Coast Guard calls for better OT security to mitigate ‘significant supply-chain risk’ posed by Chinese cranes

A U.S. Coast Guardsman assigned to Coast Guard Station Houston jumps onto the bow of a response boat-small while escorting the motor vessel Zhen Hua 29 down the Houston Ship Channel July 27, 2023. The Zhen Hua 29 crew delivered three neo-Panamax ship-to-shore cranes to Port Houston, the largest U.S. port for waterborne tonnage. (U.S. Coast Guard photo by Petty Officer 3rd Class Perry Shirzad)

By Bridget Johnson • May 20, 2025

Coast Guard Cyber Protection Team (CPT) Operations noted a 71% year-to-year increase in cyberattacks that used stolen or compromised credentials while finding that “baseline cybersecurity posture has improved” across the marine transportation system (MTS), according to a new report from U.S. Coast Guard Cyber Command.

The fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report said that “supply-chain risks and other observed vulnerabilities exist within ship-to-shore cranes manufactured in China” as better technology on vessels has expanded the attack surface. “While there are significant operational benefits, this creates cybersecurity risks that did not exist before,” the report states. “Cyberattacks impacting a company’s enterprise network are now far more likely to impact shipboard Information Technology (IT) systems and potentially impact vessel operations.”

The report also notes an “uptick in cyber incidents and CPT missions involving cloud systems and services,” blamed in part on “a misunderstanding of security responsibilities” as a majority of MTS organizations now utilize the cloud.

Rear Adm. Jason P. Tama, commander of Coast Guard Cyber Command, wrote at the outset of the report that “better password policies, growing adoption of multi-factor authentication, and better built-in tools to combat phishing” have improved the cyber posture of the MTS.

“However, we have also observed adversaries adjust their tactics to find new initial attack vectors, such as focusing on stolen credentials and exploitable public-facing vulnerabilities,” Tama said. “We have seen technological advancements in satellite networks enabling ships to always remain connected to their enterprise networks and improve their operational efficiency. Unfortunately, this constant connection has also enabled malware to rapidly spread from a company’s corporate network to their ships while underway.”

In 2024, 70% of compromised MTS organizations reported to CPT that the breach “caused significant or very significant disruption,” while 71% of organizations used default credentials. Phishing was the point of initial access in 25% of the MTS cyber incidents reported last year. A quarter of reported incidents were ransomware, which is a drop from 42% in 2023.

For the first time, the annual report includes an in-depth discussion of the “significant supply-chain risk” posed to the MTS by ship-to-shore cranes manufactured in China, carrying “vulnerabilities that could enable a malicious cyber actor the ability to disrupt port operations.” About 80% of STS cranes in use at U.S. ports are manufactured by Shanghai Zhenhua Heavy Industries Co., Ltd., (ZPMC), a Chinese state-owned enterprise.

“Our most common findings for STS crane networks are similar to our common findings for any OT system: improper network segmentation, legacy software, and identity/access management,” the report states. “In all cases, CPTs recommended mitigations to better isolate the STS cranes and reduce remote access threat vectors.”

These recommendations include scrutinizing contract language that requires third-party access or crane maintenance and restricting remote access, avoiding shared accounts and enforcing a password policy, implementing network segmentation and hardening IT hosts across the enterprise.

“Multiple layers of network security should exist between a crane’s IT and OT systems,” the report advises. “A firewall should be present at the boundary point of a crane network and be properly configured to implicitly deny all inbound and outbound traffic and explicitly allow only very specific traffic to transit the firewall.”

Tama stressed that the “constantly changing cyber threat and vulnerability landscape continues to require a vigilant cyber posture.”

“STS cranes are essential to the movement of goods in and out of our ports,” the commander wrote. “We are proud to provide the most comprehensive and publicly available technical findings on these cranes to raise awareness to the risks and provide crane operators with actionable hardening recommendations to improve their security.”