21 February 2024 (Lloyd's List) - THE BIDEN-HARRIS administration has announced plans to bolster cyber security in US ports amid rising concerns that malicious actors could wreak havoc on US supply chains.

President Joe Biden plans to sign an executive order that will expand the US Coast Guard’s authority to respond to cyber incidents, mandate reporting of such incidents and require vessels and waterfront facilities to improve their defences against online threats, the White House said in a statement.

Under its expanded mandate, the coastguard will have authority to control the movement of vessels that may pose a cyber threat to US maritime infrastructure, and inspect vessels and facilities that pose such a threat.

The White House also said it plans to restore domestic manufacturing of cranes amid warnings of risks posed by those manufactured in China.

An upcoming Maritime Security Directive by the US Coast Guard will address cyber risk management for Chinese manufactured ship-to-shore cranes and mandate action from their US operators.

“Owners and operators of these cranes must acknowledge the directive and take a series of actions on these cranes and associated Information Technology and Operational Technology systems,” the White House said.

The Maritime Administration (Marad) concurrently released an updated advisory alerting maritime stakeholders of risks posed by China-made systems, software, infrastructure and equipment.

“ZPMC (Shanghai Zhenhua Heavy Industries Company) maintains the largest share, by sales revenue, of the ship-to-shore crane market worldwide,” the agency said.

“These cranes may, depending on their individual configurations, be controlled, serviced and programmed from remote locations. These features potentially leave them vulnerable to exploitation.”

It also reiterated warnings associated with the use of the Chinese “state-supported” National Public Information Platform for Transportation and Logistics (LOGINK), and Nuctech scanners.

“The LOGINK logistics platform, which was first marketed outside of the PRC in 2010, was developed by the PRC Ministry of Transport,” Marad said.

“At least 24 global ports have co-operation agreements with LOGINK, which can collect massive amounts of sensitive business and foreign government data, such as corporate registries and vessel/cargo data.”

The White House said it will invest more than $20bn in port infrastructure over the next five years as part of Biden’s industrial policy agenda, which will support the domestic manufacturing of cranes.

“As a result, Paceco, a US-based subsidiary of Mitsui E&S (Japan), is planning to onshore US manufacturing capacity for its crane production,” the administration said.

“Pacrco intends to partner with other trusted manufacturing companies to bring port crane manufacturing capabilities back to the US for the first time in 30 years, pending final site and partner selection.”

In June, the US Coast Guard and Microsoft said a Chinese state-sponsored hacking Volt Typhoon had targeted US maritime networks and other critical infrastructure.

Volt Typhoon had been active for around two years and had targeted organisations in Guam and elsewhere in the US, Microsoft said at the time.