U.S Coast Guard Warns Of Cyber Risks From Chinese Cranes Used In American Ports

The U.S. Coast Guard has issued a new cybersecurity directive, warning about serious risks with Chinese-made ship-to-shore (STS) cranes used in American ports.

These cranes handle nearly 80% of container operations in the U.S. and have remote access features that could be misused, threatening national security.

The latest directive, MARSEC 105-5, was released on November 13, 2024. It builds on a similar notice from February after President Joe Biden ordered that additional measures are required to protect U.S. ports from cyber threats linked to China.

The Coast Guard said, “These cranes may be controlled, serviced, and programmed from remote locations, which could leave them open to attacks.”

Port operators must contact their local Coast Guard office to get a copy of the new rules, which are not shared publicly due to security concerns.

The Coast Guard worked with other agencies, including the Department of Defense and the Cybersecurity and Infrastructure Security Agency (CISA), to establish the revised guidelines.

Concerns have been growing for some time. Earlier this year, reports surfaced that suspicious modems were found on some cranes, raising fears of spying.

A congressional investigation found a “pattern of suspicious device installations,” suggesting the cranes could be used to interfere with port operations.

In response, the Biden administration imposed a 25% tariff on Chinese-made cranes for orders placed after May 2024, although some exceptions were made.

The American Ports Association has criticised the move, saying it raises costs without offering clear alternatives.

The Department of Homeland Security and CISA launched a new cybersecurity training platform for port operators to improve security.

However, a recent report from DHS found that only 36% of private operators have used Coast Guard cybersecurity services, leaving many ports at risk.

References: Industrial Cyber, Info Risk Today