Biden Executive Order Aims to Strengthen US Port Cybersecurity

The federal government fears that China-made equipment like cranes could be easy targets for cyber attacks.

Photo of cargo cranes in a harbor
Photo by Maximilian Ruther via Pexels

Sign up for smart news, insights, and analysis on the biggest financial stories of the day.

The Internet of Things is like Berlin in the Cold War: filthy with spies. Or at least that’s what’s spooking the White House. 

On Wednesday, President Joe Biden signed an executive order allocating $20 billion to invest in the domestic production of cargo cranes, amid fears that China-built equipment currently employed at major US ports could be hacked or tampered with. 

Settle it in Port

The threat posed by China-made shipping infrastructure has been a major blinking light on the national security community’s radar since at least a year ago, according to a Wall Street Journal investigation published last March featuring several counter-intelligence officials voicing grave concerns. Red flags have been furiously waved over the ubiquity of ship-to-shore cranes produced by state-owned Chinese company ZPMC, which are in use at 80% of US ports, officials say. The cranes are designed for remote operation and also feature sophisticated sensor technology that can track the origin or destination of cargo, possibly exposing valuable information.

Officials, it should be noted, have declined to say whether there’s any evidence of nefarious or suspicious activity at any US port. But if legislators fear Beijing’s theoretical grip on TikTok, you best believe there are concerns that China could compromise or control critical supply chains. Which is why Wednesday’s executive order takes a two-pronged approach to fortifying US ports against cyber attacks:

  • Among the actions is a US Coast Guard directive to mandate digital-security standards at strategic ports, as well as implementing cybersecurity standards on all computer networks within US ports.
  • The executive order also includes $20 billion — tapped from 2021’s $1.2 trillion bipartisan infrastructure bill as well as from the 2022 Inflation Reduction Act — to improve port security and bolster domestic crane production, with a US subsidiary of Japan-based Mitsui granted funds to produce the first domestically built cranes in 30 years.

“We felt there was real strategic risk here,” Anne Neuberger, US deputy national security adviser for cyber and emerging technology, told the WSJ. “These cranes, because they are essentially moving the large-scale containers in and out of port, if they were encrypted in a criminal attack, or rented or operated by an adversary, that could have real impact on our economy’s movement of goods and our military’s movement of goods through ports.”

FBI-Spy a Threat: The executive order can’t come soon enough for FBI Director Christopher Wray, who warned at the Munich Security Conference last weekend that Chinese cyber espionage had reached a “fever pitch.” Earlier this month, the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency released an intelligence report warning that China-backed hacker network Volt Typhoon has had access to some critical infrastructure for “at least five years.” In other words: there’s never a bad time to listen to your IT guy and finally set up two-factor authorization on your email.