Experts Offer Roadmap to Secure US Ports From CCP Attack

Udumbara Udumbara
Aug 4, 2025 - 09:52 Updated: Aug 4, 2025 - 09:48
0
Experts Offer Roadmap to Secure US Ports From CCP Attack
.

U.S. ports are strategic infrastructure upon which the nation’s economic stability and military readiness depend, yet remain highly exposed to an attack that could ground billions in trade activity or defense operations to a halt. In fact, adversaries have already infiltrated U.S. port infrastructure, and the path forward must be one that adopts “zero trust” principles, experts say.

“Zero trust is a fundamental shift in the way that we view and defend our enterprise and [operational technology] environments,” David Forbes, director of cyber physical defense at management consulting company Booz Allen Hamilton, said at an event on July 31 discussing a report released July 29 by Booz Allen and the McCrary Institute for Cyber and Critical Infrastructure Security.

“It changes the way we think about cyber defense, so we are here assuming breach.”

The report, titled “Anchored in Zero Trust: Taking Action to Create Resilient U.S. Port Infrastructure,” outlines the current exposure to risk and offers policy recommendations and operator best practices to secure the ports.

“We know that adversaries are on our networks. They’re in our infrastructure. Volt Typhoon has proven this in a broad range of critical infrastructure sectors, and maritime ports can be and should be at the center of that,” Forbes said.

Ports Exposed

The roughly 360 ports in the United States handle more than 40 percent of goods entering or leaving the country, valued at about $2.1 trillion.

The zero trust approach assumes systems are already breached, building in continuous verification rather than defending systems at the perimeter.

The McCrary Institute–Booz Allen report notes cases in which U.S. ports have already been subject to disruptive cyber activity, including a Volt Typhoon hack on the Port of Houston in 2021.

Just last year, the Port of Seattle was hit by a ransomware attack that disrupted baggage handling, check-in kiosks, flight displays, Wi-Fi, and online reservation tools. The report notes that this case illustrates how isolated systems in this incident meant that the impact of the attack was comparatively contained.

Lawmakers have sounded the alarm over the fact that a single Chinese company, Shanghai Zhenhua Heavy Industries Company (ZPMC), currently dominates the ship-to-shore cranes market, accounting for 80 percent of those used in U.S. ports.

A congressional investigation concluded that some of these cranes had installed unauthorized components, which included cellular modems. Lawmakers have also noted that ZPMC has multiple times requested remote access to the cranes. The company is a subsidiary of a Chinese state-owned communications conglomerate with ties to the Chinese military.

A U.S. Coast Guard review of 90 foreign-made cranes found that, although they posed no unique vulnerabilities, the cranes had the same security weaknesses that often plague such technology systems. These networks can often have poor password policies, unpatched systems, or unnecessary connections to other systems.

The Coast Guard already requires owners and operators of Chinese-made ship-to-shore cranes to eliminate crane connections to the internet and take other risk management actions.

The report recommended an approach wherein port operators ensure that systems can run even when disconnected from networks, and be segmented as much as possible, with strict identity security for all user accounts and automated services, clear visibility into all critical data flow, encryption of sensitive information, and active threat analyses.

It also includes more advanced recommendations, such as tabletop exercises to walk through potential attack scenarios. The nonprofit think tank Gold Institute for International Strategy and cyber security firm Neptune SHIELD hosted one such exercise on June 26 and will do so again at an Oct. 6–9 forum.

The cybersecurity of today extends far beyond the digital space. The disclosure of Volt Typhoon, a Chinese communist regime-backed cyber campaign that has infiltrated U.S. critical infrastructure systems and is pre-positioned to cause disruption, showed a significant escalation in Chinese state-sponsored cyber activity from espionage and IP theft to a potential willingness to cause widespread physical damage.

Brad Medairy, executive vice president for National Security and Cyber, said that as the United States becomes a bigger cyber target, there should be a shift in approach to provide deterrence.

“Our national attack surface is continuing to expand, our risk posture continues to get bigger,” Medairy said at the July 31 event. “We should not accept the fact that the PRC is pre-positioning capabilities in our critical infrastructure that could cause us harm. We shouldn’t accept that the PRC is attacking our telecommunication infrastructure, our defense industrial base.”

McCrary Institute Director Frank Cilluffo agreed. “We have been a victim for too long, and we’ve got to get out of that mindset,” he said.

.

Read More