In the vast and dynamic landscape of China’s industrial sector, crane operators play a pivotal role, driving the country’s construction and maritime industries forward with precision and power. This in-depth guide delves into the world of crane operation in China, a topic of significant importance due to its far-reaching impacts on national security, economic stability, and labor rights.

Readers will gain insight into the historical context and recent developments in China’s crane industry, including the remarkable rise of Shanghai Zhenhua Heavy Industries (ZPMC) to global dominance. The guide will explore the technological and economic factors that have propelled Chinese crane manufacturers to the forefront of the global market, as well as the geopolitical tensions and cybersecurity concerns associated with their widespread use in U.S. ports.

Additionally, this guide will examine the labor movements and strikes by crane operators across China, highlighting their demands for better wages and working conditions, and the broader implications for the construction industry and societal change. By navigating the intricate web of technological innovation, economic competition

Why China’s cargo cranes at U.S. ports pose espionage risk

Guide to Security Risks Associated with Chinese-Made Cargo Cranes in U.S. Ports

Introduction

The use of Chinese-made cargo cranes in U.S. ports has raised significant security concerns due to potential cyber vulnerabilities and the risk of espionage. Here is a comprehensive guide to the issues and measures being taken.

Dominance of Chinese-Made Cranes

• Chinese company Shanghai Zhenhua Heavy Industries Co. Ltd. (ZPMC) dominates the global market for ship-to-shore (STS) cranes, with approximately 80% of the STS cranes in U.S. ports being manufactured by ZPMC[2][4][5].

Security Risks

Cyber Vulnerabilities

• The cranes are equipped with control technology that could enable remote access, posing a risk of cyber attacks. Built-in vulnerabilities for remote access and control, combined with China’s interest in disrupting U.S. critical infrastructure, are major concerns[1][5].

Embedded Communications Equipment

• Cellular modems have been found in Chinese-made cranes, some of which were installed without the knowledge or request of port authorities. These modems could be used for remote access, potentially allowing the Chinese government to monitor or disrupt port operations[3][4].

National Security Laws

• China’s national security laws mandate that companies cooperate with state intelligence agencies, raising the risk that ZPMC could be compelled to provide access to the Chinese government, enabling espionage or sabotage[2][4].

Investigative Findings

• A joint investigation by the House Homeland Security Committee and the Select Committee on the Chinese Communist Party found that ZPMC had pressured port operators to allow remote access to the cranes. This access could be extended to other PRC government entities, posing significant security risks[2][4].

Specific Incidents and Discoveries

• Over 12 cellular modems were discovered in Chinese-made cranes at several U.S. ports, some of which were used for operational functions like maintenance tracking, while others were installed without any clear purpose or authorization[3][4].

Recommendations and Actions

MARSEC Directives

• The U.S. Coast Guard has issued MARSEC Directive 105-5, which sets out additional cyber risk management requirements for STS cranes made by Chinese companies. This directive follows a previous mandate issued in February and includes security-sensitive information not available to the general public[1][5].

Port and Operator Responsibilities

• Port and terminal operators, crane owners, and other involved parties must contact their Coast Guard District commander or captain of the port to obtain a copy of the directive and implement the required security measures[1][5].

Government Initiatives

• The Biden administration has signed an executive order to strengthen maritime cybersecurity, fortify the supply chain, and strengthen the U.S. industrial base. This includes a $20 billion investment in U.S. port infrastructure over the next five years, with a focus on replacing Chinese-made cranes with those made in America[2][4].

Mitigation Strategies

Severing Remote Access

• Recommendations include severing connections between ZPMC cranes and cellular modems and installing operational technology monitoring software to enhance security[2][4].

Alternative Suppliers

• There is a push to transition away from Chinese-made cranes to those manufactured by other countries, although this is challenging due to ZPMC’s market dominance[2][4].

Conclusion

The presence of Chinese-made cargo cranes in U.S. ports poses significant security risks, including cyber vulnerabilities and the potential for espionage. Ongoing investigations and governmental actions aim to mitigate these risks through enhanced security directives, technological monitoring, and the promotion of domestic manufacturing. Ensuring the security of critical maritime infrastructure is crucial to protecting national security and the integrity of the U.S. supply chain.

China can spy on US with intelligence-gathering devices …

Guide to Chinese Espionage Threats Through Seaport Cranes in the US

Introduction

A recent congressional investigation has uncovered significant national security concerns related to Chinese-made cargo cranes used at U.S. seaports. These cranes, manufactured by the Chinese company Shanghai Zhenhua Heavy Industries Co. (ZPMC), have been found to contain technology that could enable espionage and disruption by the Chinese government.

