A new report from Booz Allen and the McCrary Institute for Cyber and Critical Infrastructure Security warns that foreign adversaries are expanding cyber operations to target U.S. ports, escalating the threat to the nation’s critical infrastructure and underscoring the urgent need for stronger maritime cybersecurity. The Booz Allen–McCrary report follows U.S. Coast Guard investigations that revealed systemic OT (operational technology) vulnerabilities in Chinese-manufactured cranes, including weak passwords, poor cyber hygiene, unpatched software, and flat, unsegmented networks. As ports continue to procure PRC-linked equipment, exposure across the maritime sector is growing.
Titled ‘Anchored in Zero Trust: Taking Action to Build Resilient U.S. Port Infrastructure,’ the report highlights that adversaries are already inside U.S. port infrastructure. “Government-linked and criminal actors are actively targeting maritime systems. Chinese-manufactured ship-to-shore (STS) cranes, some equipped with unauthorized communication hardware, raise urgent concerns about surveillance, sabotage, and strategic disruption. These threats put both economic stability and military readiness at risk.”
The Booz Allen–McCrary report added that much of the cyber risk to the maritime transportation system stems from outdated OT that was never designed to withstand attacks by foreign governments determined to win wars by crippling connected infrastructure. Port operators can no longer rely on implicit trust and perimeter defenses. A zero trust (ZT) approach offers a modern, proactive model for securing these critical systems against known and emerging threats.
Adopting a ZT cybersecurity strategy can strengthen port security against such risks. By operating under the guiding tenets of ‘never trust, always verify’ and ‘assume breach,’ ZT shifts the focus away from traditional perimeter defenses to a holistic model of continuous verification. With a focus on STS crane vulnerabilities and broader port security challenges, this report shows how ZT principles can fortify resilience, protect vital operations, and maintain an uninterrupted global supply chain, an essential goal for national and economic security.
The report detailed that ports worldwide have experienced a range of cybersecurity incidents, from physical breaches to targeted cyberattacks. These cases expose systemic weaknesses in port infrastructure and reinforce the need for a modern cybersecurity model. The examples below show how operational disruption, data loss, and long-term risk can stem from a single point of failure. They also underscore why ZT is not optional. It is the clearest path to mitigating intrusion, isolating compromise, and maintaining operational continuity in a contested digital environment.
In 2021, the Chinese government-backed group Volt Typhoon exploited a zero-day flaw in password management software to breach the Port of Houston’s IT systems. Disguising themselves as a vendor engineer, the attackers installed a webshell, stole administrator credentials, and exfiltrated sensitive data within hours. They moved laterally through the network and positioned themselves to reach OT systems.
Although cybersecurity staff detected the intrusion within an hour and isolated the compromised server before any operational disruption occurred, the incident underscored how quickly attackers can escalate from a single access point and highlighted the critical need for continuous monitoring, credential protection, and network segmentation.
Also in 2021, the Clop ransomware group compromised the IT systems of Swire Pacific Offshore, a maritime services company in Singapore. The attackers exfiltrated sensitive employee data, including passports, payroll records, and bank information—impacting up to 2,500 individuals across 18 countries. Operations were not interrupted, but the breach revealed the risks posed by weak identity controls and unmonitored access. The incident demonstrated the value of zero trust practices such as strict authentication, data segmentation, and continuous monitoring to detect lateral movement before significant data loss occurs.
In 2024, the Rhysida ransomware group targeted the Port of Seattle, encrypting data and crippling critical maritime and aviation services. The attack disrupted baggage handling, flight information displays, check-in kiosks, Wi-Fi, and online reservations. While core transportation operations continued, port staff had to revert to manual processes during peak travel. Rapid response efforts restored most services within a week, but the breach revealed how a lack of network segmentation and shared infrastructure can amplify the impact of ransomware. It reinforced the need for zero trust controls, including system isolation, tiered access, and real-time monitoring to contain such events.
The Booz Allen–McCrary report identified that ports depend on a complex web of interconnected systems, from trucking and rail operations to cargo inventory management, that enable efficiency but also expand the attack surface. Each system carries its own set of dependencies, both internal to the port and external, such as power and water management. Beyond cranes and other material handling equipment, ports rely heavily on OT systems across oil and gas terminals, bulk terminals, roll-on/roll-off (RoRo) terminals, and more.
As recent attacks on major ports have shown, a single vulnerability anywhere in this ecosystem can trigger widespread disruption. Many of these OT systems still operate on legacy technologies, including programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems. These often lack basic encryption and remain unpatched, making them easy targets for cyber threats. In these environments, safety and uptime typically take precedence over regular security updates, leaving critical infrastructure dangerously exposed.
