This post first appeared on Federal News Network. Read the original article.
The Coast Guard has new cyber risk management requirements for Chinese-made ship-to-shore cranes, signaling increased concerns over security risks posed by these cranes.
The Maritime Security directive, released last week, builds upon a mandate from February — the public notice doesn’t disclose specifics of the new requirements as the directive contains security-sensitive information.
Chinese-made ship-to-shore cranes make up 80% of all cranes operating across the U.S. ports, and these cranes can be “controlled, serviced, and programmed from remote locations, and those features potentially leave STS cranes vulnerable to exploitation, threatening the maritime elements of the national transportation system,” according to the notice.
The notice instructs all owners and operators of Chinese-made cranes to contact their local captain of the port or district commander to get a copy of the directive.
The directive was developed in consultation with the Department of Homeland Security, the Defense Department, and the Cybersecurity and Infrastructure Security Agency.
The Republican-controlled House Homeland Security Committee and House Select Committee on China flagged similar risks, saying these cranes can be a “Trojan horse,” giving China the ability to manipulate the U.S. maritime infrastructure.
Concerns over the security of Chinese-made cranes escalated when the Federal Bureau of Investigation found intelligence-gathering equipment near or on these cranes upon their arrival at the Port of Baltimore.
The Committee’s report, released in September, also identified that some cranes have installed cellular modems with no record of installation — installed equipment is not documented in any existing contract between U.S. ports and ZPMC, the Chinese crane maker.
Lawmakers in their report also said the crane maker has made repeated attempts to remotely access its cranes operating at various U.S. ports, with a focus on the West Coast ports.
The Biden Administration responded to these security threats by giving the Department of Homeland Security the authority to address cyber threats in the Maritime Transportation System.
“Now, the U.S. Coast Guard will have the express authority to respond to malicious cyber activity in the nation’s Maritime Transportation System by requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbor,” the executive order released in February states.
The White House also instituted mandatory reporting of cyber incidents that pose risks to vessels, ports, or waterfront facilities.
House lawmakers said the findings in their recently issued report should be a “wake-up call” for the federal government and the threats posed to the maritime infrastructure.
“While the Biden administration’s executive orders on maritime security are an important step forward, our investigation proves immense damage may have already been done,” the Committee said in a statement.
Last month, the Coast Guard officially stood up its first two cyber-focused reserve units designed to protect the Marine Transportation System and the Coast Guard’s own networks from cyber threats, a significant step in strengthening the service’s cybersecurity capabilities.
The 1941 Cyber Protection Team will support the Coast Guard’s active duty teams in securing the Marine Transportation System through threat hunting, incident response, and conducting assessments.
And the Coast Guard Reserve Unit U.S. Cyber Command will assist with cyber threats posed to systems and networks critical to the Coast Guard and U.S. maritime operations.
The post Coast Guard adds new cyber requirements for ship-to-shore cranes first appeared on Federal News Network.