InfoconDB

From Shanghai to the Shore: The Silent Threat in Global Shipping

Presented at DEF CON 33 (2025), Aug. 10, 2025, 10 a.m. (20 minutes).

Ship-to-shore cranes manufactured in China have faced increased scrutiny from the United States Congress in the past year due to concerns about potential supply chain vulnerabilities, pricing practices, and the global dependence on these critical infrastructure components produced by Chinese state-owned companies. Coast Guard Cyber Protection Teams (CPTs) have been the US government’s primary resource doing technical cybersecurity work on these cranes – to include assessment, threat hunting, and incident response operations. This talk discusses findings and recommendations from over 350 days of crane missions conducted by US Coast Guard CPTs, to include the existence of surprise cellular modems and potential attack paths. References: - Joint Investigation into CCP-Backed Company Supplying Cranes to U.S. Ports Reveals Shocking Findings: [link](https://homeland.house.gov/2024/03/12/wtas-joint-investigation-intoccp-backed-company-supplying-cranes-to-u-s-ports-reveals-shocking-findings/#:~:text=for%20remote%20communication.-,%E2%80%9C'Our%20Committees'%20investigation%20found%20vulnerabilities%20in%20cranes%20at%20U.S.,Homeland%20Security%20Committee%20Chairman%20Mark) - Investigation by Select Committee on the CCP, House Homeland Finds Potential Threats to U.S. Port Infrastructure Security from China: [link](https://selectcommitteeontheccp.house.gov/media/press-releases/investigation-select-committee-ccp-house-homeland-finds-potential-threats-us)

Presenters:

  • Kenneth Miltenberger
    Lieutenant Commander Kenny Miltenberger currently serves as the first Commanding Officer of the 2003 Cyber Protection Team (CPT) in Alameda, CA. He is responsible for protecting the nation’s Marine Transportation System in cyberspace by conducting hunt, assess, and incident response operations. His team is the Coast Guard’s newest CPT and the only CPT geographically detached from Coast Guard Cyber Command (CGCYBER). Kenny recently completed an assignment where he founded the Coast Guard’s Red Team and ran the Coast Guard's Blue Team (cooperative assessments). During that tour he founded CGCYBER’s educational phishing capability, led cyber Opposing Forces for a major multinational exercise, and oversaw over 100 Red and Blue Team missions during his tour. Other notable positions include his work as an engineer for the U.S. Navy’s Naval Sea Systems Command, where he was a developer on a shipboard cyber security platform. Kenny has a BS in Electrical Engineering from the Coast Guard Academy and an MS Electrical Engineering from University of Maryland College Park. Kenny has also worked as part-time faculty at University of Maryland, College Park, where he taught Binary Exploitation in their Cyber Masters Program. Industry certifications include OSCP, GXPN, GCPN, GREM, GPEN, GNFA, GCIH, GISP, and CISSP.
  • Nicholas Fredericksen
    Lieutenant Commander (LCDR) Nick Fredericksen currently serves as the first Commanding Officer of the 1790 Cyber Protection Team (CPT) in Washington, DC. He is responsible for protecting the nation’s Marine Transportation System (MTS) in cyberspace by conducting assess, hunt, and incident response operations. The 1790 CPT is the Coast Guard’s first CPT, reaching full operational status in Spring 2021. Nick's previous assignment was Deputy of Coast Guard Cyber Command’s Maritime Cyber Readiness Branch. His primary duties included leading a team of marine safety professionals trained in cybersecurity and dedicated to raising the consistency, competency, and capabilities of cybersecurity in the MTS. This included cybersecurity incident investigations; studying the Techniques, Tactics, and Procedures of threat actors; and providing critical stakeholders awareness publications and information sharing. Other notable assignments include conducting IT project management where he led the Coast Guard’s first service migration to a modernized, software-as-a-service managed solution. Nick has a BS degree in Operations Research and Computer Analysis and an MS in Information Systems Management from Florida Institute of Technology. His cybersecurity certifications include CISSP, GCIH, GICSP, GCFA, and GPEN.