The federal government is moving to protect the nation's ports against foreign cybersecurity attacks.
President Joe Biden signed an executive order Wednesday to strengthen cybersecurity in the American ports system and to begin domestically manufacturing the port cranes used to move cargo from ships to the shore. Pentagon officials claim Chinese crane manufacturers could use cranes in 80% of the nation's ports to spy on the U.S. The Port of Wilmington’s cranes are among the hundreds manufactured by one Chinese firm under scrutiny.
The federal government plans to pour $20 billion into reshoring the manufacturing of port cranes over the next five years, according to a White House press conference held Tuesday. Bringing crane manufacturing back into the U.S. and replacing existing Chinese-made cranes could lessen the risk of a national security breach, according to Biden administration officials.
The Port of Wilmington’s cranes are manufactured by Chinese company Shanghai Zhenhua Heavy Industries Co. (ZPMC), said a North Carolina State Ports Authority spokesperson. The port's software is from Sweden-based company ABB. According to the spokesperson, the Coast Guard recently conducted a vulnerability assessment on the hardware and software of cranes at the Port of Wilmington over the summer.
“We take cybersecurity very seriously at NC Ports and continue to work with federal partners to ensure we are doing our part to protect and secure our infrastructure and operations,” the spokesperson said.
An early 2023
report from the Department of Homeland Security on port cybersecurity found physical infrastructure like cranes could be used as an entry point for cyberattacks.
“Physical-cyber infrastructure, such as port operational equipment, may provide attackers opportunities to conduct cyberattacks that physically disrupt port operations if vulnerabilities are found,” the report states.
For months, national security officials have raised concerns about cranes manufactured by ZPMC. The company makes the Port of Wilmington’s cranes along with cranes used by at least 14 other U.S. ports, according to DHS, including the Ports of Charleston and Tacoma, Washington.
The DHS report uses ZPMC as a case study, finding that Pentagon officials reviewed vulnerabilities linked to ZPMC cranes and showed concern about the potential for remote access and control of the cranes to disrupt U.S. logistical operations. The Wall Street Journal published an article in March 2023 detailing the Pentagon’s apprehension to the machinery, comparing ZPMC cranes to a
"Trojan horse.”
The American Association of Port Authorities has repeatedly stated there is no evidence of cranes being used to harm or track port operations.
“Like other U.S. ports, we will continue to collaborate with our federal partners to comply with any new cybersecurity requirements that are rolled out with this new executive order,” the NC Ports spokesperson said.
Biden’s executive order will boost the Department of National Security’s authority to directly address maritime cyber threats, which gives the U.S. Coast Guard the ability to control the movement of vessels presenting cyber threats. The Coast Guard may also issue a notice of new cybersecurity minimum requirements, White House officials said in a press conference.
The $20 billion will go toward port infrastructure, including a plan with Paceco Corp., an American subsidiary of Japanese Mitsui E&S, Ltd., to reshore U.S. manufacturing of crane production for the first time in 30 years, according to the White House release.