In the heart of global trade, port cranes stand as towering sentinels, facilitating the flow of goods across the world. However, a growing concern has emerged regarding the dominance of Chinese-manufactured port cranes, particularly those produced by Shanghai Zhenhua Heavy Industries (ZPMC), which control nearly 80% of the ship-to-shore cranes in U.S. ports. This dominance has raised significant cybersecurity and national security alarms, as these cranes are equipped with undocumented cellular modems and other technologies that could potentially be used for espionage and disruption of critical infrastructure.

In this in-depth guide, we will delve into the complexities of Chinese-made port cranes, exploring their global market dominance, the cybersecurity risks they pose, and the geopolitical implications of their widespread use. Readers will gain insights into the contractual and operational vulnerabilities that have been uncovered, the potential for remote monitoring and data collection by Chinese entities, and the broader economic and security consequences of relying on this foreign technology.

Additionally,

Joint Investigation into CCP-Backed Company Supplying …

Investigation into CCP-Backed Company Supplying Cranes to U.S. Ports

Overview

A joint investigation by several House committees has uncovered significant concerns regarding Chinese-built cargo cranes deployed at U.S. ports. The investigation focuses on Shanghai Zhenhua Heavy Industries (ZPMC), a state-owned Chinese manufacturer.

Key Findings

Unexpected Communications Equipment

• The investigation revealed the presence of cellular modems on ZPMC ship-to-shore (STS) crane components at various U.S. seaports.
• These modems were not part of the original equipment contracts and were installed without the knowledge or request of the U.S. ports.
• More than 12 cellular modems were found in Chinese-made cranes, some of which were used for operational functions like remote monitoring and maintenance tracking, while others had no clear purpose[1][2].

Security Concerns

• The discovery of these modems has fueled concerns within the Biden administration that these cranes could be used for espionage by the Chinese government.
• The FBI previously found intelligence gathering equipment on a vessel delivering ZPMC cranes to the Port of Baltimore in 2021[1].

ZPMC’s Dominance and Connections

• ZPMC accounts for nearly 80% of the STS cranes in use at U.S. maritime ports.
• Many of these cranes are built in an area adjacent to a shipyard where the People’s Liberation Army Navy’s most advanced warships are constructed, raising additional security concerns[1][2].

Involvement of Other Companies

• The investigation also involves the Swiss company ABB, as many of the operational components manufactured by ABB are shipped to China, stored for several months, and then installed onto U.S.-bound port equipment by ZPMC engineers[1].

Implications and Recommendations

National Security Risks

• The presence of unauthorized communications equipment poses significant risks to U.S. economic and homeland security.
• The cranes could potentially be used as a Trojan Horse to exploit U.S. maritime equipment and technology, compromising cybersecurity[1][2].

Regulatory and Policy Actions

• The report calls for prioritizing cybersecurity, strengthening regulations, and investing in domestic manufacturing to ensure safer and more secure ports.
• There is a need for immediate action to address the vulnerabilities in the supply chains of multinational companies involved[2].

Testimonies and Expert Opinions

Congressional and Expert Concerns

• Testimonies from maritime experts and federal agencies highlighted significant security vulnerabilities.
• Politicians, such as Mark Green from Tennessee, have expressed concerns that China poses a major threat to U.S. security due to these findings[1][2].

Conclusion

The investigation underscores the critical need for enhanced security measures and stricter oversight of foreign-made equipment, particularly from state-owned Chinese companies like ZPMC. Ensuring the security and integrity of U.S. ports is crucial for maintaining economic stability and national security.

Why China’s cargo cranes at U.S. ports pose espionage risk

Chinese-Made Cargo Cranes: Security Risks and Implications for US Ports

Introduction

The use of Chinese-made cargo cranes at US ports has raised significant security concerns due to potential vulnerabilities in these systems. Here is a comprehensive guide to the issues and the measures being taken to address them.

Dominance of Chinese Cranes in US Ports

• Chinese company Shanghai Zhenhua Heavy Industries Co. Ltd. (ZPMC) dominates the global market for ship-to-shore (STS) cranes, with approximately 80% of these cranes in use at US ports[2][4][5].

