ISA NATIONAL DEFENSE CYBER THREAT REPORT: TRANSPORTATION SYSTEMS

Our Transportation Infrastructure is Already Compromised Endangering National Security

The People’s Republic of China has forecast its intent to move against Taiwan as early as 2027.  Such a move creates extensive strategic concerns for the United States, which could generate the need for a physical show of force.

However, if, for example, the US decided moving troops into the region was necessary, could we get the troops on our ships?

A 2025 Report by the House Homeland Security Committee found:

“The U.S. maritime sector is dangerously reliant on equipment and technology that has been produced, manufactured, assembled, or installed in the PRC, including ship-to-shore cranes, container handling equipment, and various other critical maritime infrastructure components…. In the event of a future conflict in the Indo-Pacific region, Communist China would undoubtedly seek to limit the U.S. military’s response, by targeting or exploiting vulnerabilities in the very same U.S.-based maritime equipment and technology that they produced, manufactured, assembled, or installed.”¹¹

 

Our Transportation Infrastructure is Vulnerable Due to our Outdated Tactical Approach

China’s success in invading US infrastructure – as well as similar infrastructure around the world — is the result of a well-conceived cyber strategy known as the Digital Silk Road (DSR).  The DSR links together all manner of Chinese institutions –tech, financial, military, educational, etc., to cross-subsidize Chinese products, enabling them to win contracts facilitating China’s digital access to these infrastructures whenever China finds it to be in its interest. (FAC – ISA).

The House Committee Report specifically notes that the vulnerabilities resulting in our maritime infrastructure and hence our reliance on China for even the most basic functioning of our infrastructure “is due in large part to noncompetitive pricing that favors PRC SOEs, technological disparities, and the lack of domestic manufacturer alternatives.”

Testimony from the Paladin Group before the House Committee in January pinpointed how the piecemeal approach US policy has taken to our own cybersecurity puts us at a competitive disadvantage to our adversaries, who are not allowing outdated structures to impede their national interests.

“Working often through creative investment vehicles, the PRC took a strategic approach to eventually holding our infrastructure at risk while the United States took a tactical approach to blocking transactions that raised national security concerns.”

Cyberattacks on port systems have grown by 900% over the past three years. Naval cybersecurity experts warn that adversaries could plant malware on port systems and activate it during a critical moment—such as during a naval confrontation—thereby crippling military resupply operations⁵.

Chinese hackers have penetrated communications infrastructure and naval ports over five years, targeting systems that connect the United States to Asia and cyber systems within Taiwan. This gives China the potential capability to hinder U.S. military mobilization during a crisis¹⁵.

In a Taiwan conflict scenario, adversaries might activate pre-positioned malware to disrupt port operations critical to military sealift, interfere with air traffic control systems, compromise rail systems moving military equipment, and create cascading failures across transportation networks. Such disruptions could delay U.S. military response during critical initial phases of conflict.

The time has come (long past) for the US to develop a true digital strategy, including reforming the antiquated congressional process that blocks speedy and effective updates in cybersecurity laws and policy.

 

Cybersecurity Challenges Facing America’s Transportation Infrastructure

American transportation systems—including maritime ports, rail networks, and aviation infrastructure—face persistent cyber threats from state-sponsored actors with direct implications for military readiness and national defense capabilities.

The National Security Agency, working with security services from nine nations, has documented large-scale cyberattacks by Chinese state-sponsored actors against transportation sectors worldwide since at least 2021¹. The FBI testified that the Chinese government is preparing “bold and unrelenting” attacks on U.S. infrastructure, explicitly naming transportation among primary targets².

Documented Intrusions and Vulnerabilities

A congressional report revealed that 80% of ship-to-shore cranes at U.S. ports are manufactured in China.

