The Port Crane Security and Inspection Act of 2025 aims to protect U.S. ports by inspecting foreign-made cranes for security risks, prohibiting the use of new foreign cranes and software from adversarial nations, and enhancing overall port cybersecurity.
Carlos Gimenez
Representative
FL-28
The Port Crane Security and Inspection Act of 2025 mandates security inspections of foreign-made cranes used at high-risk U.S. ports, assessing and mitigating cybersecurity risks associated with these cranes. The Act prohibits the operation of new foreign cranes and, within five years, foreign software on cranes at U.S. ports, particularly those connected to a "covered foreign country". These covered foreign countries are identified as foreign adversaries by the intelligence community or the Secretary of Homeland Security and the Director of National Intelligence. The goal is to enhance port security and protect against potential cyber threats.
New Port Crane Security Act: Foreign-Made Cranes Face Stricter Scrutiny, Software Ban in 5 Years
The Port Crane Security and Inspection Act of 2025 aims to tighten security at U.S. ports by scrutinizing foreign-made cranes and their software. This means any new crane built in a "covered foreign country" that connects to the internet must be inspected for cyber threats by the Cybersecurity and Infrastructure Security Agency (CISA) before it can be used at a high-risk U.S. port.
Cranes Under the Microscope
The law focuses on cranes with tech that links up to a port's cyber systems and are made by entities controlled by what the government deems "covered foreign countries." These countries are defined as those flagged as adversaries in the intelligence community's Annual Threat Assessment or by the Secretary of Homeland Security and the Director of National Intelligence. Within 180 days of this Act becoming law, the Secretary of Homeland Security has to assess all foreign cranes—both existing and new—at U.S. ports. Any crane deemed a security risk gets pulled offline until it's certified safe. (SEC. 2)
Phasing Out Foreign Tech
Beyond inspections, the Act flat-out prohibits using foreign cranes at U.S. ports if the contract for that crane was signed after this law goes into effect. Even more significantly, it bans the use of any "foreign software" on all cranes at U.S. ports five years from now. (SEC. 3) "Foreign software," in this case, means anything made by a company completely owned by a "covered foreign country."
Real-World Ripple Effects
Imagine a port relying on cranes from a now-"covered" country. If those cranes are flagged as risky, they're out of commission until they can be secured, potentially causing delays in unloading cargo. This could impact everything from the availability of imported goods to the cost of those goods for consumers. On the flip side, U.S. crane manufacturers and cybersecurity firms might see a boost in business as ports scramble to replace or secure their equipment. For instance, a small cybersecurity firm specializing in industrial control systems could land a contract to assess and secure cranes at multiple ports, significantly growing their business. The five-year clock for software starts ticking, and ports will need a plan to comply. While this increases security, it also means figuring out budgets, new systems, and training - a big lift for both big and small ports.
The Big Picture and Potential Challenges
This law is all about reducing the risk of cyberattacks and espionage at critical infrastructure points. However, it could also strain relationships with countries now labeled as adversaries and potentially disrupt port operations. The definitions of "foreign crane" and "foreign software" will be crucial—and potentially debated—as the law is implemented. How these definitions are applied could significantly impact which countries and companies are affected.