Experts Offer Roadmap to Secure US Ports From CCP Attack

‘We have been a victim for too long, and we’ve got to get out of that mindset,’ McCrary Institute Director Frank Cilluffo said.
Experts Offer Roadmap to Secure US Ports From CCP Attack
Frank Cilluffo (L), director of Auburn University's McCrary Institute, and Brad Medairy (R), executive vice president for national security at Booz Allen Hamilton, discuss port security at an event in Washington on July 31, 2025. Don Kauffman/The McCrary Institute
|Updated:
0:00

U.S. ports are strategic infrastructure upon which the nation’s economic stability and military readiness depend, yet they remain highly exposed to an attack that could grind billions of dollars in trade activity or defense operations to a halt. In fact, adversaries have already infiltrated U.S. port infrastructure, and the path forward must be one that adopts “zero trust” principles, according to experts.

“Zero trust is a fundamental shift in the way that we view and defend our enterprise and [operational technology] environments,” David Forbes, director of cyber physical defense at management consulting company Booz Allen Hamilton, said at an event on July 31 discussing a report released July 29 by Booz Allen Hamilton and Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.

“It changes the way we think about cyberdefense, so we are here assuming breach.”

The report, titled “Anchored in Zero Trust: Taking Action to Create Resilient U.S. Port Infrastructure,” outlines the current exposure to risk and offers policy recommendations and operator best practices to secure the ports.

“We know that adversaries are on our networks,” Forbes said. “They’re in our infrastructure. Volt Typhoon has proven this in a broad range of critical infrastructure sectors, and maritime ports can be and should be at the center of that.”

Ports Exposed

The roughly 360 ports in the United States handle more than 40 percent of goods entering or leaving the country, valued at about $2.1 trillion.

The zero trust approach assumes that systems are already breached, building in continuous verification rather than defending systems at the perimeter.

The McCrary Institute–Booz Allen Hamilton report notes cases in which U.S. ports have already been subject to disruptive cyberactivity, including a Volt Typhoon hack of the Port of Houston in 2021.

In 2024, the Port of Seattle was hit by a ransomware attack that disrupted baggage handling, check-in kiosks, flight displays, Wi-Fi, and online reservation tools. The report notes that this case illustrates how isolated systems in this incident meant that the impact of the attack was comparatively contained.

Lawmakers have sounded the alarm over the fact that a single Chinese company, Shanghai Zhenhua Heavy Industries Co., currently dominates the ship-to-shore cranes market, accounting for 80 percent of those used in U.S. ports.

A congressional investigation concluded that some of these cranes had installed unauthorized components, including cellular modems. Lawmakers have also noted that Shanghai Zhenhua Heavy Industries has multiple times requested remote access to the cranes. The company is a subsidiary of a Chinese state-owned communications conglomerate with ties to the Chinese military.

A U.S. Coast Guard review of 90 foreign-made cranes found that they posed no unique vulnerabilities, although the cranes had the same security weaknesses that often plague such technology systems. These networks can often have poor password policies, unpatched systems, or unnecessary connections to other systems.

The Coast Guard already requires owners and operators of Chinese-made ship-to-shore cranes to eliminate crane connections to the internet and take other risk management actions.

The report recommended an approach wherein port operators ensure that systems can run even when disconnected from networks. It also recommended that systems be segmented as much as possible, with strict identity security for all user accounts and automated services, clear visibility into all critical data flow, encryption of sensitive information, and active threat analyses.

It also includes more advanced recommendations, such as tabletop exercises for walking through potential attack scenarios. The nonprofit think tank Gold Institute for International Strategy and cybersecurity firm Neptune SHIELD hosted one such exercise on June 26 and will do so again at a forum to be held Oct. 6 to Oct. 9.

The cybersecurity of today extends far beyond the digital space. The disclosure of Volt Typhoon, a Chinese communist regime-backed cybercampaign that has infiltrated U.S. critical infrastructure systems and is pre-positioned to cause disruption, revealed a significant escalation in Chinese state-sponsored cyberactivity—from espionage and IP theft to a potential willingness to cause widespread physical damage.

Brad Medairy, executive vice president for national security at Booz Allen Hamilton, said that as the United States becomes a bigger cybertarget, there should be a shift in approach to provide deterrence.

“Our national attack surface is continuing to expand, our risk posture continues to get bigger,” Medairy said at the July 31 event. “We should not accept the fact that the [Chinese regime] is pre-positioning capabilities in our critical infrastructure that could cause us harm. We shouldn’t accept that the [Chinese regime] is attacking our telecommunication infrastructure, our defense industrial base.”

McCrary Institute Director Frank Cilluffo agreed.

“We have been a victim for too long, and we’ve got to get out of that mindset,” he said.

Google LogoMark Us Preferred on Google
Catherine Yang
Catherine Yang
Author
Catherine Yang has been with The Epoch Times in New York since 2008. She also launched and previously served as chief editor of American Essence magazine and Epoch Health.