Biden Admin Earmarks $20B to Mitigate US Port Cybersecurity Risks

The Biden administration is seeking to crack down on potential cyberattacks on U.S. ports, with the White House planning a $20 billion investment to bolster port security initiatives over the next five years.

A major part of the investment will focus on the domestic manufacturing of cargo cranes, as roughly 80 percent of ship-to-shore cranes at U.S. ports are manufactured in China. The investment also comes with a U.S. Coast Guard directive to mandate certain digital security requirements for China-built cranes deployed at strategic ports.

More from Sourcing Journal

• Florida Pol Wants to Squash Shein IPO Pending More Disclosures

• China 'Doubling Down' on Uyghur Forced Labor Transfers Outside Xinjiang

• California Class Action Suit Alleges Port Employers Shafted Workers Out of Sick Pay

The specific requirements are “deemed sensitive security information and cannot be shared publicly,” said Rear Admiral Jay Vann, commander of the U.S. Coast Guard Cyber Command, in a Tuesday press briefing.

The administration has shared concerns that cranes made by a Chinese, state-owned company—as well as the software powering them—could present an espionage and disruption risk to American port and shipping operations.

“By design, these cranes may be controlled, serviced and programmed from remote locations,” said Admiral Vann. “These features potentially leave [China]-manufactured cranes vulnerable to exploitation.”

Admiral Vann said there are more than 200 China-manufactured cranes operating across U.S. ports and regulated facilities, with the Coast Guard’s cyber protection teams having assessed 92 of them for threats.

Paceco, a U.S.-based subsidiary of Japanese crane and shipping equipment manufacturer Mitsui, will be tasked with building the new cranes. This marks the first time in 30 years these cranes would be built domestically, the White House briefing said.

The $20 billion investment will be made available through the $1 trillion bipartisan infrastructure bill passed in 2021.

The investment is just one part of wider actions taken by the administration, including an executive order signed by President Biden Wednesday, which expanded the power of the Department of Homeland Security to set baseline cybersecurity standards for computer networks that operate U.S. ports. The executive order will also require ports and vessels to report cyberattack incidents.

“Most critical infrastructure owners and operators have a list of safety regulations they have to comply with, and we want to ensure that there are similar requirements for cyber, when a cyberattack can cause just as much, if not more, damage than a storm or another physical threat,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies at the White House.

Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure, and be able to inspect those vessels and facilities that pose a threat to cybersecurity.

The National Retail Federation (NRF) is closely reviewing the executive order announcement, according to Jonathan Gold, the trade association’s vice president of supply chain and customs Policy.

“We applaud the Biden administration for its efforts to bolster cybersecurity at U.S. ports. As the global supply chain continues to face ongoing threats and disruption from hostile actors, it is important that proactive measures are taken to reinforce the physical infrastructure, as well as the technology systems that manage it,” Gold told Sourcing Journal. “We have seen the impacts from previous cyberattacks on supply chain stakeholders that have led to significant disruptions. It is critical that we safeguard our ports and the equipment used, with systems in place to ensure quick recovery should a cyberattack occur.”

Impacts stemming from such an attack could be vast. The U.S. Marine Transportation System, which comprises the nation’s ports, vessels and waterways, employs roughly 31 million people and contributes $5.4 trillion to the economy.

There is precedent to the concerns of a cyberattack at a major U.S. port.

In August 2021, suspected foreign government-backed hackers breached a computer network at Port Houston. The breach was detected early, which prevented any operational disruptions. Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly revealed to a Senate committee a month later that the organization believed a “nation-state actor” was to blame for the attack, but the origin was never publicly revealed.

Overseas, a cyber incident forced one of Australia’s largest port operators, DP World Australia, to suspend operations for three days.

The Biden administration has sought to bolster national supply chain operations through various initiatives, launching the White House Council on Supply Chain Resilience last year in the wake of Covid-era supply chain congestion.

A year prior, the White House debuted the Freight Logistics Optimization Works (FLOW) information sharing initiative in an effort to bring stakeholders together to solve supply chain concerns and overcome coordination challenges.