ISA NATIONAL DEFENSE CYBER THREAT REPORT:TRANSPORTATION SYSTEMS PART 2

Our Transportation Infrastructure Is Already Compromised, Endangering National Security

The People’s Republic of China has forecast its intent to move against Taiwan as early as 2027. Such a move creates extensive strategic concerns for the United States and could generate the need for a physical show of force. However, if, for example, the U.S. decided that moving troops into the region was necessary, could we get those troops onto our ships?

As Ranking Member of the House Homeland Security Committee Bennie Thompson has warned, “the threats [from the Chinese Communist Party] are very real. The CCP is looking for every opportunity to undermine our security and get the upper hand on the U.S. globally” (22).

A 2025 report by the House Homeland Security Committee found:

“The U.S. maritime sector is dangerously reliant on equipment and technology that has been produced, manufactured, assembled, or installed in the PRC, including ship-to-shore cranes, container handling equipment, and various other critical maritime infrastructure components…. In the event of a future conflict in the Indo-Pacific region, Communist China would undoubtedly seek to limit the U.S. military’s response by targeting or exploiting vulnerabilities in the very same U.S.-based maritime equipment and technology that they produced, manufactured, assembled, or installed” (11).

 

 

Our Transportation Infrastructure Is Vulnerable Due to Our Outdated Tactical Approach

China’s success in infiltrating U.S. infrastructure—as well as similar infrastructure around the world—is the result of a well-conceived cyber strategy known as the Digital Silk Road (DSR). The DSR links together Chinese institutions—technology, financial, military, educational, and others—to cross-subsidize Chinese products, enabling them to win contracts that facilitate China’s digital access to these infrastructures whenever it serves China’s interests (FAC – ISA). The House Committee report specifically notes that vulnerabilities within maritime infrastructure, and the resulting reliance on China for even basic operational functionality, are “due in large part to noncompetitive pricing that favors PRC SOEs, technological disparities, and the lack of domestic manufacturer alternatives.” This strategy aligns with Ranking Member Thompson’s warning that “China is carrying out cyberattacks for espionage and to position itself for attacks against our critical infrastructure in the event of a future conflict” (22).

Testimony from the Paladin Group before the House Committee in January pinpointed how the piecemeal approach U.S. policy has taken toward cybersecurity places the nation at a competitive disadvantage relative to adversaries that do not allow outdated structures to impede their national interests. “Working often through creative investment vehicles, the PRC took a strategic approach to eventually holding our infrastructure at risk, while the United States took a tactical approach to blocking transactions that raised national security concerns.” Cyberattacks on port systems have grown by 900% over the past three years. Naval cybersecurity experts warn that adversaries could plant malware on port systems and activate it at a critical moment—such as during a naval confrontation—thereby crippling military resupply operations (5).

Chinese hackers have penetrated communications infrastructure and naval ports over a five-year period, targeting systems that connect the United States to Asia as well as cyber systems within Taiwan. This activity gives China the potential capability to hinder U.S. military mobilization during a crisis (15). In a Taiwan conflict scenario, adversaries could activate pre-positioned malware to disrupt port operations critical to military sea lift, interfere with air traffic control systems, compromise rail systems transporting military equipment, and create cascading failures across transportation networks. Such disruptions could delay U.S. military response during critical initial phases of conflict. The time has come—long past—for the United States to develop a true digital strategy, including reforming the antiquated congressional process that blocks speedy and effective updates to cybersecurity laws and policy.

 

Cybersecurity Challenges Facing America’s Transportation Infrastructure

American transportation systems—including maritime ports, rail networks, and aviation infrastructure—face persistent cyber threats from state-sponsored actors, with direct implications for military readiness and national defense capabilities.

The National Security Agency, working with security services from nine nations, has documented large-scale cyberattacks by Chinese state-sponsored actors against transportation sectors worldwide since at least 2021 (1). The FBI has testified that the Chinese government is preparing “bold and unrelenting” attacks on U.S. infrastructure, explicitly naming transportation among its primary targets (2).

 

Documented Intrusions and Vulnerabilities

A congressional report revealed that 80% of ship-to-shore cranes at U.S. ports are manufactured in China.

Cyberattacks in the aviation sector increased by 74% since 2020, threatening an industry that contributes $1.9 trillion to U.S. GDP (6). In September 2024, Seattle-Tacoma International Airport fell victim to a ransomware attack that disrupted critical systems for more than a week (7). Aerospace company Thales documented a 600% increase in aviation cyberattacks in 2024 alone (8).

Congressional leaders have noted that Volt Typhoon, a Chinese state-sponsored actor, maintained access to U.S. transportation infrastructure for at least five years. FBI Director Wray stated that “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors” (9). Intelligence Community assessments note that China is “almost certainly capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including rail systems” (10).

 

The Defense Infrastructure Connection

America’s transportation systems constitute essential components of national defense capability. Adversaries understand that targeting transportation infrastructure could significantly hinder America’s capacity to deploy, supply, and sustain military forces (14).

 

Economic and Policy Challenges

The national cybersecurity workforce shortage—estimated at more than 500,000 professionals—significantly impacts the transportation sector’s defensive capabilities (16). This shortage is particularly acute in maritime and rail operations requiring specialized operational technology knowledge.

Transportation infrastructure operators must balance security investments against competitive economic pressures. Legacy systems throughout the sector were not designed with modern cybersecurity threats in mind, making them particularly vulnerable (17). Modern ports blend legacy and modern systems that were never designed to operate securely together, making them vulnerable to lateral movement and disruptive attacks (18).