Key Findings of the Congressional Investigation

Presence of Communication Equipment

• The investigation revealed that many of the Chinese-made cranes at U.S. ports are equipped with cellular modems and other communication devices. These modems, in some cases, were installed without the knowledge or request of the port authorities[1][3][4].

Potential for Espionage

• The cellular modems built into the cranes could allow the Chinese government to gain remote access to the machines. This access is facilitated by China’s national-security laws, which mandate companies to cooperate with state intelligence agencies[1][3][5].

Remote Access and Control

• ZPMC has pressured port operators to allow the company to maintain remote access to the cranes, ostensibly for diagnostic and maintenance purposes. However, this access could be extended to other Chinese government entities, posing a significant security risk[1][3][4].

Security Vulnerabilities

Unrequested Modems

• Several ports reported finding cellular modems on the cranes that were not requested and were not included in the contracts with ZPMC. These modems were connected to the cranes’ operating control systems and could be used for remote communication[3][4].

Backdoor Security Risks

• The modems create a backdoor security vulnerability, allowing for the collection of usage data and potentially bypassing firewalls. This could disrupt port operations and compromise the integrity of port activities[4].

Implications for National Security

Economic and Security Consequences

• The potential for Chinese espionage and sabotage through these cranes could have catastrophic economic and security consequences. A shutdown of port operations could cripple the U.S. economy and affect Americans nationwide[5].

Critical Infrastructure Vulnerability

• The widespread use of Chinese-made cranes, which account for roughly 80% of the seaport cranes in the U.S., makes the country’s critical infrastructure highly vulnerable to exploitation by the Chinese government[1][5].

Response and Mitigation Efforts

Biden Administration Actions

• In response to these findings, the Biden administration has planned to invest in replacing foreign-built cranes with domestically manufactured ones. Additionally, the administration has introduced maritime cybersecurity measures to protect against potential Chinese cyberattacks[2][5].

Cybersecurity Enhancements

• The U.S. Coast Guard has been authorized to require marine transportation systems to improve their cyber security conditions. This includes working with Japanese companies to start domestic production of ship-to-shore cranes to ensure a reliable supply of secure hardware[5].

Congressional Demands

• Members of the House Committee on Homeland Security have demanded detailed information on the cybersecurity threats posed by the Chinese-made cranes and have called for swift action to address these vulnerabilities[5].

Conclusion

The presence of Chinese-made cranes with embedded communication equipment at U.S. seaports poses a significant national security risk. The potential for espionage, disruption, and sabotage underscores the need for immediate action to secure critical infrastructure and protect American interests. The ongoing efforts by the Biden administration and congressional committees aim to mitigate these risks and ensure the integrity of U.S. port operations.

Chinese ‘spy cranes’ threat to national security, probe finds

It appears that the provided URL leads to a specific news article on a different topic and does not provide general information on how to access the New York Times online. However, based on the other sources provided, here is a comprehensive guide on how to access the New York Times online, particularly for users affiliated with educational or organizational institutions.

Accessing the New York Times Online

For UN Staff and Affiliates

Eligibility

• Access is available to current staff of the UN Secretariat in New York and to UN staff from some entities in the field.

Steps to Access

• Request a digital subscription using your official @un.org email address.
• Follow the instructions provided by the Dag Hammarskjöld Library to set up your NYT Digital Pass.
• Once registered, you will receive an email to activate the account[1].

Features Included

• Access to NYTimes.com with archives dating back to 1851.
• Full multimedia offering.
• Spanish and Chinese Language Editions.
• Access to Today’s Paper Web App.
• Email newsletters.
• Mobile Apps for phones and tablets.
• Cross-platform save functionality[1].

Renewal

• Subscriptions are for a 6-month period. To renew, visit nytimes.com/digitalpass, log out and log in using your @un.org email address, and follow the confirmation email to validate your email address and claim your new Digital Pass[1].

For Yale University Affiliates

Eligibility

• Current Yale faculty, undergraduate and graduate students, and staff are eligible.

Steps to Access

• Sign into Yale’s Cisco AnyConnect client with your Net ID and password.
• Go to https://nytimesineducation.com/access-nyt/ and select Yale University from the dropdown menu.
• Select “On campus click here” even if you are off-campus.
• Create an account using your @yale.edu address and select your Yale status.
• Sign in and you will be directed to nytimes.com[2].

Features Included

• Access to NYTimes.com.
• The New York Times app for smartphones and tablets.
• Access to archival content through library databases.
• Print or microform access from 1851-2010[2].

For American University Affiliates

Eligibility

• AU students, faculty, and staff are eligible.

