Posted on September 10, 2025
Cranes are a crucial part of the supply chain that keeps shelves stocked across the United States; but who controls them, American operators or Chinese hackers? Congress is currently working its way through hundreds of possible additions to the annual defense bill and members of the House have proposed new efforts to strengthen the cybersecurity of the nation’s ports. These initiatives are important first steps toward securing a critical part of the nation’s infrastructure. As cyber and supply-chain threats continue to plague the industry, the federal government needs to invest in its partnerships with port operators.
China Threatens U.S. Port Infrastructure
American ports are facing an ever-increasing number of cyberattacks. A 2024 attack on Port of Seattle systems, for example, caused operational slowdowns, while the Port of Los Angeles experienced 750 million hacking attempts in 2023 alone. Cyberattacks on maritime infrastructure can disrupt port functioning and threaten trillions of dollars in economic activity, crippling supply chains and U.S. military mobilization.
One of the most pressing concerns is China’s ability to access and manipulate U.S. equipment. Eighty percent of U.S. ship-to-shore cranes are manufactured by Chinese state-owned company Shanghai Zhenhua Heavy Industries Company (ZPMC) and controlled with its software. Officials at the Pentagon have called ZPMC a “Trojan horse” that gives the Chinese Communist Party (CCP) control over American critical infrastructure. Sensors and control systems in these cranes could allow China to gather intelligence on shipments — including military shipments — in and out of the United States. These cranes could be an entrance point for cyberattacks on supply-chain management systems.
Congress Is Combatting the Threat
To tackle this problem, Rep. Sheri Biggs (R-SC) and Rep. Addison McDowell (R-NC) have introduced two amendments to this year’s national defense authorization act to provide better information to companies defending these vital systems and assess federal capabilities to aid port operators. Biggs’ amendment addresses the threat from Chinese-manufactured cranes and port equipment by requiring more robust direction from the Coast Guard and the Cybersecurity and Infrastructure Security Agency (CISA) on how and why U.S. ports should disconnect from or install monitoring software on ZPMC cranes. The amendment also directs CISA to prioritize cybersecurity updates at the port of Guam and other commercial ports designated by the Pentagon as commercial strategic seaports, which may be used for military or emergency resource deployments.
McDowell’s amendment, meanwhile, assesses the increasing responsibilities of the Coast Guard to ensure strong cyber practices at U.S. ports. The provision tasks the Government Accountability Office with reviewing the Coast Guard’s budget, resources, and capabilities to fulfill its mission of helping the industry identify and mitigate risk.
New Coast Guard Efforts Require Resources
Over the past two years, the Coast Guard has increasingly recognized the importance of prioritizing cybersecurity at U.S. ports. Most recently, the agency issued a new rule to add cyber incident reporting requirements and mandate new cybersecurity positions, thorough cyber assessments, and comprehensive cyber certifications for all sector employees. These changes seek to minimize the impact of cyberattacks by building sector resilience through stronger cyber practices and increased expertise. These requirements could enhance the cybersecurity of U.S. port infrastructure, but regulated facilities need resources to implement these requirements.
Congress can help operators by standing up a cyber-specific grant program and prioritizing cyber in existing programs. While the Port Security Grant Program provides funding for general port security, Congress should do more to support the importance of cyber-specific security upgrades for American ports. Congress should ensure that maritime grant programs prioritize funding for purchasing new or retrofitting existing ship-to-shore cranes and replacing outdated or vulnerable equipment. The program should also fund cyber risk assessments and cyber training programs to help stakeholders meet the requirements of the new Coast Guard rule and strengthen the nation’s port infrastructure against cyberattacks. By introducing a grant program aimed specifically at port cybersecurity, Congress can support the changes necessary to secure critical military and supply chain infrastructure.
