THE UNITED STATES Coast Guard has issued new orders to the nation’s ports with regard to cyber security measures required for Chinese-manufactured ship-to-shore gantries, the majority of which have been supplied by ZPMC.
Maritime Security (MARSEC) Directive 105-5, which outlines cyber risk management, is in addition to those previously promulgated via MARSEC Directive 105-4 (issued on 21 February 2024). The USCG says the new Directive contains security-sensitive information “and, therefore, cannot be made available to the general public”.
“Owners or operators of ship-to-shore (STS) cranes manufactured by PRC companies should immediately contact their local Coast Guard Captain of the Port (COTP) or District Commander for a copy of MARSEC Directive 105-5.”
The Maritime Transportation Security Act’s implementing regulations in 33 CFR parts 101-105 are designed to protect the maritime elements of the national transportation system. Under 33 CFR 101.405, the Coast Guard may set forth additional security measures to respond to a threat assessment or to a specific threat against those maritime elements. In addition, per 33 CFR 6.14-1, the Commandant “may prescribe such conditions and restrictions relating to the safety of waterfront facilities and vessels in port as the Commandant finds to be necessary under existing circumstances.”
USCG notes STS cranes manufactured by PRC companies make up the largest share of the global ship-to-shore crane market and account for nearly 80% of the STS cranes at U.S. ports. By design, these cranes may be controlled, serviced, and programmed from remote locations, and those features potentially leave STS cranes manufactured by PRC companies vulnerable to exploitation, threatening the maritime elements of the national transportation system.
As such, additional measures are necessary to prevent a Transportation Security Incident in the national transportation system due to the prevalence of STS cranes manufactured by PRC companies in the U.S., threat intelligence related to the PRC’s interest in disrupting U.S. critical infrastructure, and the built-in vulnerabilities for remote access and control of these STS cranes.
“Pursuant to 33 CFR 101.405, we consulted with the Department of State, Department of Defense, Department of Transportation/Maritime Administration, Department of Homeland Security, Transportation Security Administration, Cybersecurity and Infrastructure Security Agency, and National Maritime Intelligence-Integration Office,” the USCG said.
The Directive was issued by Captain A. Meyers, Captain, U.S. Coast Guard, Chief, Office of Port and Facility Compliance.
All major Australian container ports have ZPMC STS cranes.