Steps to Access

• Visit the library’s homepage, click on the ‘Databases’ tab, and search for “New York Times (website)”.
• If you have an existing paid NYT subscription linked to your AU email address, cancel it before linking your account to the library’s subscription.
• Register using your AU email address and create a password on the account registration page.
• Log in to your account on nytimes.com[4].

Features Included

• Digital access to the New York Times, including unlimited access to archived articles from 1981 to present.
• Access to up to 5 complementary articles published between 1923 and 1980 each day.
• iOS and Android apps available.
• Note: Academic Passes do not include e-reader editions, NYT Cooking, or New York Times Games content[4].

General Troubleshooting

Activation Issues

• If you encounter trouble activating or accessing your new account, send an email along with a screenshot of the error page to the relevant support email (e.g., edu@nytimes.com for American University)[4].

Existing Account Issues

• If you have trouble accessing your existing account, you may need to renew your registration. Visit the account registration page again and follow the instructions[4].

Access Through Library Databases

Archival Access

• For archival access or advanced search functionality, use library databases such as Proquest or the historical databases available through your institution’s library[1][2][4].

Print or Microform Access

• Many libraries also offer access to the New York Times in print or microform, covering a wide range of years, often from 1851 onwards[2].

By following these steps and guidelines, users affiliated with these institutions can gain comprehensive access to the New York Times online, including current and archival content.

Press Releases | Congressman Carlos Gimenez – House.gov

Guide to the Cybersecurity and National Security Threats Posed by Chinese-Made Cranes at U.S. Ports

Introduction

The use of Chinese-made cranes at U.S. ports has raised significant concerns regarding cybersecurity and national security. Here is a comprehensive guide outlining the key issues and findings from recent investigations.

Background

• Chinese state-owned company Shanghai Zhenhua Heavy Industries (ZPMC) dominates the global market for ship-to-shore (STS) container cranes, supplying nearly 80% of such cranes in the U.S. market[2][4].

Cybersecurity Vulnerabilities

• Unrequested Cellular Modems: Multiple cellular modems were found installed in Chinese-made cranes, many of which were not requested by the U.S. ports. These modems can be remotely accessed, posing a significant risk of espionage and disruption of port operations[1][3][4].
• Backdoor Access: The modems, connected to Linux computers on the cranes, create a backdoor security vulnerability. This allows for the collection of usage data and potentially bypassing firewalls, which could disrupt port operations[3][4].

National Security Risks

• Potential for Espionage: The Chinese Communist Party (CCP) could use these cranes to collect valuable intelligence on U.S. critical infrastructure, undercut trade competitors, and disrupt supply chains. This could have devastating economic consequences[1][2][4].
• Strategic Manipulation: ZPMC’s advanced port systems, developed in partnership with companies like Microsoft, could be manipulated by the PRC government to exploit U.S. maritime equipment and technology. This could influence global military and commercial activity, particularly in the event of a dispute over Taiwan[2].

Operational Risks

• Remote Control and Monitoring: The cranes can be controlled, serviced, and programmed from remote locations, making them vulnerable to exploitation by hostile powers. This could lead to the shutdown of domestic port operations, affecting both commercial and military supply chains[4][5].

Government Response

• Executive Order: President Joe Biden signed an executive order to improve cybersecurity at maritime ports, mandating the U.S. Coast Guard to develop minimum cybersecurity standards and requiring vessel operators to report cyber incidents[2].
• Coast Guard Directives: The Coast Guard has issued directives for ports to better secure Chinese-made cranes, including disassembling connections to cellular modems and implementing operational technology monitoring software[2][5].

Recommendations and Actions

• Immediate Disconnection: The House committees have urged the Coast Guard to issue guidance for U.S. ports to disassemble connections to ZPMC cranes’ cellular modems or any other method of connection[2].
• Domestic Production: Efforts are underway to start domestic production of ship-to-shore cranes in the U.S., in collaboration with Japanese companies, to reduce dependence on Chinese-made cranes[3].

Economic and Security Consequences

• Economic Impact: A potential shutdown of port operations due to these vulnerabilities could have catastrophic economic consequences, disrupting supply chains and affecting the nation’s economy significantly[4].
• Security Implications: The exploitation of these cranes could provide near-peer nation-state adversaries, like China, with the ability to cripple the U.S. economy through cyber means, highlighting the critical need for enhanced cybersecurity measures[4].

Conclusion

The presence of Chinese-made cranes at U.S. ports poses significant cybersecurity and national security risks. Addressing these vulnerabilities is crucial to protecting U.S. critical infrastructure and ensuring the integrity of maritime operations. Ongoing efforts by the U.S. government and port authorities aim to mitigate these risks through improved cybersecurity standards and the promotion of domestic crane production.