Aviation sector cyberattacks increased 74% since 2020, threatening an industry contributing $1.9 trillion to U.S. GDP⁶. In September 2024, Seattle-Tacoma International Airport fell victim to ransomware that disrupted critical systems for over a week⁷. Aerospace company Thales documented a 600% increase in aviation cyberattacks in 2024 alone⁸.

Congressional leaders noted that Volt Typhoon, a Chinese state-sponsored actor, maintained access to U.S. transportation infrastructure for at least five years. FBI Director Wray stated that “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”⁹ Intelligence Community assessments note that China is “almost certainly capable of launching cyber-attacks that could disrupt critical infrastructure services within the United States, including against rail systems.”¹⁰

The Defense Infrastructure Connection

America’s transportation systems constitute essential components of national defense capability. Adversaries understand that targeting transportation infrastructure could significantly hinder America’s capacity to deploy, supply, and sustain military forces¹⁴.

Economic and Policy Challenges

The national cybersecurity workforce shortage—estimated at over 500,000 professionals—significantly impacts the transportation sector’s defensive capabilities¹⁶. This shortage is particularly acute in maritime and rail operations requiring specialized operational technology knowledge.

Transportation infrastructure operators must balance security investments against competitive economic pressures. Legacy systems throughout the sector were not designed with modern cybersecurity threats in mind, making them particularly vulnerable¹⁷. Modern ports blend legacy and modern systems that were never designed with cybersecurity in mind, making them vulnerable to lateral movement and disruptive attacks¹⁸.

Attempts to address this issue through traditional regulatory models have proven unsuccessful and may be counterproductive. Regulatory overlap between agencies distracts trained cyber personnel from focusing on compliance instead of security. The FAA and TSA share aviation cybersecurity responsibility, but overlapping mandates blur authority, resulting in fragmented oversight and inconsistent regulations²¹. The Government Accountability Office found TSA’s directives did not align with ransomware leading practices and, as of November 2024, its recommendations remained unimplemented²².

 

The NDAA Connection

Given the clear connection between transportation infrastructure security and military readiness, future National Defense Authorization Act legislation could address these challenges by:

• Recognizing transportation infrastructure cybersecurity as having direct national defense implications, particularly for strategic ports, airports, and rail corridors critical to military mobilization
• Supporting workforce development initiatives targeting operational technology cybersecurity professionals
• Examining regulatory consolidation opportunities to reduce duplication while enhancing security outcomes
• Requiring threat information sharing between transportation operators and military logistics commands

 

Looking Forward

America’s transportation infrastructure faces persistent cybersecurity challenges from nation-state adversaries who view these systems as both economic and military targets. The documented presence of Chinese, Russian, and Iranian threat actors within maritime, aviation, and rail networks represents a clear threat to commercial operations and military readiness.

Addressing these challenges requires coordination among federal agencies, infrastructure operators, and the cybersecurity community. It also requires honest recognition that transportation infrastructure security is fundamentally a national defense issue, not merely a commercial concern.

The economic and military power of the United States depends on the secure and reliable operation of our transportation networks. Our adversaries understand this reality and are positioning themselves to exploit it. The question is whether our policy responses will match the scale and urgency of the threat.

 

 

 

 

Endnotes:

1. National Security Agency, joint international report on Salt Typhoon operations, September 2025. The Washington Times, “NSA reveals new details of global cyberattacks by Chinese state-linked hackers,” September 2, 2025.
2. FBI Director Christopher Wray, testimony at Vanderbilt Summit on Modern Conflict and Emerging Threats, Nashville, Tennessee, April 18, 2024. Reported by The National Desk, “Chinese hackers preparing ‘bold and unrelenting’ attacks on U.S. infrastructure: FBI,” April 19, 2024.
3. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), joint advisory on Volt Typhoon operations, February 2024. The Hacker News, “Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade,” February 9, 2024.
4. House Select Committee on the Chinese Communist Party, report on supply chain threats to US port infrastructure, 2024. Dark Reading, “Concerns Over Supply Chain Attacks on US Seaports Grow,” September 19, 2024.
5. NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), policy brief on maritime cybersecurity threats, 2025. FreightWaves, “NATO warns ports vulnerable to ‘unprecedented’ cyber threats,” July 24, 2025.
6. Cyble Research and Intelligence Labs, “Cyber Threats Surge Against Maritime Industry In 2025,” July 29, 2025.
7. Naval Dome maritime cybersecurity research; Booz Allen Hamilton, “Cyber Attacks on Navy Port Supply Operations,” April 4, 2025.
8. S. Senator Maria Cantwell, opening remarks at Senate Commerce Committee hearing on aviation cybersecurity threats, September 18, 2024.
9. Technology Advancement Center, “Together Against Threats: Advancing Aviation Cybersecurity Through Collective Action,” February 18, 2025. Port of Seattle breach notification letters documenting August 2024 Rhysida ransomware attack.
10. Thales Aerospace Company Cybersecurity Report, 2024; Travel and Tour World, “The Truth Behind the Airport Cyberattack Nightmares,” September 20, 2025.
11. House Committee on Homeland Security Chairman Mark E. Green and Select Committee on the Chinese Communist Party Chairman John Moolenaar, Fox News op-ed, December 16, 2024; U.S. Department of Justice press release, “U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure,” February 6, 2025.
12. Intelligence Community annual threat assessments, 2023 and 2024. Industrial Cyber, “DHS ratifies TSA security directives to boost rail safety and cyber threat response,” January 22, 2025.
13. Foundation for Defense of Democracies (FDD), Cyberspace Solarium Commission 2.0 report on transportation infrastructure vulnerabilities. Industrial Cyber, “Cyber threats to rail, ports, airports could cripple US military mobilization, FDD report warns,” April 2, 2025.
14. S. Transportation Command testimony to Congress on strategic seaport program. Congress.gov, “Port Cybersecurity: The Insidious Threat to U.S. Maritime Ports,” House Committee hearing, 2023.
15. Booz Allen Hamilton, “Cyber Attacks on Navy Port Supply Operations,” April 4, 2025.
16. Darktrace, “Adapting to new USCG cybersecurity mandates: Darktrace for ports and maritime systems,” May 20, 2025. U.S. Coast Guard Marine Transportation System economic impact data.
17. Foundation for Defense of Democracies report on military mobilization vulnerabilities, 2025.
18. Foundation for Defense of Democracies policy brief, Jack Burnham, “Chinese-Linked Hackers Accused of Infiltrating U.S. Treasury Department,” January 3, 2025.
19. (ISC)² Cybersecurity Workforce Study estimates, 2024-2025.
20. Foundation for Defense of Democracies report cited in Cybersecurity Dive, “Aviation sector faces heightened cyber risks due to vulnerable software, aging tech,” April 14, 2025.
21. Darktrace analysis of maritime port operational technology environments, May 2025.
22. Congressional testimony on Marine Transportation System vulnerabilities, 2023.
23. Transportation Security Administration, “TSA issues new cybersecurity requirements for passenger and freight railroad carriers,” press release, October 18, 2022.
24. Transportation Security Administration, “TSA announces proposed rule that would require the establishment of pipeline and railroad cyber risk management programs,” November 6, 2024.
25. S. Cyberspace Solarium Commission 2.0, “Turbulence Ahead: Navigating the Challenges of Aviation Cybersecurity,” reported by Industrial Cyber, April 11, 2025.
26. S. Coast Guard, Maritime Transportation Security Act (MTSA) Cybersecurity Final Rule, published in Federal Register January 17, 2025, effective July 16, 2025.
27. Cyberspace Solarium Commission 2.0 analysis of regulatory fragmentation in aviation sector, April 2025.
28. S. Government Accountability Office, “Surface Transportation: TSA Is Taking Steps to Enhance Cybersecurity, but Additional Actions Are Needed,” GAO-25-107947, November 19, 2024.