Foreign-manufactured port infrastructure, particularly STS cranes, can conceal serious cybersecurity risks. Congressional investigations have revealed unauthorized hardware components and communication modules, such as hidden cellular modems, embedded in these cranes. These elements create pathways for remote access, data exfiltration, or even sabotage.
The Booz Allen–McCrary report highlighted that many global port operations continue to depend on outdated operating systems, unpatched software, and obsolete firmware. Given the long life cycles of OT equipment and limited visibility into system security, even vulnerabilities in seemingly benign software can serve as entry points for attackers. Compounding the issue, most OT networks were not originally designed with segmentation in mind.
As a result, an intruder gaining access to one system can potentially pivot laterally across the network, reaching other hosts, systems, and even crane control infrastructure. Weak third-party access controls heighten the risk, making ports more susceptible to threats from compromised contractors or malicious insiders.
Increasingly, government-backed threat actors are targeting these vulnerabilities. Their operations are often well-funded, highly coordinated, and aimed at disrupting critical supply chains. The compromise of a single terminal could ripple across an entire region, with major implications for economic stability and national security.
The Booz Allen–McCrary report noted that OT systems pose a unique challenge to ZT. Many ZT controls do not apply equally across all pillars. For example, many legacy OT systems do not support encryption of network traffic due to hardware constraints or other operational reasons. However, novel technologies and approaches allow organizations to secure these systems.
Micro-segmentation and machine-to-machine (M2M) identity providers (IdP) are two examples of powerful ZT controls. Micro-segmentation divides the network into small, tightly controlled segments, helping to reduce the potential impact of a breach by confining the compromise to a limited blast radius. It also prevents lower-level components from being accessed and manipulated by higher-level components that are more often used by attackers.
M2M IdP establishes verifiable identities for automated services and components, enabling them to securely authenticate and authorize within OT environments. In addition, many other tools, technologies, and architectural design patterns can be used to drive ZT implementation.
The report notes that while many OT systems lack encryption support, this limitation inadvertently allows for greater visibility into network traffic and connected assets. “This is a major data source for defenders of OT networks. There are OT security tools that can inspect traffic at the packet level, including industrial protocols, and alert on anomalies and indications of attacks. Classifying data and mapping that data to specific systems that support critical operations will determine if and how teams can capitalize on this visibility.”
To help maritime organizations address growing cyber risks, the report offers insights and practical guidance on several fronts. It examines the threats posed by Chinese STS cranes and provides an engineering perspective on the underlying vulnerabilities. It also outlines the critical role of OT and control systems in the function of port material handling equipment, highlighting OT-specific threat vectors. Finally, the report recommends both technical and policy measures that asset owners can implement to strengthen resilience across their maritime operations.
For maritime organizations, the Booz Allen–McCrary report urges the implementation of zero trust controls such as microsegmentation, machine-to-machine identity management, multi-factor authentication, privileged access management, and continuous monitoring with threat analytics. It calls for maturing security operations through measures like OT security monitoring, active incident response, vulnerability assessments, penetration testing, red teaming, and tabletop exercises.
The report also stresses the need for stronger security protocols around foreign-manufactured material handling equipment, including rigorous pre-procurement evaluations, contractual security requirements, ongoing assessments, and the use of digital twins. Finally, it recommends improving threat intelligence and stakeholder coordination through expanded information-sharing efforts, joint security drills, and integrated cross-functional security teams.
For policymakers, the report calls for legislation that boosts funding for cybersecurity assessments, supports zero trust implementation, and enforces minimum cybersecurity standards across critical maritime infrastructure. These efforts should build on the U.S. Coast Guard’s Final Rule on Cybersecurity in the Marine Transportation System, which came into effect on July 16, 2025.
It also recommends advancing maritime cybersecurity plans by aligning port security programs with federal strategies that set clear timelines for closing key cyber gaps. Federal maritime cybersecurity strategies should be used as a blueprint to align port-level security plans with national objectives, ensuring key vulnerabilities are addressed within clear timelines. To promote accountability and continuous improvement, ports should adopt cybersecurity maturity benchmarks, such as the MTS-ISAC scorecard or internationally recognized frameworks like Singapore’s MaritimeSG CyberSafe Scorecard.
The report urges the adoption of standardized frameworks, such as the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) scorecard, to measure cybersecurity maturity. To accelerate adoption, it encourages the use of incentives like tax credits, grants, and matching programs to help port authorities and private operators implement zero trust controls and upgrade their cybersecurity infrastructure.
Finally, the government should incentivize security modernization by offering tax credits, grants, and matching programs. These incentives would encourage public and private operators to deploy advanced security controls, including zero trust architectures, and make necessary infrastructure upgrades that harden ports against growing cyber threats.