Biden admin warns House about China’s major presence …

Given that the provided URL is not accessible, the following guide is constructed based on the information from the other sources provided, focusing on the security risks and implications of Chinese-made cranes in U.S. ports.

Overview of the Issue

Chinese Dominance in Port Equipment

• Shanghai Zhenhua Heavy Industries (ZPMC), a company owned and controlled by the People’s Republic of China (PRC), dominates the global market share of ship-to-shore (STS) port cranes, accounting for roughly 80% of the STS cranes operational in U.S. ports[1][2][3].

Security Risks and Vulnerabilities

Cybersecurity Threats

• ZPMC cranes installed in U.S. ports contain cellular modems that are not part of the original contracts, allowing for potential remote access. This access could be extended to other PRC government entities, posing significant cybersecurity risks due to PRC’s national security laws that mandate cooperation with state intelligence agencies[1][2][3].

Potential for Espionage

• The presence of Chinese-made equipment and technology at American ports jeopardizes national security. ZPMC could serve as a “Trojan horse” for the CCP and PRC military to exploit and manipulate U.S. maritime equipment and technology[2][3].

Supply Chain Risks

• The PRC’s geopolitical ambitions, particularly regarding Taiwan, raise concerns about the security of U.S. maritime supply chains. In a potential future dispute, the PRC could restrict or manipulate the supply of critical components essential to U.S. maritime infrastructure, including STS cranes[1][3].

Contractual and Oversight Issues

Lack of Oversight and Control

• U.S. ports have multimillion-dollar contracts with ZPMC that do not prohibit or limit unauthorized modifications or access to equipment and technology. These contracts do not specifically bar the vendor from installing backdoors into equipment or modifying technology[1][3].

Assembly and Component Risks

• Critical crane components from other countries (e.g., Germany, Japan, Switzerland) are shipped to China for assembly by ZPMC without oversight from the original manufacturers, introducing additional security risks[1].

Recommendations and Actions

Immediate Security Measures

• Recommendations include severing connections between ZPMC cranes and cellular modems, and installing operational technology monitoring software to mitigate cybersecurity risks[1].

Long-Term Strategies

• The Department of Homeland Security (DHS) and the U.S. Coast Guard should prioritize closing security gaps, particularly at Guam’s port, and ensure the safety and security of DoD-designated commercial strategic seaports[1].

Policy and Regulatory Changes

• The Biden administration has announced an Executive Order to strengthen maritime cybersecurity, fortify the supply chain, and strengthen the U.S. industrial base. This includes a $20 billion investment into U.S. port infrastructure over the next five years and efforts to reshore a portion of the manufacturing in the U.S.[1][4].

Tariffs and Economic Measures

• Sweeping tariff increases have been proposed on Chinese goods, including ship-to-shore cranes, to address the security risks. The tariffs aim to balance economic impacts with security interests, with exclusions for contracts executed prior to specific dates[4].

Broader Implications

Global Maritime Influence

• China’s dominance in maritime infrastructure, including port construction and ownership globally, poses significant economic and military security threats to the United States. This includes the potential for spying and intelligence gathering through access to port operations and logistics platforms[5].

Strategic Competitiveness

• The U.S. needs to develop a strategy to counter China’s influence in the maritime sector, including promoting transparency in global port infrastructure procurement and supporting competitive offers to Chinese companies like ZPMC[5].

Pentagon Sees Giant Cargo Cranes as Possible Chinese …

Guide to the Concerns Over Chinese-Made Cargo Cranes as Potential Spy Tools

Introduction

Recent reports and investigations have raised significant concerns about the potential use of Chinese-manufactured cargo cranes at U.S. ports as tools for espionage and cyber attacks. Here is a comprehensive guide to the issue, including the key points, security concerns, and the responses from various stakeholders.

Background and Context

• Chinese state-owned company ZPMC (Zhenhua Heavy Industries) manufactures a significant majority (around 70-80%) of the ship-to-shore cranes used in U.S. ports, including those used by the U.S. military[2][3][4].
• The issue gained prominence following a report in The Wall Street Journal and subsequent discussions among national security and Pentagon officials.

Security Concerns

Sophisticated Electronics and Remote Control

• Modern cranes are equipped with sophisticated electronics, including sensors and remote monitoring software. This technology has raised fears that China could use these cranes to capture information about materials being shipped or disrupt port operations[1][2][4].
• The ability to remotely control these cranes is seen as a potential vulnerability that could be exploited for espionage or to disrupt U.S. logistics operations.

