects your data.

Communicate: Initial notification and ongoing stakeholder coordination


In the event of an attack, you must immediately notify CBP’s Security Operations and reach out to all your clients to inform them of the situation. It will be in the best interest of your company and clients to communicate with CBP immediately to avoid unnecessary consequences. Brokers must report any breach of records relating to Customs business no later than 72 hours as required under 19 CFR 111.21(b).

Respond: Maintain movement of lawful cargo while managing risk


You do not need to halt all business completely, as CBP will support with providing downtime procedures to enforce while your systems are being reviewed post-attack. The downtime provides the lawful movement of cargo to manage and further exposure or risk to the business and your clients. Where appropriate and legally permissible, CBP will also work with the broker to make accommodations for post-release procedures.

Record: Reconnect system and work to resume business


As CBP will remove your system connection to ACE, you as the broker must provide evidence of updates and removals from the IT systems before being reconnected to ACE. Brokers must also ensure that they have kept full records of the entries during a cyber attack and be able to input that data into ACE for CBP to process once access is restored. Best practice for brokers is to ensure you can access your entries if your systems go down - A physical copy of current entries or a local server that is not connected to the IT Systems.

Protecting your digital presence

Woodland takes cyber security very seriously, it is of paramount importance to us that our customers’ data is protected, as well as our own and everyone whom we interact with.

As digital capabilities have evolved, Woodland has continued its investment into IT systems and internal policies to ensure high levels of security are maintained in line with best practice. We have implemented bespoke-built systems to keep information protected, and collaborate with security partners to identify and mitigate potential risks to our customers’ data and businesses.

“We are aware of the ever-evolving threat landscape and the importance of staying ahead of potential risks. Our commitment to cyber security is unwavering, and we will continue to take all necessary steps to protect our customers, teams, suppliers, and communities.” commented Jason Theobald, IT and Systems Development Manager.

Contributor - Emily Cori, US Compliance Manager

If you have any questions about US customs or the cybersecurity updates, please reach out below:

You may also like:
New customs requirements on Ireland to Great Britain movements from 2024
US Government Shutdown - Supply Chain Impact