AUSTIN – U.S. Senators John Cornyn (R-TX) and Gary Peters (D-MI) and U.S. Representative Daniel Webster (FL-11) released the following statements after their Protecting Investments in Our Ports Act, which will ensure that all applicants for competitive grant funding from the Port Infrastructure Development Program (PIDP) may only purchase secure digital infrastructure or secure software components and applicants must certify they have a security plan addressing cyber risks, was signed into law as part of the National Defense Authorization Act:

“As technology continues to advance and global tensions rise, we must take steps to address the growing threat posed by adversaries looking to access sensitive information or disrupt supply chains at our ports,” said Sen. Cornyn. “This law will mitigate the risk of cyber-espionage by foreign countries and help ensure the digital infrastructure and technology at our ports is secure.”

“Our shipping ports play a crucial role in building resilient supply chains, supporting economic growth, and strengthening our national security. We must do everything we can to protect our port infrastructure from cybersecurity threats,” said Sen. Peters. “This law will incentivize our ports to put the appropriate guardrails in place to protect against cyberattacks, helping to improve the security and efficiency of operations.”

“We must ensure our seaports have the resources and are taking the steps necessary to counter threats posed by the introduction of new software and digital infrastructure,” said Rep. Webster. “This critical measure will help insulate port operations against any potential attacks by those wishing to disrupt our supply chains.”

U.S. Representative Salud Carbajal (CA-24) is a cosponsor of this legislation in the House.

Background:

Chinese-made cranes operating at American ports across the country, including several at strategic ports used by the military, have embedded technology that could be used to spy on and disrupt U.S. port operations. The Protecting Investments in our Ports Act will require applicants of the Port Infrastructure Development Program (PIDP) under the Maritime Administration that are acquiring digital infrastructure or a software component to certify that they have an approved National Maritime Transportation Security Plan that addresses cyber risks.

This legislation builds on Sen. Cornyn’s Cranes of Concern at our Ports (CCP) Act, which was signed into law as part of the National Defense Authorization Act for FY24 and requires the federal government to evaluate threats to U.S. ports posed by cranes manufactured in countries of concern, especially those made by China’s Shanghai Zhenhua Heavy Industries Company (ZPMC). The Protecting Investment in Our Ports Act makes sure competitive grant funding from the PIDP is being used to purchase secure infrastructure and provides another layer of checks on security.