Cybersecurity Risks

• The cranes’ advanced technology makes them vulnerable to hacking attacks. U.S. intelligence experts have warned about the scale of Chinese attempts to plant spyware and mount cyberattacks on U.S. infrastructure[3].
• The Department of Transportation’s Maritime Administration (MARAD) has issued advisories highlighting the security risks associated with the remote monitoring features of ZPMC cranes.

Potential Impact on Supply Chains

• If compromised, these cranes could provide China with valuable insights into U.S. supply chains, potentially allowing them to disrupt operations or gain strategic economic advantages[2][3].

Official Responses and Investigations

Pentagon and National Security Officials

• Pentagon officials are investigating the security concerns related to the Chinese-made cranes. Comparisons have been made to a Trojan horse, suggesting that these cranes could be hiding in plain sight as potential spying tools[1][2][4].

U.S. Government Actions

• The Transportation Department has been required to consult with the defense secretary to produce a study on whether foreign-manufactured cranes pose cybersecurity or national-security threats at American ports[1].
• The Coast Guard, on behalf of the Department of Homeland Security, has announced new cyber-risk management requirements for owners and operators of Chinese-made cranes at U.S. ports[3].

Legislative Efforts

• The American Association of Port Authorities (AAPA) is supporting the introduction of the “Crane Reshoring and National Enforcement of Supply Chain Security Act” to restore U.S. manufacturing capabilities for cranes and other heavy port equipment[1].

Reactions from China and Other Stakeholders

Chinese Government Response

• Chinese officials have dismissed the concerns as “paranoia-driven” and “misleading to the American public.” They have described the reports as part of the “delusion of persecution” among Americans[1][2].

Industry Perspective

• The AAPA has characterized the media reports as “alarmist” and “sensationalized.” They argue that modern cranes cannot track the origin, destination, or nature of the cargo, and there is no evidence of nefarious activities[1].

Implications and Future Steps

Reshoring Manufacturing

• There is a growing push to bring port crane manufacturing back to the U.S. to reduce dependence on foreign suppliers and mitigate potential security risks. Funding for this initiative is expected to come from the Infrastructure Investment and Jobs Act and the Inflation Reduction Act[3].

Enhanced Security Measures

• New regulations and directives, such as Maritime Security Directive 105-4, are being implemented to reduce the cyber risk associated with Chinese-made cranes. Owners and operators are required to follow specific cyber risk management actions[3].

Conclusion

The concerns over Chinese-made cargo cranes highlight the complex interplay between national security, economic interests, and technological advancements. While the actual extent of the threat remains a subject of debate, the U.S. government and industry stakeholders are taking proactive steps to address potential vulnerabilities and ensure the security of U.S. ports and supply chains.

Chinese-made port cranes in US included ‘backdoor …

Guide to the Security Risks of Chinese-Made Port Cranes in the US

Introduction

A recent congressional examination has uncovered significant security vulnerabilities associated with Chinese-made port cranes used in US seaports. This guide provides an in-depth look at the findings and implications of this investigation.

Background of the Investigation

The investigation was conducted jointly by the House Select Committee on China and the House Homeland Security Committee. The 51-page report details the potential security risks posed by Chinese-made ship-to-shore cranes, particularly those manufactured by Shanghai Zhenhua Heavy Industries Company Limited (ZPMC), a state-owned Chinese company.

Key Findings

Technological Backdoors

• The report revealed that Chinese-made port cranes in the US included cellular modems that were not requested by US ports or included in contracts. These modems were intended for the collection of usage data on certain equipment but constitute a significant backdoor security vulnerability[1].

Unauthorized Modifications

• Contracts reviewed by lawmakers showed that many agreements allowed critical internal components from third-party contractors to be sent to ZPMC for installation. This practice raises concerns about the potential for unauthorized modifications and the installation of backdoors[1].

Remote Access Requests

• ZPMC has pressured port operators to allow the company to maintain remote access to the cranes, ostensibly for diagnostic and maintenance purposes. However, this access could potentially be extended to other Chinese government entities, posing a significant national security risk due to China’s national-security laws that mandate companies cooperate with state intelligence agencies[2][4].

Security Vulnerabilities

Cybersecurity Risks

• The cellular modems installed on the cranes could allow access by the Chinese government, enabling espionage and disruption of port operations. These modems can bypass firewalls and create an obscure method for collecting information[1][4].

Supply Chain Risks

• Even when critical components are sourced from non-Chinese companies (such as German, Japanese, or Swiss firms), these components are often shipped to China for assembly by ZPMC. This lack of oversight during the assembly process in China increases the risk of unauthorized modifications and backdoor installations[3][4].

