DoT, White House tackle the Chinese threat to U.S. Port Security
The Department of Transportation (DoT) issued a warning today about the threat of Chinese vendors to US port infrastructure. At the same time, the White House issued an executive order aimed at bolstering port cybersecurity.
February 21, 2024
The Department of Transportation (DoT) issued a warning today about the threat of Chinese vendors to US port infrastructure. At the same time, the White House issued an executive order aimed at bolstering port cybersecurity.
Threats to the worldwide maritime industry have evolved significantly in recent months. In the Red Sea, cargo ships and their crews have faced life-threatening attacks by Houthi rebels. In cyberspace, meanwhile, maritime companies have been subject to increased attacks aimed at espionage and disruption. The DoT’s Maritime Advisory 2024-002 and the White House’s latest port security initiative aim to keep the latter problem, at least, as far from US borders as possible.
“It’s got the right lens in terms of: How do you ensure that operational infrastructure doesn’t get disrupted by cyberattacks?” says Ravi Srinivasan, CEO of Votiro. However, he adds, “the next step we would love to see is a similar focus on the disruption that can happen to the business operations of these ports.”
DoT Cites Chinese Threats to US Ports
According to the DoT, foreign manufacturers pose both IT- and OT-related threats to the US maritime sector.
In particular, the department highlighted three popular Chinese port technologies: the Chinese Ministry of Transport-developed National Public Information Platform for Transportation and Logistics (Logink), scanners from the state-owned company Nuctech, and cranes built by Shanghai Zhenhua Heavy Industries Company Limited (ZPMC).
Logink is a logistics management platform that aggregates data between global ports, shipping companies, and related entities. The Chinese government has been promoting its widespread use and counts at least two dozen global ports under its umbrella. As the DoT explained, Logink “can collect massive amounts of sensitive business and foreign government data,” and it “very likely provides the PRC access to and/or collection of sensitive logistics data.”
Then there’s Nuctech, a state-controlled manufacturer of security inspection equipment such as X-ray, thermal, radiation, and explosives detection. In 2020, the US Department of Commerce added Nuctech to its trade restriction list because its “lower performing equipment impair US efforts to counter illicit international trafficking in nuclear and other radioactive materials. Lower performing equipment means less stringent cargo screening, raising the risk of proliferation.”
Finally there’s ZPMC, the world’s largest ship-to-shore crane manufacturer. According to the DoT, “These cranes may, depending on their individual configurations, be controlled, serviced, and programmed from remote locations. These features potentially leave them vulnerable to exploitation.”
To read the complete article, visit Dark Reading.