Attempts to address these challenges through traditional regulatory models have proven unsuccessful and may be counterproductive. Regulatory overlap between agencies distracts trained cyber personnel by forcing them to focus on compliance rather than security. The FAA and TSA share aviation cybersecurity responsibility, but overlapping mandates blur authority, resulting in fragmented oversight and inconsistent regulations (21). The Government Accountability Office found that TSA directives did not align with leading ransomware practices and, as of November 2024, its recommendations remained unimplemented (22).

 

The NDAA Connection

Given the clear connection between transportation infrastructure security and military readiness, future National Defense Authorization Act legislation could address these challenges by:

• Recognizing transportation infrastructure cybersecurity as having direct national defense implications, particularly for strategic ports, airports, and rail corridors critical to military mobilization
• Supporting workforce development initiatives targeting operational technology cybersecurity professionals
• Examining regulatory consolidation opportunities to reduce duplication while enhancing security outcomes
• Requiring threat information sharing between transportation operators and military logistics commands

 

Looking Forward

America’s transportation infrastructure faces persistent cybersecurity challenges from nation-state adversaries who view these systems as both economic and military targets. The documented presence of Chinese, Russian, and Iranian threat actors within maritime, aviation, and rail networks represents a clear threat to commercial operations and military readiness. Addressing these challenges requires coordination among federal agencies, infrastructure operators, and the cybersecurity community. It also requires honest recognition that transportation infrastructure security is fundamentally a national defense issue, not merely a commercial concern. The economic and military power of the United States depends on the secure and reliable operation of its transportation networks. Our adversaries understand this reality and are positioning themselves to exploit it. The question is whether our policy responses will match the scale and urgency of the threat.

 

 

 

 

Endnotes:

1. National Security Agency, joint international report on Salt Typhoon operations, September 2025. The Washington Times, “NSA reveals new details of global cyberattacks by Chinese state-linked hackers,” September 2, 2025.

2. FBI Director Christopher Wray, testimony at Vanderbilt Summit on Modern Conflict and Emerging Threats, Nashville, Tennessee, April 18, 2024. Reported by The National Desk, “Chinese hackers preparing ‘bold and unrelenting’ attacks on U.S. infrastructure: FBI,” April 19, 2024.

3. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), joint advisory on Volt Typhoon operations, February 2024. The Hacker News, “Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade,” February 9, 2024.

4. House Select Committee on the Chinese Communist Party, report on supply chain threats to US port infrastructure, 2024. Dark Reading, “Concerns Over Supply Chain Attacks on US Seaports Grow,” September 19, 2024.

5. NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), policy brief on maritime cybersecurity threats, 2025. FreightWaves, “NATO warns ports vulnerable to ‘unprecedented’ cyber threats,” July 24, 2025.

6. Cyble Research and Intelligence Labs, “Cyber Threats Surge Against Maritime Industry In 2025,” July 29, 2025.

7. Naval Dome maritime cybersecurity research; Booz Allen Hamilton, “Cyber Attacks on Navy Port Supply Operations,” April 4, 2025.

8. U.S. Senator Maria Cantwell, opening remarks at Senate Commerce Committee hearing on aviation cybersecurity threats, September 18, 2024.

9. Technology Advancement Center, “Together Against Threats: Advancing Aviation Cybersecurity Through Collective Action,” February 18, 2025. Port of Seattle breach notification letters documenting August 2024 Rhysida ransomware attack.

10. Thales Aerospace Company Cybersecurity Report, 2024; Travel and Tour World, “The Truth Behind the Airport Cyberattack Nightmares,” September 20, 2025.

11. House Committee on Homeland Security Chairman Mark E. Green and Select Committee on the Chinese Communist Party Chairman John Moolenaar, Fox News op-ed, December 16, 2024; U.S. Department of Justice press release, “U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure,” February 6, 2025.

12. Intelligence Community annual threat assessments, 2023 and 2024. Industrial Cyber, “DHS ratifies TSA security directives to boost rail safety and cyber threat response,” January 22, 2025.

13. Foundation for Defense of Democracies (FDD), Cyberspace Solarium Commission 2.0 report on transportation infrastructure vulnerabilities. Industrial Cyber, “Cyber threats to rail, ports, airports could cripple US military mobilization, FDD report warns,” April 2, 2025.

14. U.S. Transportation Command testimony to Congress on strategic seaport program. Congress.gov, “Port Cybersecurity: The Insidious Threat to U.S. Maritime Ports,” House Committee hearing, 2023.

15. Booz Allen Hamilton, “Cyber Attacks on Navy Port Supply Operations,” April 4, 2025.

16. Darktrace, “Adapting to new USCG cybersecurity mandates: Darktrace for ports and maritime systems,” May 20, 2025. U.S. Coast Guard Marine Transportation System economic impact data.

17. Foundation for Defense of Democracies report on military mobilization vulnerabilities, 2025.

18. Foundation for Defense of Democracies policy brief, Jack Burnham, “Chinese-Linked Hackers Accused of Infiltrating U.S. Treasury Department,” January 3, 2025.

19. (ISC)² Cybersecurity Workforce Study estimates, 2024-2025.

20. Foundation for Defense of Democracies report cited in Cybersecurity Dive, “Aviation sector faces heightened cyber risks due to vulnerable software, aging tech,” April 14, 2025.

21. Darktrace analysis of maritime port operational technology environments, May 202

22. Bennie G. Thompson, Hearing Statement of Ranking Member Bennie G. Thompson (D-MS), “Countering Threats Posed by the Chinese Communist Party to U.S. National Security,” March 5, 2025