U.S. Customs and Border Protection (CBP) recently issued information to help the trade community better prepare for potential cyberattacks. CBP states that these attacks are expanding in complexity and frequency and can be used to disrupt supply chains.
According to CBP, customs brokers that suspect their systems have been targeted by a cyberattack should follow these steps:
- report the incident to CBP’s Security Operations Center as soon as possible and be prepared to share key details about the attack (cause, nature, scale and length of outage, etc.)
- report any known breach of electronic or physical records relating to the broker’s customs business, including any known compromised importer identification numbers, to the SOC within 72 hours
- Notify CBP headquarters via email
- notify your designated Supply Chain Security Specialist (SCSS) (if your company is a member of CTPAT)
- establish and maintain early and regular communications with affected ports of entry, CBP Centers of Excellence, and local partner government agency representatives as necessary
- notify clients, software providers, and/or other stakeholders whose cargo or systems may also be affected by the attack
CBP states that when a cybersecurity incident prevents a broker from electronically filing the required entry documentation and information to secure cargo release on behalf of its clients, CBP may authorize downtime, or alternative cargo release processes. However, CBP notes that PGA admissibility requirements still apply to shipments released on downtime and that entry filing deadlines are not affected or waived by any authorized downtime.
In addition, when a cyberattack prevents a broker from filing entry summary documentation and information, completing the deposit of estimated duties, taxes, and fees, and/or timely completing other post-release transactions on behalf of the broker’s clients, CBP may exercise discretion not to issue or enforce certain liquidated damages claims. However, post-summary corrections, protests, reconciliations for post-import refund claims under 19 USC 1520(d), and drawback are not included in CBP’s consideration for enforcement discretion.
For more information on these guidelines, please contact info@c-tpat.com