CBP Releases Guidance for Brokers on Cybersecurity Plans and Procedures
CBP released a new “slick sheet” April 10 with guidance for customs brokers on what to do when faced with cybersecurity incidents. “The new resource makes recommendations on how to prevent, respond to, and recover from potential cyber-attacks on customs broker data systems, from proactively putting in place plans and preventative IT controls to resuming normal business operations upon system remediation,” CBP said in a news release.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Beyond implementing cybersecurity measures and policies, brokers should maintain an up-to-date interconnection security agreement with CBP if they directly transmit data to ACE, with updates at least every three years to “equip CBP with accurate information on company systems and broker contacts, allowing for streamlined coordination during a cyber incident.” Brokers also should have a plan in place to verify clients’ partner government agency (PGA) requirements without system access. “ACE reports and similar reporting from PGAs may help,” CBP said.
If an incident occurs, the broker should immediately notify CBP’s Security Operations Center. The broker should “be prepared to provide the SOC with details on the time of incident, involved parties, cause, impact, whether any personally identifiable information was exposed, and any known indicators of compromise." Brokers should also communicate with their CBP client representatives and relevant PGAs and reach out to importer clients and coordinate with CBP headquarters to align messaging, holding “frequent calls with CBP HQ and PGA contacts to provide ongoing status updates,” the agency said.
CBP reminded brokers that, under recent changes to the broker regulations, any breach of records must be reported no later than 72 hours after the incident.
To maintain the movement of cargo during the incident, brokers should contact CBP’s Office of Field Operations at the headquarters level “to request assistance and ensure broker’s downtime procedures are compliant with CBP requirements,” the guidance said. “CBP may be able to work with brokers to implement downtime procedures, providing flexibility to maintain the facilitation of lawful trade and release of cargo while systems are down,” it said.
The broker should provide a downtime letter documenting each entry with entry numbers and other required data. Brokers should also be prepared to “provide copies of appropriate documents for manual review,” the guidance said. “Where appropriate and legally permissible, CBP will also work with the broker to make accommodations for post-release procedures,” the agency said.
Other downtimes tips and best practices listed in the guidance document include having an offline continuity plan, “including a reserve of entry numbers to use,” as well as a plan to fulfill PGA requirements, including hard copy PGA forms alongside the commercial invoice and documentation of product specifics. Brokers also should “maintain frequent communication with government stakeholders until the cyber incident has been remediated and business has resumed,” the guidance said. “Remember that clearance of merchandise can be provisional in nature. Requests for redelivery are possible,” CBP said.
Finally, once an incident is over, brokers “must provide evidence of system remediation before CBP will authorize reconnection to ACE,” the guidance said. Brokers are also “required to keep a full accounting of entries during cyber incidents and input that data into ACE for CBP processing,” it said.
The guidance is “part of a broader CBP supply chain resiliency focus and reflects insights gathered from recent cyber-attacks and a tabletop exercise CBP held this February in Washington, D.C.,” CBP said in the news release. “That event brought together representatives from CBP, partner government agencies, and licensed customs brokers to test the customs environment’s existing cyber security guidance and identify opportunities to improve supply chain resiliency.”
CBP also is in the process of “developing more detailed cyber-attack guidance” that the agency will post on its website, the news release said.