The White House is moving forward with reforms aimed at shoring up cybersecurity at U.S. ports, some of which may already be in danger of falling under the sway of hackers linked to China.
President Joe Biden issued an executive order Wednesday assigning responsibility for cybersecurity at ports and other maritime facilities to the U.S. Coast Guard, with the goal of making sure minimum security requirements are put in place as quickly as possible.
The order also will allow the Coast Guard to conduct cyber safety inspections of facilities and ships, and even limit the movement of vessels suspected of posing a cyber threat to U.S. ports.
The changes also call for mandatory reporting of cyberattacks on maritime facilities.
"The continuity of their [U.S. ports] operations has a clear and direct impact on the success of our country, our economy and our national security," White House Deputy National Security Adviser Anne Neuberger told reporters. "A cyberattack can cause just as much, if not more, damage than a storm or another physical threat."
There are more than 300 ports in the United States, employing an estimated 31 million Americans. U.S. officials say those ports contribute about $5.4 trillion to the country's economy while serving as the main points of entry for cargo from around the world.
"Any disruption to the MTS [Marine Transportation System], whether manmade or natural, physical or in cyberspace, has the potential to cause cascading impacts to our domestic or global supply chains," said Rear Admiral John Vann, commander of the Coast Guard Cyber Command.
The executive order, Vann said, provides the Coast Guard "with clear authority to take action in the face of cyber threats."
Already, U.S. officials have sounded alarms about more than 200 Chinese-made ship-to-shore cranes, used in loading and unloading cargo at ports and maritime facilities across the U.S.
"By design, these cranes may be controlled, serviced and programed from remote locations," Vann said, calling them "vulnerable to exploitation."
Previously, The Wall Street Journal reported that U.S. defense officials expressed concerns that the cranes could be used by China to spy on materials being shipped into and out of the U.S.
But those concerns have only grown as U.S. law enforcement and cybersecurity officials have warned repeatedly in recent weeks that China-linked hackers have been lurking in critical systems and computer networks across the country, poised to strike if Beijing gives the order.
An advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that, in some cases, hackers with the group known as Volt Typhoon had been hiding in some computer networks and systems for "at least five years."
"What we've found to date is likely the tip of the iceberg," CISA Director Jen Easterly said in a statement at the time.
To combat the danger with Chinese-made cranes at U.S. ports, the Coast Guard is issuing a security directive that "will impose a number of cybersecurity requirements on the owners and operators of PRC-manufactured cranes," Vann said.
Details of what the directive entails, though, are being kept quiet, with the Coast Guard set to work directly with the owners and operators of the Chinese-made cranes to ensure compliance.
At the same time, the White House announced plans to start weaning U.S. ports off Chinese-made equipment, announcing a $20 billion investment aimed at spurring U.S. production of ship-to-shore cranes for the first time in 30 years.
Officials said talks are already underway with PACECO Corporation, a U.S. subsidiary of Japan's Mitsui E&S.
China has repeatedly denied U.S. accusations about its weaponization of cyberspace. And on Wednesday, it labeled concerns about Chinese-made cranes as "entirely paranoia."
"We firmly oppose the U.S. overstretching the concept of national security and abusing national power to obstruct normal economic and trade cooperation between China and the U.S.," said Liu Pengyu, spokesperson for the Chinese Embassy in Washington, in an email to VOA.
"Playing the 'China card' and floating the 'China threat' theory is irresponsible and will harm the interests of the U.S. itself," Liu added.
U.S. officials, however, have said that the security directive targeting the Chinese-made cranes was issued following threat assessments by U.S. Coast Guard on 92 of the cranes currently in operation in the U.S.
U.S. officials also caution that while there are substantial concerns about China, the risk of cyberattacks from other entities, including criminal gangs, is also substantial. In particular, officials referenced the June 2023 cyberattack that shut down the Japanese port of Nagoya for more than two days.
The cybersecurity measures aimed at securing U.S. ports are just the latest in a wave of reforms aimed at protecting critical U.S. infrastructure.
This past March, the U.S. implemented changes to protect drinking water and sewer systems from cyberattacks.
Security measures for pipeline owners and operators went into effect in July 2022. And U.S. Homeland Security officials rolled out cybersecurity measures for rail and air transportation in October 2021.