Federal officials: Local ports at risk of “spy cranes”
Feb 26, 2024, 3:41 PM | Updated: 6:32 pm
(Photo: Kate Stone)
Fears of “spy cranes” are brewing in ports in Western Washington and across the country as questions are raised over whether the Chinese-made equipment could be used in cyberattacks.
An executive order signed by President Joe Biden last week created a federal rule aimed at better securing the nation’s ports from potential cyberattacks. That includes the giant “super-post panamax” cranes used to lift and haul cargo off ships onto U.S. docks.
Approximately 80% of these cranes originate from China and are operated remotely. This remote control feature makes them susceptible to cyberattacks. Admiral John Vann, who leads the U.S. Coast Guard’s cyber command, has emphasized this vulnerability.
Other news: A new way to crack down on crime in the South Sound yields results
At the Port of Tacoma and Port of Seattle, those cranes are an integral part of marine cargo terminal operations, overseen by the Northwest Seaport Alliance (NWSA). Spokesperson Melanie Stambaugh said there are no plans to replace any of the equipment at this time.
“The NWSA currently has strong cybersecurity procedures in place, and we are evaluating new requirements against our existing security measures at our marine terminals. The published requirements at this time do not suggest we will have to replace any of our operating cranes,” Stambaugh said in a statement to KIRO Newsradio.
Stambaugh added there are currently no American-made cranes of that type available on the market.
Federal push to stop cyberattacks
Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.
As the threat continues to grow, the Biden administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Other news: Gunfire exchanged near Alderwood Mall in Lynnwood
The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.
Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure.
In 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. Colonial Pipeline paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Concerns over port security
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to ransomware or other brand of cyberattack, Neuberger said.
In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days. The Biden administration said an updated and standardized set of requirements is designed to help protect the United States against similar situations or any other type of criminal activity.
The new regulations require port operators to notify authorities when a cyberattack has victimized them. The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyberattacks.
The standards will be subject to a public comment period. Federal officials say they will apply to any port operator, and there will be enforcement actions for failing to comply, though the consequences were not specifically outlined.
In the meantime, overseers of local ports stand at the ready.
“We recognize guidelines are still emerging on this topic from the Biden Administration and subsequent maritime security organizations and we are tracking this matter closely,” said Stambaugh.
The Associated Press contributed to this report.
Kate Stone is a reporter for KIRO Newsradio.