Skip to content
Don't miss

Get the daily Cyber Briefing in your inbox

SIGN UP
Port of Baltimore (Photo by Bill McAllen/Maryland Port Administration)
Reports |

Anchored in Zero Trust 'Fast Facts'

Amid ongoing cyber intrusions targeting U.S. critical infrastructure, foreign adversaries are now extending their reach into U.S. ports, prompting urgent need for stronger maritime cybersecurity measures, according to a new report from Booz Allen and the McCrary Institute for Cyber and Critical Infrastructure Security. Read on for a summary of the report and why it demands immediate attention.

Read the full report – Anchored in Zero Trust: Taking Action to Create Resilient U.S. Port Infrastructure

Why It Matters: Adversaries in the Port Perimeter Put National Security at Risk

  • Chinese-manufactured ship-to-shore (STS) cranes at U.S. ports equipped with unauthorized hardware raise concerns of surveillance and disruption.
  • Port operators depend on cranes to load and unload containers; any disruption could halt operations, jeopardizing $2.1 trillion in trade and critical military logistics at 22 strategic ports.
  • Recognizing this, the DoD has classified ports as mission-relevant terrain in cyberspace due to their critical role. 
  • In April, the administration released an Executive Order focused on rebuilding domestic maritime industries to promote national security. 
  • Separately, the DoD plans to issue new zero trust (ZT) security guidance for operational technology (OT) and internet of things (IoT) technology in September. 

The Weak Points: PRC-Linked Equipment and Lax Cyber Hygiene Expose Systems 

  • People’s Republic of China (PRC)-sponsored cyber actor groups like Volt Typhoon are believed to be leveraging vulnerabilities to establish footholds across U.S. critical infrastructure, including maritime facilities. 
  • The Maritime Transportation System (MTS) relies on a complex patchwork of networked systems operating on legacy OT that was never intended to withstand modern cyber threats. 
  • Investigations by the U.S. Coast Guard of PRC-manufactured cranes found they are plagued by systemic OT vulnerabilities such as poor cyber hygiene, weak passwords, unpatched software, and unsegmented networks. 
  • The procurement of PRC-linked equipment increases exposure across ports.

The Call to Action: A Necessary Roadmap for Hardening Maritime Security with Zero Trust

  • A ZT cybersecurity framework is essential to countering these threats. Based on “never trust, always verify” and “assume breach,” ZT enforces strict verification and continuous monitoring.
  • This approach enables port authorities to address vulnerabilities in STS cranes, secure OT environments, and strengthen resilience.
  • For maritime organizations, recommendations include implementing ZT, maturing security operations, handling equipment composed of foreign-made materials, and improving threat intelligence and stakeholder coordination. 
  • For policymakers, recommendations are to encourage legislation that enhances cybersecurity funding, advances maritime cyber plans, promotes the use of cyber maturity benchmarks, and incentivizes port security improvements. 

Related Content