MARY LOUISE KELLY, HOST:
The Biden administration is worried about a national security threat posed by cranes at U.S. ports - yes, cranes. You know, the huge machines that hoist goods off ships so they can be transported and sold around the country. Well, these cranes were made in China. I'm going to let our cybersecurity correspondent, Jenna McLaughlin, pick up the thread from here. Hey, Jenna.
JENNA MCLAUGHLIN, BYLINE: Hey.
KELLY: So what is the problem with these cranes?
MCLAUGHLIN: So, according to the White House, there are over 200 cranes in U.S. ports that were manufactured in the People's Republic of China. That's actually the vast majority, nearly 80% of cranes. According to Admiral Jay Vann, who's part of the Coast Guard Cyber Command, those ship-to-shore cranes specifically could be vulnerable to Chinese exploitation, particularly because they can be operated remotely.
The Coast Guard is going to be inspecting all of those cranes. They're about halfway done. Then they'll be requiring minimum standards for security compliance. For broader context, the U.S. national security officials have really been concerned about Chinese hackers infiltrating critical infrastructure. They're trying to get an advantage if there was a war or a conflict in the region. These officials say that Chinese hackers have been burrowing into U.S. infrastructure for the past five years or so.
KELLY: OK, so I said the Biden administration is worried about this. What are they doing about it?
MCLAUGHLIN: They're doing a couple things. Besides the specific effort targeting the threat to the cranes, there's a new executive order. It essentially gives the Coast Guard more power over the ports. Now they'll be able to preemptively step in and investigate potential cyberthreats to U.S. vessels or respond if there's an attack. The Coast Guard's also putting out proposed minimum guidelines on cybersecurity standards, as well as requirements for reporting cyberattacks, which is modeled off safety requirements. The White House says that cyberattacks could pose as big a threat to the port as storms, for example.
They'll get feedback on those guidelines from the public before those actually go into effect. The government is also investing $20 billion into new secure technology at the ports over the next five years, which could be used to build cranes and other technology in America, rather than relying on these ones built in China.
KELLY: And, Jenna, I know, I mean, port security has been a priority going back to 9/11. Did something new just happen that is prompting all this concern and this executive order now?
MCLAUGHLIN: Yeah. So like I mentioned, U.S. national security officials have been really scared about the Chinese hacking campaigns into U.S. infrastructure. The first example that they revealed was about a year ago, when a Chinese hacking group they call Volt Typhoon had broken into U.S. infrastructure in Guam, which has important military significance based on its location in the Pacific. They haven't given us too many more specific details, but they've said they found these hackers in other places, like U.S. communication networks and other critical infrastructure.
Meanwhile, there's other examples. You know, a major Japanese port was recently hit by a criminal cyberattack. Hackers held it for ransom for two whole days, and shipments were totally halted. White House cybersecurity adviser Anne Neuberger explained why the ports are so important during a call with reporters last night. She said that the ports pump $5.4 trillion into the American economy. That's over 90% of overseas trade. And the ports are also vital for airlift capabilities for the military. If there was a major disruption at the ports, even short term, it could be disastrous.
KELLY: And so in the meantime, what's going to happen to all these cranes?
MCLAUGHLIN: Yeah, so unlike how the U.S. government has had this big campaign to get rid of Chinese technology like Huawei from our communications infrastructure, in this case, they aren't planning on getting rid of the cranes. The White House seems to think that it's a risk that they can manage. But the investment part of this package will allow them to put money into more U.S.-manufactured technology in the future, just so we're not relying so heavily on these vulnerable cranes.
KELLY: NPR cybersecurity correspondent Jenna McLaughlin. Thank you, Jenna.
MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
