The Department of Transportation (DoT) has raised concerns regarding the potential threat posed by Chinese vendors to the infrastructure of US ports. In response to this, the White House has taken action by issuing an executive order aimed at enhancing cybersecurity measures for ports across the country.
The maritime industry has faced various challenges in recent months, including life-threatening attacks by Houthi rebels in the Red Sea and an increase in cyberattacks targeting maritime companies for espionage and disruption. The DoT’s Maritime Advisory 2024-002 and the White House’s port security initiative seek to address these evolving threats and protect US borders from potential cybersecurity risks.
According to the DoT, foreign manufacturers, particularly those from China, present both IT- and OT-related threats to the US maritime sector. The department has identified specific Chinese port technologies, including the National Public Information Platform for Transportation and Logistics (Logink) developed by the Chinese Ministry of Transport, security scanners from Nuctech, and ship-to-shore cranes manufactured by Shanghai Zhenhua Heavy Industries Company Limited (ZPMC).
Logink is a logistics management platform that aggregates data between global ports, shipping companies, and related entities. The Chinese government has been promoting the widespread use of Logink, which the DoT believes could provide the People’s Republic of China with access to sensitive logistics data. Nuctech, a state-controlled manufacturer of security inspection equipment, has been added to the US Department of Commerce’s trade restriction list due to concerns about its lower-performing equipment and potential risks related to cargo screening. The DoT also highlighted vulnerabilities in ship-to-shore cranes manufactured by ZPMC, expressing concerns about potential exploitation due to their remote control and programming capabilities.
In response to these concerns, the White House’s executive order includes measures to strengthen cybersecurity at US ports. It mandates the reporting of any cyber incidents or threats affecting harbors, vessels, ports, or waterfront facilities and grants the US Coast Guard new authority to respond to cybersecurity incidents. The order also calls for the development of minimum cybersecurity requirements for the maritime industry and outlines risk management actions for addressing potential threats posed by Chinese cranes.
Additionally, the government plans to invest $20 billion in port infrastructure over the next five years, with a focus on funding domestic crane production. While these measures are expected to address infrastructure-related cybersecurity risks, some experts believe that the focus should also extend to safeguarding the business operations of ports and maritime companies.
Ravi Srinivasan, CEO of Votiro, emphasized that while the executive order addresses critical infrastructure concerns, it should also consider the vulnerability of business operations to cyberattacks. He highlighted the interconnected nature of logistics platforms and the potential for bad actors to exploit content and disrupt business operations within the maritime industry.
Srinivasan noted that the resources allocated through the executive order will help prioritize the implementation of infrastructure security measures, especially in light of the challenges faced by businesses during the pandemic. The heightened focus on enhancing cybersecurity at US ports reflects the ongoing efforts to protect critical infrastructure and mitigate the evolving threats posed by foreign manufacturers and cyber adversaries.