Global cyberattackers want to paralyze our freedom of movement

From the beginning, the United States has been a commercial republic, drawing vast resources out of our heartland and through our ports to drive broad-based prosperity and dynamism. For generations, America’s core economic policy has been to ensure freedom of movement of goods and people, keeping the shipping lanes open and the lifeblood of our republic flowing.

The rise of digital technology promised to wipe out obstacles to free exchange around the world. But the reality has been different. Increasingly sophisticated and persistent cyberattacks degrade — and, if left unchecked, destroy — our basic capabilities in our most strategically vital of economic operations: large-scale logistics and transportation.

In 2017, the NotPetya cyberattack devastated global shipping, severely disrupting operations at Maersk, the world’s largest shipping company. Port terminals across Europe and the U.S. reverted to manual processes, causing billions in losses, weeks of chaos, and global supply chain paralysis. NotPetya was not merely a costly inconvenience; it was a stark warning of how cyberattacks can paralyze maritime logistics precisely when they’re most needed. Yet despite the magnitude of this incident, lessons have largely gone unheeded.

The lead-up to Russia’s 2022 invasion of Ukraine again saw European ports targeted with disruptive cyberattacks, a clear demonstration of how cyber warfare sets the stage for military conflict. However, American maritime infrastructure continues to prioritize short-term economic efficiency gains over comprehensive cybersecurity resilience.

Alarmingly, Chinese companies have supplied critical equipment to U.S. ports for years, raising significant cybersecurity concerns due to potential espionage and sabotage risks. Recently, U.S. authorities have begun steps to restrict or entirely remove Chinese-made cranes, surveillance systems, and automation technologies from critical American port facilities, recognizing the severe national security risks posed by foreign-controlled equipment embedded deeply within sensitive maritime infrastructure.

That’s a good first step, if an overdue no-brainer. But we can hardly stop there. America’s rail infrastructure shares equally troubling vulnerabilities. Positive Train Control, mandated to prevent train collisions, relies on a proprietary wireless protocol operating on the 220 MHz spectrum, now proven susceptible to unauthorized access. Recent cybersecurity research demonstrated that reverse-engineered radios allow attackers to intercept and manipulate safety-critical signals, highlighting dangerous gaps in rail cybersecurity.

Despite these vulnerabilities, the rail industry is pushing back against recent Transportation Security Administration cybersecurity proposals. Industry representatives argue that these regulations — including classifying PTC as a critical cyber system — are economically burdensome, unnecessarily prescriptive, and distract from existing security measures.

Meanwhile, the rail industry’s continued push toward consolidating essential safety systems, including the Centralized Traffic Control system, onto the vulnerable 220 MHz spectrum further amplifies cybersecurity risks, potentially turning vital infrastructure into a strategic liability during a crisis. This behavior abounds across the critical infrastructure industries, as executives push for low-cost solutions vs. upgrading to more secure ones. Extrapolating this across every sector, we can see how there might be tens if not hundreds of critical single points of failure.

Unfortunately, self-fostered troubles like these even extend off-planet. Space launch infrastructure, critical for U.S. national security and economic stability — supporting GPS, global communications, and defense missions — also remains vulnerable. Decades-old launch facilities and outdated digital control systems present glaring cybersecurity weaknesses. Cyber disruptions in this sector could sabotage vital satellite deployments or delay crucial defense missions precisely at critical times.

Securing transportation infrastructure isn’t merely economically prudent — it’s an urgent national security imperative. President Trump’s second term provides a crucial opportunity to decisively address these vulnerabilities. Ports, railways, and space launch systems are not simply economic assets; they are strategic arteries our adversaries will target to incapacitate America’s response capabilities during crises.

America must prioritize embedding cybersecurity resilience in every aspect of transportation infrastructure modernization. Allowing short-term efficiencies to override cybersecurity leaves America dangerously exposed exactly when strength and reliability are most crucial.