Port Crane Security and Inspection Act of 2025

This bill aims to protect U.S. ports from cyber risks linked to large cargo cranes built or controlled by companies tied to foreign adversaries. It requires the Department of Homeland Security, through CISA, to inspect any new, internet‑connected foreign cranes at high‑risk ports before they’re used and to review the risks of cranes already in use. If a crane is judged a risk, it must be taken offline until it’s certified safe. It also blocks the operation of foreign cranes contracted on or after the bill’s enactment, and sets a five‑year deadline for any crane at a U.S. port to stop using software made by companies owned by a foreign adversary.

In plain terms, ports would see more security checks on certain foreign‑made, networked cranes, and some equipment could be paused until fixed. The goal is to reduce the chance that hackers could reach port systems through crane technology.

• Who is affected: U.S. ports that use foreign‑made, internet‑connected cranes; the companies that operate them; port workers and shippers who rely on that equipment.
• What changes:
  • CISA must inspect new foreign cranes at high‑risk ports before use, and review risks in existing cranes; risky cranes must be taken offline until safe.
  • Within 180 days of enactment, DHS must assess threats from foreign cranes across U.S. ports.
  • DHS must brief Congress within one year on the risks found.
  • No operation of foreign cranes contracted on or after enactment; five years after enactment, no crane may use adversary‑made software.
• When: Starts on the bill’s enactment; 180 days for the risk review; 1 year for the congressional briefing; 5 years for the software cutoff.