Implications for National Security

Potential for Disruption

• The presence of these backdoors and the potential for remote access by Chinese entities pose a significant risk to the integrity of US port operations. In the event of a conflict, such as a dispute over Taiwan, China could potentially restrict or manipulate the supply of critical components, severely disrupting US commercial activities and hindering the Department of Defense’s (DoD) operations[3][5].

Geopolitical Concerns

• The report highlights the broader geopolitical ambitions of China, particularly regarding Taiwan, and the assertiveness of the Chinese government in the South China Sea. These factors exacerbate the security concerns associated with the use of Chinese-made equipment in critical US infrastructure[3].

Recommendations and Actions

Severing Connections and Monitoring

• The committees recommend that US ports sever the connections between ZPMC cranes and cellular modems and install operational technology monitoring software to enhance cybersecurity[3].

Strengthening Maritime Cybersecurity

• The Department of Homeland Security (DHS) and the US Coast Guard are advised to prioritize closing security gaps, especially at critical ports like Guam, and ensure the safety and security of DoD-designated commercial strategic seaports[3].

Domestic Production Initiatives

• To mitigate long-term risks, the Biden administration has called for investing billions of dollars in domestic production of ship-to-shore cranes, collaborating with companies like Japanese heavy industrials company Matsui to establish a reliable domestic supply of critical hardware[1].

Conclusion

The use of Chinese-made port cranes in US seaports poses significant cybersecurity and national security risks due to the presence of technological backdoors, unauthorized modifications, and the potential for remote access by Chinese entities. Addressing these vulnerabilities is crucial to ensuring the integrity and security of US port operations and broader national security.

Joint Investigation into CCP-Backed Company Supplying …

Joint Investigation into CCP-Backed Company Supplying Cranes to U.S. Ports: Key Findings and Implications

Introduction

A joint investigation by several House committees has uncovered significant concerns regarding Chinese-built cargo cranes deployed at various U.S. ports. The investigation, focused on Shanghai Zhenhua Heavy Industries (ZPMC), a state-owned Chinese manufacturer, has revealed the presence of unexpected communications equipment that raises serious national security concerns.

Discovery of Communications Equipment

• Cellular modems were found on ZPMC ship-to-shore (STS) crane components at multiple U.S. seaports.
• These modems were not part of the original equipment contracts and were installed without the knowledge or request of the U.S. ports.
• In one instance, a cellular modem was discovered in a server room housing the STS cranes’ firewall and networking equipment[1].

Scope of the Issue

• More than 12 cellular modems were found in Chinese-made cranes across several U.S. ports.
• While some modems were used for operational functions such as remote monitoring and maintenance tracking, others were installed without any operational justification.
• U.S. port personnel who inspected the cranes in China found the modems already installed before the cranes were shipped to the U.S.[1].

Security Concerns

• The presence of these unauthorized modems has fueled concerns within the Biden administration that these cranes could be used for espionage or sabotage.
• The FBI had previously discovered intelligence gathering equipment on a vessel delivering ZPMC cranes to the Port of Baltimore in 2021[1].

ZPMC and CCP Connections

• ZPMC accounts for nearly 80% of the STS cranes in use at U.S. maritime ports.
• The company is based in an area adjacent to a shipyard where the People’s Liberation Army Navy’s advanced warships are built, including aircraft carriers and destroyers.
• The investigation is also examining ZPMC’s engagement with the Chinese Communist Party (CCP) and any requests from the CCP to ZPMC[1].

Involvement of Other Companies

• The Swiss company ABB is also under investigation because many of its operational components are manufactured and then shipped to China, where they are stored for several months before being installed on U.S.-bound port equipment by ZPMC engineers[1].

Implications for National Security

• The findings have heightened concerns about the potential for Chinese espionage and sabotage at U.S. ports.
• The investigation underscores the broader risks associated with relying on critical infrastructure supplied by companies with ties to the CCP.
• Lawmakers and officials are calling for increased scrutiny and potential measures to mitigate these security risks[1].

Ongoing Investigations and Actions

• The House committees are seeking further information regarding ZPMC’s activities and its relationship with the CCP.
• The investigation is part of a broader effort to assess and address the national security implications of using equipment from CCP-backed companies in critical U.S. infrastructure[1].

This investigation highlights the need for rigorous oversight and security protocols when integrating foreign-supplied equipment into critical U.S. infrastructure, particularly when such equipment is provided by companies with close ties to potentially adversarial governments.

US targets Chinese-made container cranes in spy crackdown

U.S. Crackdown on Chinese-Made Container Cranes: Cybersecurity and National Security Implications

Introduction

The U.S. government has initiated a crackdown on Chinese-made container cranes at American ports due to significant cybersecurity and national security concerns. This move is part of a broader effort to protect critical infrastructure from potential espionage and disruption by the Chinese government.

