There are growing concerns regarding potential cybersecurity vulnerabilities in port equipment, particularly ship-to-shore container handling cranes. The US announced an Executive Order in February resulting in significant funding for improvements to port cybersecurity and authorizing the US Coast Guard to have a larger role in responding to malicious activity. Many recent articles focus on concerns that the equipment could be used for illicit intelligence gathering. While Liftech has no credible knowledge of cranes being used for espionage, there are potential risks of espionage and sabotage through remote or local access to the crane control systems.
Container handling cranes are an important part of the increasingly complex and connected data environment at ports around the world. Their control systems vary greatly in both complexity and connectivity to port data systems and external networks. Crane cybersecurity needs and potential vulnerabilities are drastically different between types of installations, regardless of the equipment manufacturer and control system supplier. It is not possible to make general statements that accurately cover the variety of crane installations at all ports.
Liftech has long advocated for cybersecurity protections, including local software protection and defense-in-depth systems, to isolate container handling equipment from external networks where practical and to help mitigate both remote and local cyberattacks. Liftech supports careful and customized evaluation of cybersecurity vulnerabilities for all types of container handling equipment and other information systems unique to each terminal environment. Liftech continues to work with our clients and industry experts to develop guidelines for best practices in assessing and addressing port equipment cybersecurity.