Sen. Scott pushes bipartisan bill for cyber audits of US infrastructure to counter Chinese threat

Republican Sen. Rick Scott is spearheading a bipartisan effort to spark a nationwide effort to identify and address foreign cyber threats to America’s maritime and port facilities, especially vulnerabilities to threats from the Chinese Communist Party.

The Florida senator introduced the measure – The Maritime Cybersecurity Act – on Tuesday with New Jersey Democratic Sen. Andy Kim.

The measure, more specifically, will, if passed and signed into law, require the Department of Homeland Security to conduct yearly assessments on the vulnerabilities in the U.S. maritime transportation and commerce infrastructure. 

In recent years, a House investigation uncovered unusual Chinese technological components in port cranes, and U.S. intelligence agencies have warned that Chinese state-backed hackers have burrowed into energy, communications and water infrastructure to lie in wait. 

“America’s enemies are looking for vulnerabilities and cracks in our armor. Facilitating basic assessments to identify our weaknesses in security is a commonsense measure to keep American assets safe both – domestic and abroad,” Scott exclusively told Just the News.

“My bill makes sure our trade and waters cannot be disrupted by bad actors, especially the Chinese Communist Party (CCP). We have to be prepared to take on the cyber criminals backed by Beijing, and this bill takes a major step toward doing that."

The proposed legislation mandates that maritime facility owners and operators provide yearly disclosures regarding the use of hardware and software that was either manufactured or is operated by a “foreign entity of concern” or a “foreign country of concern,” according to a draft of the bill reviewed by Just the News. 

The bill would require operators to formally certify that the systems are safe from cyber threats. In instances in which such certification cannot be met, continued operation would hinge upon the issuance of a specific waiver.

“Our nation must be equipped to tackle evolving 21st-century threats," Kim said in a statement. "Cybersecurity resilience is a critical facet of national security, and this bipartisan bill is a strong first step to ensure we are prepared to address vulnerabilities and stop these threats wherever they are – including at maritime facilities."  

The bill also directs the Homeland Security secretary to implement mitigation strategies for any identified vulnerabilities and compels annual briefings to Congress detailing investigative findings, security interventions and recommendations.

A joint congressional investigation by the House Committee on the Chinese Communist Party and Committee on Homeland Security recently exposed significant security vulnerabilities at American ports involving cargo cranes supplied by a Chinese state-backed manufacturer, sparking concerns about the Communist-run country's ability to cripple critical infrastructure operations. 

The manufacturer, the Chinese state-backed company Shanghai Zhenhua Heavy Industries (ZPMC), is the dominant manufacturer in the sector, accounting for about 80% of the ship-to-shore cranes now operational at U.S. maritime ports, according to the U.S. Coast Guard. 

The probe uncovered more than a dozen cellular modems installed on crane components and within a port server room – equipment that was unexpected and undocumented in any existing contracts. 

Lawmakers and intelligence officials expressed concern that these devices could serve as a backdoor for remote access, potentially allowing the Chinese Communist Party (CCP) to conduct espionage or disrupt shipping during a crisis.

According to the investigation, one port reported that the modems appeared to have been installed in China during the manufacturing process around 2017 and were subsequently removed in October 2023. These concerns are bolstered by a 2021 incident where the FBI discovered intelligence-gathering equipment on a vessel delivering ZPMC cranes to the Port of Baltimore. 

“ZPMC cranes contain a variety of subcomponents sourced from different countries. 

Frequently, the subcomponents are assembled and configured within China before being shipped to their final destination. 

"This critical process occurring within China, combined with the requirements placed on SOEs to cooperate with the Chinese government, creates the potential for a supply chain compromise,” the Coast Guard Cyber Command warned in a report. 

“Such a compromise could grant China-affiliated malicious cyber actors remote access to conduct espionage, manipulate, or disrupt US-based cranes."

Scott also separately introduced the Strengthening Cyber Resilience Against State-Sponsored Threats Act to the Senate on Tuesday, aiming to establish an inter-agency task force to annually assess threats from Chinese state-sponsored cyber actors. The measure is a companion to a House bill introduced by Rep. Andy Ogles, R-Tenn., which passed the chamber last November. 

“As the world’s leading digital economy, America has the most to lose in a cyberattack," Scott said in a statement. "If we don’t secure our digital infrastructure, hackers could cut power to your house, empty your bank account, or disable life support for a loved one in the hospital."

The legislation aims to create mechanisms within the federal government to respond to Chinese hackers' recent efforts to burrow into critical U.S. systems, according to a draft reviewed by Just the News. 

In February 2024, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency warned that the Chinese state-sponsored cyber group Volt Typhoon had successfully compromised networks in several critical U.S. sectors such as communications, energy, transportation systems, and water and wastewater systems. 

Evidence from the Volt Typhoon hack, as well as documented intrusions by the Flax and Salt Typhoon groups, showed that Chinese hackers were “seeking to pre-position” themselves on U.S. networks to carry out “disruptive or destructive cyberattacks” in the event of a “major crisis or conflict with the United States,” the agencies concluded. 

The cyber threat, specifically from Chinese-made technology components, has already prompted the Trump administration to take action. 

In March, the Federal Communications Commission took radical action to ban the import of internet routers manufactured in foreign countries, citing the unacceptable security risks posed by Chinese hackers to U.S. critical infrastructure, Just the News previously reported. The FCC specifically cited the Volt, Salt, and Flax Typhoon hacks to justify the decision. 

The FCC’s new policy added all foreign-manufactured internet routers to the Covered List, which bans the import of such devices to the United States, but it does not affect previously purchased routers. 

The scrutiny focused on major brands like TP-Link, a Chinese company that is a global leader in networking devices, including routers. While TP-Link’s routers are popular for their affordability and widespread availability, their extensive use in American homes, businesses and even government networks alarmed lawmakers. 

One fear was that the PRC government could compel Chinese companies, under their national security laws, to install backdoors, gather data, or enable sabotage on behalf of the CCP. Under China’s 2015 National Security Law, Chinese companies and citizens must cooperate with the Chinese Communist Party and intelligence agencies. 

In 2024, then-FBI Director Christopher Wray said that Chinese hacking in the United States had “reached something closer to a fever pitch” and warned that China is "poised to attack whenever Beijing decides the time is right.”