Introduction
The U.S. Coast Guard has taken a significant step in addressing the cybersecurity risks associated with Chinese-made ship-to-shore (STS) cranes, which make up 80% of all cranes operating across the nation's ports. The new cyber risk management requirements, outlined in the Maritime Security directive, are designed to mitigate potential vulnerabilities and protect the maritime elements of the national transportation system.
Background
The concerns over Chinese-made STS cranes have been escalating in recent years, with lawmakers and government agencies expressing worries about their potential use as a "Trojan horse" for manipulating the U.S. maritime infrastructure. Intelligence-gathering equipment has been found near or on these cranes upon arrival at various ports, including the Port of Baltimore.
A report by the House Homeland Security Committee and House Select Committee on China highlighted that some STS cranes have installed cellular modems without any record of installation, raising further concerns about their security. The committee also noted repeated attempts by the crane maker to remotely access its cranes operating at U.S. ports, with a focus on West Coast ports.
New Cyber Requirements
The new cyber requirements, as outlined in the Maritime Security directive, give the U.S. Coast Guard express authority to respond to malicious cyber activity in the nation's Maritime Transportation System. This includes requiring vessels and waterfront facilities to mitigate cyber conditions that may endanger the safety of a vessel, facility, or harbor.
Additionally, the White House has instituted mandatory reporting of cyber incidents that pose risks to vessels, ports, or waterfront facilities. This enhanced cybersecurity framework aims to protect the nation's maritime infrastructure from potential threats.
Coast Guard Reserves Units
The U.S. Coast Guard has taken further steps to strengthen its cybersecurity capabilities by standing up two cyber-focused reserve units. The 1941 Cyber Protection Team will support active duty teams in securing the Marine Transportation System, while the Reserve Unit U.S. Cyber Command will assist with cyber threats posed to systems and networks critical to the Coast Guard and U.S. maritime operations.
House Committee Response
The Republican-controlled House Homeland Security Committee and House Select Committee on China responded to these new requirements by stating that they are an important step forward, but that the findings in their report should be a "wake-up call" for the federal government and the threats posed to the maritime infrastructure.
Conclusion
The implementation of new cyber risk management requirements for Chinese-made STS cranes is a significant step towards protecting the nation's maritime infrastructure from potential cybersecurity threats. The U.S. Coast Guard's enhanced cybersecurity framework, combined with the establishment of cyber-focused reserve units, demonstrates its commitment to safeguarding the Marine Transportation System and critical networks.