Republican leaders from two key House committees say the actions announced this week by the Biden administration to secure U.S. ports are a “meaningful step,” while calling for additional oversight to address cyber maritime threats from the Chinese Communist Party.
President Biden signed an executive order on Wednesday giving the Coast Guard new authorities to respond to malicious actors impacting the U.S. maritime transportation system.
Other actions include a Coast Guard notice of proposed rulemaking to establish minimum security requirements for “U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities” and a Maritime Security Directive addressing “ship-to-shore cranes” manufactured in China that are based in “U.S. Commercial Strategic Seaports.”
Rep. Mark Green (R-TN)
“In light of our Committees’ warnings about the grave threats posed to our maritime security, this is the right move by the administration. It is deeply troubling that the vast majority of ship-to-shore cranes at U.S. ports are manufactured by the Chinese state-owned company, ZPMC, and the operational technology, sourced from various global suppliers, is often installed in China,” the lawmakers said today in a joint statement.
They added, “Many of the cranes’ operational components are manufactured by the Swiss firm ABB, which partners closely with both ZPMC and the U.S. government.”
The statement comes from House Homeland Security Chairman Mark Green (R-TN), China select committee Chairman Mike Gallagher (R-WI), and Reps. Carlos Gimenez (R-FL) and August Pfluger (R-TX).
Gimenez is chairman of the Homeland Security transportation and maritime security subcommittee. Pfluger chairs the subcommittee on counterterrorism, law enforcement and intelligence.
The lawmakers say, “The United States must not give the CCP another way to infiltrate our critical infrastructure, conduct surveillance and espionage, steal intellectual property, and potentially throttle our port activity altogether. The threat is real—we now know Chinese-affiliated hackers, Volt Typhoon, maintained access to our critical infrastructure, including the maritime sector, for five years before discovery.”
“This announcement does not end the threat, but it is a meaningful step to counter it. The follow-through will be essential. We will continue conducting a rigorous investigation into the threats posed by the CCP’s access to our ports. Our Committees will continue urging the Biden administration to strengthen the resilience of our critical infrastructure and to resolve vulnerabilities in our supply chains,” the lawmakers say.
The transportation and maritime subcommittee will hold a hearing on Feb. 29 to examine maritime security threats.
The witnesses are Rear Adm. John Vann, commander of the U.S. Coast Guard Cyber Command; Rear Adm. Wayne Arguin, Coast Guard assistant commandant for prevention policy; Derek Trinque of U.S. Transportation Command (TRANSCOM); and Christa Brzozowski, DHS Assistant Secretary for Trade and Economic Security.
Homeland Security cyber subcommittee Chairman Andrew Garbarino (R-NY) said in a statement, “Maritime port security is vital to our national security. The presence of this technology in U.S. ports significantly increases the cybersecurity risk to business operations systems and terminal industrial control systems. While I am pleased to see the Administration finally prioritizing the Cybersecurity of U.S. Ports, especially in light of heightened concerns over technology employed by Chinese-manufactured cranes, this action is long overdue.”
“Members of Congress have been raising the alarm about this threat since 2022, which is why last year, I and other Members of the Homeland Security Committee sent multiple letters to the Department of Homeland Security highlighting our concerns and urging action,” the subcommittee chair said.
Garbarino said, “The Chinese Communist Party continues to subvert U.S. economic and national security interests through the use of CCP-manufactured technology at our ports, so while this is a positive step forward, the Administration must ensure that it is more proactively mitigating these security risks and bolstering our cyber preparedness against malign Chinese actions going forward.”
Green and three of his subcommittee chairs sent a letter in April 2023 to Homeland Security Secretary Alejandro Mayorkas asking for detailed information on DHS efforts to address cyber vulnerabilities at maritime ports.
The Homeland Security and China committees are also investigating Swiss Company ABB’s ties with Chinese state-owned ZPMC and whether there is a conflict of interest with ABB’s work with U.S. government agencies.
Industry stakeholders weigh in
The American Association of Port Authorities praised the Biden administration’s port cybersecurity actions.
AAPA president and CEO Cary Davis said, “America’s ports work closely with our federal partners to maintain the highest possible standards of physical and cybersecurity. We welcome and applaud President Biden’s actions which further empower the Coast Guard to keep our ports safe along with the Administration’s efforts to build out domestic manufacturing capacity for key equipment.”
The trade group has crafted a legislative proposal similar to the CHIPS and Science Act that would incentivize domestic manufacturing of cranes and is calling on Congress to introduce and pass the bill.
AAPA also noted that they are working with Department of Transportation’s Maritime Administration (MARAD) to conduct a study on “the future of port cargo handling equipment procurement needs.” AAPA says, “The study results will be presented to domestic manufacturers as an order book to show the clear demand for American-manufactured equipment.”
Tenable’s Marty Edwards called the EO progress “toward better cybersecurity standards as well as recognition that our critical infrastructure is being targeted by bad actors.”
“As our reliance on digital systems grows to ensure the smooth running of our ports, so too does the susceptibility of the foundational infrastructure that underpins it. Any cyber infringement can have devastating real-world consequences,” Edwards said.
Edwards argued, “Granting more authority to the Coast Guard to act will likely help to limit the risk of cyber incidents that affect our maritime security, but we also need to ensure that those tasked with these new responsibilities are properly resourced, that roles and responsibilities are clear and that these actions are harmonized with other federal cyber policies and regulations. And it’s imperative that any port cyber requirements align with the NIST Cybersecurity Framework and the CISA Cross-sector Cyber Performance goals.”
Mark Montgomery of the Foundation for Defense of Democracies highlighted the think tank’s work on examining U.S. port system vulnerabilities.
Through the White House efforts, Montgomery said the administration will get “more insight and information on the threat through specific incident reporting” and broadly improve “cybersecurity of the systems through increased assessments and cybersecurity requirements.” Montgomery is a retired rear admiral.
The administration announced that they will be committing $20 billion in grants over the next five years to invest in U.S. port infrastructure. The funding comes from the Bipartisan Infrastructure Law and the Inflation Reduction Act.
Montgomery said,Providing support to the private sector operating the port systems through access to resources from the Bipartisan Infrastructure Act is a good first step. Ensuring a sufficient amount of this money actually goes to cybersecurity issues will require close oversight.” -- Sara Friedman (sfriedman@iwpnews.com)