Prevalence of Chinese-Made Cranes

• Chinese-manufactured ship-to-shore (STS) container gantry cranes dominate the global market, accounting for nearly 80% of the STS cranes at U.S. ports[2].

Cybersecurity Vulnerabilities

• These cranes are equipped with technology that allows for remote control, servicing, and programming. This feature potentially leaves them vulnerable to exploitation by the People’s Republic of China (PRC)[2].
• The cranes contain cellular modems that enable real-time monitoring and data collection on the operations and cargo handled by the cranes. This access could provide valuable information to the Chinese Communist Party (CCP) on American critical infrastructure[1][4].

New Cyber-Risk Management Requirements

• The U.S. Coast Guard has issued Maritime Security Directive 105-4, which outlines required cyber-risk management actions for owners and operators of Chinese-manufactured STS cranes. This directive is not publicly available due to security-sensitive information[2].
• Owners and operators must contact their local captain of the port or district commander to obtain a copy of the directive and comply with the new requirements.

Threat Assessment and Mitigation

• The Coast Guard has assessed the cybersecurity posture of over 90 of these cranes and conducted “hunt missions” to look for malicious cyber activity. While the results of these assessments are not fully disclosed, the potential for exploitation remains a significant concern[2].
• The U.S. Maritime Administration has issued an advisory providing guidance and mitigation measures for ports, vessel operators, and shippers to protect data at risk of being hacked in a cyberattack[2].

Reporting Requirements

• Any evidence of sabotage, subversive activity, or actual or threatened cyber incidents involving the cranes or related infrastructure must be reported immediately to the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Captain of the Port[2].

Proposed Cybersecurity Regulations

• The Coast Guard has proposed new rules that include minimum requirements for cybersecurity plans for U.S.-flagged vessels, ports, and container terminal operators. These regulations aim to enhance the overall cybersecurity posture of the maritime sector[2].

National Security Implications

• The widespread use of these cranes poses a significant threat to U.S. national security. If exploited, these vulnerabilities could allow China to disrupt domestic port operations, suspend commercial activity, and impact military and commercial supply chains[1][4].
• The potential for China to track the movement of goods through U.S. ports or halt port activity at will is a critical concern, especially given China’s aggressive stance in the Indo-Pacific region[4].

Legislative and Regulatory Responses

• In response to these concerns, lawmakers have called for detailed information on the cybersecurity threats posed by these cranes and have suggested legislative actions to address these risks. The “Crane Reshoring and National Enforcement of Supply Chain Security Act” is one such initiative aimed at restoring U.S. manufacturing capabilities for port equipment[1][3].

Industry and International Perspectives

• The American Association of Port Authorities has responded to the media reports, calling them “alarmist” and “sensationalized.” However, the association acknowledges the need for enhanced security measures and supports legislative efforts to improve domestic manufacturing of port equipment[3].
• The Chinese Embassy has dismissed the concerns as “paranoia-driven” and an attempt to disrupt trade and economic cooperation[3].

In conclusion, the U.S. crackdown on Chinese-made container cranes is a critical step in addressing significant cybersecurity and national security risks. The measures outlined aim to protect the integrity of U.S. ports and prevent potential disruptions to critical infrastructure.

Rotterdam Terminal Exec says Chinese cranes pose no …

Guide to Security Concerns and Precautions with Chinese-Built Cranes at Rotterdam Port

Introduction

The use of Chinese-built cranes, particularly those from Shanghai Zhenhua Heavy Industries (ZPMC), has raised significant security concerns in various ports, including the port of Rotterdam. This guide will delve into the perspectives and measures discussed by a Rotterdam terminal executive to address these concerns.

Security Concerns Associated with Chinese-Built Cranes

Presence of Communication Equipment

Chinese cranes have been found to be equipped with communication devices, such as cellular modems, which have raised suspicions about potential espionage or sabotage. These modems, while sometimes used for legitimate purposes like remote monitoring and maintenance, have been installed without the full knowledge or consent of the ports using them.

Lack of Transparency and Contractual Oversight

The contracts between ZPMC and the ports often do not specify the presence of these modems or limit unauthorized modifications or access to the equipment. This lack of transparency and oversight has heightened concerns about the potential for Chinese authorities to exploit these systems for strategic purposes.

Perspective from Rotterdam Terminal Executive

No Security Threat with Precautions

Cees Van Pelt, Senior Project Manager at Rotterdam Shortsea Terminals (RST), emphasized that there is no reason to fear a security threat from Chinese-built ship-to-shore cranes as long as appropriate precautions are taken. Van Pelt highlighted the importance of blocking access to terminal operations to mitigate any potential risks.

