The U.S. alerts of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure

The Maritime Administration of the United States Department of Transportation has issued a maritime advisory alerting maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure.

This advisory was issued on 23 August 2023 and cancels U.S. Maritime Advisory 2023-002.

Issue

This advisory highlights potential vulnerabilities in maritime port equipment, networks, software, and infrastructure, particularly those from foreign manufacturers.

These vulnerabilities have been exposed in recent years due to the integration of China's National Public Information Platform for Transportation and Logistics (LOGINK), Nuctech scanners, and automated port cranes into global maritime operations.

LOGINK is a logistics management platform subsidized by the Chinese government, with agreements with at least 24 global ports. It has access to sensitive business and government data, raising concerns about data security and Chinese influence in international maritime trade.

Nuctech, a Chinese State-Owned Enterprise, produces security inspection equipment used worldwide, including x-ray, explosives detection, and AI capabilities. It has raised concerns due to its ties to the Chinese Communist Party and the People's Liberation Army, resulting in its addition to the U.S. Department of Commerce's Entity List.

Guidance

To mitigate these risks, maritime stakeholders should implement cybersecurity best practices such as access control, vulnerability mitigation, and configuration management.

Specific steps include:

1. Enhancing cybersecurity and cyber resiliency to respond to and report incidents that could disrupt operations.
2. Understanding data sharing and network access permissions as outlined in contractual agreements.
3. Monitoring and controlling access to foreign maritime technology.
4. Exercising caution with untrusted network traffic, especially third-party traffic.
5. Ensuring infrastructure operational resiliency and maintaining recoverable backups.
6. Collaborating with industry, academia, and government for optimal cybersecurity practices.

For automated port cranes, additional mitigation measures include:

1. Segmentation between crane and other port systems to limit cyber access.
2. Secure file transfer tools to reduce malware risk.
3. Dedicated remote access systems and firewall rule policies.
4. Separation of crane management functions from operational systems.
5. Monitoring communications on the crane network.
6. Integrity checks and VLAN segmentation for control devices.
7. Robust response and recovery programs, including backups and spare hardware.
8. Strong physical security and access control for crane infrastructure.

For more information, please see the document below (available only to subscribers):

Worldwide-Foreign Adversarial Technological, Physical, and Cyber Influence