Ed Jones/AFP/Getty Images
A US Coast Guard ship sits near the United Nations headquarters in New York City on September 18, 2023.
CNN
—
The Biden administration on Wednesday will issue multiple cybersecurity directives aimed at shoring up vulnerabilities at US maritime ports that could be exploited by hackers and addressing security risks from Chinese-made cranes, according to senior US officials.
Administration officials also plan to invest more than $20 billion over the next five years in new port infrastructure, including cranes built in the US that officials say will present less of a cybersecurity and counterintelligence risk.
A new executive order from President Joe Biden will require US ships and port facilities to report cyberattacks, while giving the Coast Guard greater authority to inspect or control ships that “present a known or a suspected cyber threat,” Rear Adm. John Vann, head of the Coast Guard Cyber Command, told reporters in a call previewing the directives.
US officials are also making their most direct public statement yet on the security risks from Chinese-made cranes, which Vann said account for nearly 80% of the cranes used at US ports. The Coast Guard will impose new cybersecurity requirements on the operators of those cranes to mitigate the risk they pose, Vann said on the call.
The cranes can be controlled remotely, meaning that a hacker with access to the cranes’ networks could collect intelligence from ports or, in theory, even cause disruptions of equipment.
Any disruption to US maritime networks “has the potential to cause cascading impacts to our domestic or global supply chains,” Vann said.
There are more than 200 Chinese-made cranes at “US ports and regulated facilities,” according to Vann. Coast Guard cyber experts have done security assessments and hunted for malicious cyber activity on 92, or less than half, of those cranes, he said.
The new maritime policies were many months in the making, but they come on the heels of congressional testimony from FBI Director Christopher Wray that Chinese hackers are “preparing to wreak havoc” on US critical infrastructure.
Chinese hackers have burrowed into US maritime networks, energy companies and other key American infrastructure, according to Wray and other US officials, and are lying in wait to potentially cause disruptions in the event of a US-China crisis. Among the targets of the hacking was US critical infrastructure in Guam, and the Coast Guard has been on the frontlines of response to the digital intrusions.
China has strongly denied the allegations and has accused the US of conducting its own hacking campaigns against China.
The new directives are also aimed at protecting a key artery of the economy. US maritime ports generate trillions of dollars in economy activity each year, according to experts.
“A cyberattack can cause just as much, if not more, damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology at the White House.
Suspected foreign government-backed hackers in August 2021 breached a computer network at the Port of Houston, one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard advisory previously obtained by CNN. The advisory did not identify the foreign government.
This story has been updating with additional information.