Remote Troubleshooting and Maintenance

ZPMC, like other crane manufacturers, offers remote troubleshooting and maintenance services. Van Pelt explained that these services are similar to those provided by European crane builders such as Kalmar and Konecranes. However, to ensure security, RST has implemented several precautions:
– Use of Stepstone Servers: To avoid uncontrolled access, RST uses stepstone servers to create a safe connection via the internet.
– Local Integration and Software: The electrical installation and software integration for the cranes are handled locally in Holland, using components from companies like Siemens. This reduces the risk of unauthorized access.

Data Transmission and Access Control

Van Pelt acknowledged that data transmission is necessary for remote support, but RST ensures that this data does not include sensitive information related to the Terminal Operating System (TOS). The focus is on maintaining a secure connection that prevents unauthorized access to critical systems.

Measures to Ensure Security

Contractual and Technical Precautions

• Contractual Clarity: Ensuring that contracts with crane manufacturers clearly outline what components are included and what access is permitted.
• Technical Safeguards: Implementing stepstone servers and other security measures to block unauthorized access to terminal operations.
• Local Integration: Using local integrators and components to reduce dependence on foreign-manufactured parts.

Monitoring and Oversight

• Continuous Monitoring: Regularly monitoring the cranes and their connections to detect any unusual activity.
• Oversight: Ensuring that any remote access requested by the manufacturer is strictly controlled and monitored.

Conclusion

The use of Chinese-built cranes at ports like Rotterdam can be managed securely if the right precautions are taken. By ensuring contractual clarity, implementing technical safeguards, and maintaining local control over critical systems, the risks associated with these cranes can be significantly mitigated. The insights from Rotterdam terminal executives underscore the importance of a proactive and vigilant approach to cybersecurity in the maritime industry.

Frequently Asked Questions (FAQs)

What are the primary causes of tower crane accidents in China?

Tower crane accidents in China are often attributed to a combination of factors, including operator error, cranes lifting beyond their load capacity, and systemic issues within the construction industry. The shift from state-owned construction companies to private crane leasing companies has led to the hiring of rural migrant workers who may not receive proper training as crane operators. This, coupled with the retirement of experienced operators and the influx of younger, less experienced workers, contributes to increased fatigue and risk of accidents. Additionally, lax enforcement of safety regulations and cost-cutting measures by crane leasing companies result in inadequate maintenance, structural cracks, loose bolts, and joint failures in the cranes.

What safety regulations and inspections are required for crane operation in China?

In China, there are stringent safety regulations and inspection requirements for crane operation. Cranes must undergo type inspections before manufacturing or modification, which involve submitting detailed documents such as strength calculation bases and assembly sketches to local inspecting organizations. Operators are required to hold a government-issued special operation certificate. Regular inspections are mandatory to ensure the crane is in safe working condition, and periodic inspections must be conducted before the expiry of the qualification certificate, typically every two years. These inspections include checks on the structure, performance of parts, and load tests to ensure the crane operates safely.

How does the training and certification of crane operators impact safety in China?

The training and certification of crane operators are critical for ensuring safety in China’s construction industry. Operators must receive comprehensive training and hold a government-issued special operation certificate. This training includes education on controls, load capacities, and potential hazards associated with crane operations. However, the reality often differs, with many operators receiving minimal training and working excessively long hours due to low pay, which can lead to fatigue and increased risk of accidents. Proper training and certification are essential to prevent operator errors and ensure that operators can safely operate the equipment.

What role do maintenance and regular inspections play in preventing crane accidents in China?

Maintenance and regular inspections are crucial in preventing crane accidents in China. Proper maintenance involves regular checks to address any issues and keep the equipment in good working condition. This includes inspecting for structural cracks, loose bolts, and joint failures, which are common issues due to cost-cutting measures by some crane leasing companies. Regular inspections help identify and rectify potential hazards before they lead to accidents. Employers must ensure that cranes are maintained according to government regulations, and detailed records of all maintenance and inspection activities must be kept to ensure ongoing compliance and safety.

How can employers and regulatory bodies improve the safety of crane operations in China?

To improve the safety of crane operations in China, employers and regulatory bodies must take several steps. Employers should ensure strict adherence to safety regulations, including proper training and certification of operators, regular inspections, and adequate maintenance of the cranes. Regulatory bodies need to enforce these standards more effectively, conducting rigorous inspections and imposing penalties on companies that violate safety protocols. Additionally, trade unions can play a more active role in advocating for better working conditions, higher wages, and shorter working hours for crane operators to reduce fatigue and improve overall safety. Ensuring that crane leasing companies do not compromise on safety for cost savings is also essential.