Shoring Up Ports to Withstand Cyberattacks

An advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that, in some cases, hackers with the group known as Volt Typhoon had been hiding in some computer networks and systems for “at least five years.”

What we’ve found to date is likely the tip of the iceberg,” CISA Director Jen Easterly said in a statement at the time.

To combat the danger with Chinese-made cranes at U.S. ports, the Coast Guard is issuing a security directive that “will impose a number of cybersecurity requirements on the owners and operators of PRC-manufactured cranes,” Vann said.

Details of what the directive entails, though, are being kept quiet, with the Coast Guard set to work directly with the owners and operators of the Chinese-made cranes to ensure compliance.

At the same time, the White House announced plans to start weaning U.S. ports off Chinese-made equipment, announcing a $20 billion investment aimed at spurring U.S. production of ship-to-shore cranes for the first time in 30 years.

Officials said talks are already underway with PACECO Corporation, a U.S. subsidiary of Japan’s Mitsui E&S.

China has repeatedly denied U.S. accusations about its weaponization of cyberspace. And on Wednesday, it labeled concerns about Chinese-made cranes as “entirely paranoia.”

We firmly oppose the U.S. overstretching the concept of national security and abusing national power to obstruct normal economic and trade cooperation between China and the U.S.,” said Liu Pengyu, spokesperson for the Chinese Embassy in Washington, in an email to VOA.

Playing the ‘China card’ and floating the ‘China threat’ theory is irresponsible and will harm the interests of the U.S. itself,” Liu added.

U.S. officials, however, have said that the security directive targeting the Chinese-made cranes was issued following threat assessments by U.S. Coast Guard on 92 of the cranes currently in operation in the U.S.

U.S. officials also caution that while there are substantial concerns about China, the risk of cyberattacks from other entities, including criminal gangs, is also substantial. In particular, officials referenced the June 2023 cyberattack that shut down the Japanese port of Nagoya for more than two days.

The cybersecurity measures aimed at securing U.S. ports are just the latest in a wave of reforms aimed at protecting critical U.S. infrastructure.

This past March, the U.S. implemented changes to protect drinking water and sewer systems from cyberattacks.

Security measures for pipeline owners and operators went into effect in July 2022. And U.S. Homeland Security officials rolled out cybersecurity measures for rail and air transportation in October 2021.

Jeff Seldin is VOA national security reporter.  This article is published courtesy of the Voice of America (VOA).