MARAD: Advisory on potential technological compromises associated with foreign-made port infrastructure

The following is excerpted from a U.S. Maritime Advisory issued by the U.S. Department of Transportation’s Maritime Administration on February 21. To read the complete advisory, click here.

Worldwide-foreign adversarial technological, physical, and cyber influence

1. Issue: This Advisory seeks to alert maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure. Foreign companies manufacture, install, and maintain port equipment that creates vulnerabilities to global maritime infrastructure information technology (IT) and operational technology (OT) systems. In the past few years, the U.S. Government has published several documents (see paragraph 4 below) illuminating the risks associated with integrating and utilizing the People’s Republic of China’s (PRC’s) state-supported National Public Information Platform for Transportation and Logistics (LOGINK), Nuctech scanners, and automated ship-to-shore cranes worldwide.

LOGINK is a single-window logistics management platform that aggregates logistics data from various sources, including domestic and foreign ports, foreign logistics networks, shippers, shipping companies, other public databases, and hundreds of thousands of users in the PRC. The LOGINK logistics platform, which was first marketed outside of the PRC in 2010, was developed by the PRC Ministry of Transport. At least 24 global ports have cooperation agreements with LOGINK, which can collect massive amounts of sensitive business and foreign government data, such as corporate registries and vessel/cargo data. The PRC government is promoting logistics data standards that support LOGINK’s widespread use, and LOGINK’s installation and utilization in critical port infrastructure very likely provides the PRC access to and/or collection of sensitive logistics data.