US Tightens Port Cybersecurity, Targets Chinese-made Automated Cranes

Author photo: Chantal Polsonetti
ByChantal Polsonetti
Industry Trends

Port automation is a large and growing market segment for mission-critical industrial network infrastructure.  Switches, routers, gateways, and other industrial infrastructure components are widely deployed in automation of cranes, gantries, and other logistics and material handling equipment that frequently serve remote, mobile, and increasingly autonomous operations.

A new White House Executive Order raises the stakes on cybersecurity requirements in these installations due to concerns about the numerous port cranes manufactured by Chinese companies.  ZPMC (Shanghai Zhenhua Heavy Industries Company Limited) maintains the largest share, by sales revenue, of the ship-to-shore crane market worldwide. These cranes may, depending on their individual configurations, be controlled, serviced, and programmed from remote locations. The US government is now highlighting how these features potentially leave them vulnerable to exploitation.

A related US DoT Maritime Administration Advisory seeks to alert maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure. This advisory warns that foreign companies manufacture, install, and maintain port equipment that creates vulnerabilities to global maritime infrastructure information technology (IT) and operational technology (OT) systems, including risks associated with integrating and utilizing the People’s Republic of China’s (PRC’s) state-supported National Public Information Platform for Transportation and Logistics (LOGINK), Nuctech scanners, and automated ship-to-shore cranes worldwide.

LOGINK is a single-window logistics management platform that aggregates logistics data from various sources, including domestic and foreign ports, foreign logistics networks, shippers, shipping companies, other public databases, and hundreds of thousands of users in the PRC. At least 24 global ports have cooperation agreements with LOGINK, which can collect massive amounts of sensitive business and foreign government data, such as corporate registries and vessel/cargo data. The PRC government is promoting logistics data standards that support LOGINK’s widespread use, with the US government asserting that LOGINK’s installation and utilization in critical port infrastructure very likely provides the PRC access to and/or collection of sensitive logistics data.

Nuctech Company, Ltd. is a PRC State-controlled entity that manufactures and fields data-centric partially state-owned security inspection equipment at key logistic nodes worldwide. The United States added Nuctech to the Department of Commerce’s Entity List for its involvement in activities contrary to the national security interests of the United States. Specifically, the U.S. government determined Nuctech's lower performing equipment, or less stringent cargo screening, impairs U.S. efforts to counter illicit international trafficking in nuclear and other radioactive materials and raises the risk of proliferation.

Guidance suggested to maritime industry stakeholders includes application of cybersecurity best practices for Access Control (identity and access management), vulnerability mitigation, configuration management mitigation measures to reduce the risks associated with automated port cranes, as well as numerous other means of verifying the integrity and security of on-board crane devices and networks.  These extensive suggestions extend throughout the automation architecture. 

Further information, including detailed cybersecurity recommendations for port automation, is available at:

Executive Order on Amending Regulations Relating to the Safeguarding of Vessels, Harbors, Ports, and Waterfront Facilities of the United States

US Department of Transportation, Maritime Administration “2024-002-Worldwide-Foreign Adversarial Technological, Physical, and Cyber Influence

US Coast Guard “Cybersecurity in US Maritime Transportation System


Engage with ARC Advisory Group

Representative End User Clients
Representative Automation Clients
Representative Software Clients