While the United States continues to find ways to shore up the cyber-resilience of its critical infrastructure, a new congressional report warns that the maritime sector’s reliance on Chinese-made equipment, particularly cranes with potentially vulnerable software, poses a significant cyber security risk.
A cellular modem in a Chinese-made crane could have a legitimate purpose โor it could be a ticking time bomb. Phosphorus CISO John Terrill talks to Dark Reading (here) about concerns over the supply chain and IoT security at US ports.
Port operators are looking to buy inexpensive port equipment, such as cranes, but then rely on the manufacturer to provide service, which leads to remote communications and data collection. In addition, numerous vulnerabilities have been found in ZPMC equipment, but bug reports disappear and are never publicized, and likely never fixed. Given China’s law that forces disclosure of vulnerabilities to the government, it’s likely that those vulnerabilities are being used or are being stockpiled for use, says Phosphorus’ Terrill.
“A known vulnerability that is not patched is a backdoor by any other definition,” he says.
Read the full story at Dark Reading.
Related Posts
In the wake of the CrowdStrike incident, the US Cybersecurity and Infrastructure Security Agency...
Australia’s ambitious Cyber Security Act, its first standalone piece of cybersecurity legislation, introduces new...
