The cranes that move goods in and out of America’s busiest ports (some of the most essential components of our national logistics chain) are under growing scrutiny.
In a newly issued MARSEC Directive 105-5, the U.S. Coast Guard has raised red flags about the cybersecurity risks that come with ship-to-shore (STS) cranes manufactured in China. These cranes, mostly produced by state-owned enterprises like Shanghai Zhenhua Heavy Industries (ZPMC), make up nearly 80% of the STS equipment at U.S. ports.
While efficient and widely used, they are a risk to supply chains thanks to built-in vulnerabilities in their operational technology (OT) environments. In the eyes of the U.S. government, the threat has moved from the theoretical to a pressing issue tied to national security, infrastructure resilience, and the possibility of foreign cyber exploitation.
Built-in Vulnerabilities in STS Cranes
Unlike traditional IT systems, OT security in maritime environments must consider not only data confidentiality but also operational continuity and physical safety. STS cranes, in particular, rely on a complex mesh of software-controlled systems for remote operation, diagnostics, and…