Security Risks and Vulnerabilities

• Remote Access and Control: Many of these cranes are equipped with control technology that allows for remote access and control, which could be exploited by Chinese entities to gain unauthorized access to US port systems[1][4][5].
• Cellular Modems: Investigations have found cellular modems installed in these cranes that were not part of the original contracts. These modems could be used for espionage or to disrupt port operations[3][5].
• Lack of Oversight: Critical components from other countries are shipped to China for assembly, where they are installed without oversight from the original manufacturers, increasing the risk of unauthorized modifications[2][5].

National Security Implications

• PRC’s Geopolitical Ambitions: The People’s Republic of China’s (PRC) geopolitical ambitions, particularly regarding Taiwan, raise concerns about the security of US maritime supply chains. In a potential future dispute, the PRC could restrict or manipulate the supply of critical components essential to US maritime infrastructure[2].
• Cooperation with State Intelligence: Chinese national security laws mandate cooperation with state intelligence agencies, which means that any remote access granted to ZPMC or its contractors could potentially be extended to other PRC government entities[2][5].

Regulatory and Administrative Responses

• MARSEC Directive 105-5: The US Coast Guard has issued MARSEC Directive 105-5, which sets out additional cyber risk management requirements for STS cranes made by Chinese companies. This directive follows a previous mandate issued in February and includes security-sensitive information not available to the general public[1][4].
• Executive Order: President Joe Biden signed an executive order earlier this year to strengthen maritime cybersecurity, fortify the supply chain, and strengthen the US industrial base. The order includes a $20 billion investment in US port infrastructure over the next five years and requires the replacement of Chinese-made cranes with ones made in America[1][5].

Recommendations and Mitigation Strategies

• Disconnect Cellular Modems: Recommendations include severing the connections between ZPMC cranes and cellular modems to prevent potential remote access and espionage[2][5].
• Operational Technology Monitoring: Installing operational technology monitoring software is suggested to enhance the security of these systems[2].
• Enhanced Cybersecurity Measures: The Department of Homeland Security (DHS) and the US Coast Guard are advised to prioritize closing security gaps, particularly at strategic seaports like Guam’s port[2].

Industry and Stakeholder Responses

• AAPA Statement: The American Association of Port Authorities (AAPA) has stated that it is not aware of any security breaches involving port equipment to date[2].
• Manufacturer Responses: ZPMC has denied any wrongdoing, while ABB, a Swiss multinational engineering firm involved with ZPMC, has offered to partner with the committees to address concerns but has been criticized for stalling techniques[5].

Conclusion

The presence of Chinese-made cargo cranes at US ports poses significant security risks due to potential vulnerabilities in remote access, unauthorized modifications, and the geopolitical ambitions of the PRC. Ongoing investigations and regulatory actions aim to mitigate these risks and ensure the security and integrity of US maritime infrastructure.

Chinese-made port cranes in US included ‘backdoor …

Overview of the Security Risks Posed by Chinese-Made Port Cranes in the US

Introduction

A recent congressional examination conducted by the House Select Committee on China and the House Homeland Security Committee has uncovered significant security vulnerabilities associated with Chinese-made port cranes in US ports. Here is a detailed guide to the findings and implications of this investigation.

Key Findings of the Congressional Investigation

Technological Backdoors

• The investigation revealed that Chinese-made ship-to-shore cranes, manufactured by Shanghai Zhenhua Heavy Industries Company Limited (ZPMC), contain technological backdoors. These backdoors are in the form of cellular modems that were not requested by US ports or included in the contracts[1][3][5].

Purpose of the Modems

• These cellular modems were intended for the collection of usage data on the equipment, but they also create a significant backdoor security vulnerability. Technicians at the ports believed these modems were for diagnostic purposes, but they were not necessary for the operation of the cranes[1][3][5].

Security Vulnerabilities

• The modems are connected to Linux computers on the port cranes and could potentially allow access by the Chinese government, bypassing firewalls and disrupting port operations. This access could be extended to other PRC government entities due to China’s national security laws that mandate companies to cooperate with state intelligence agencies[1][2][3].

Contractual and Installation Issues

Unauthorized Modifications

• Contracts reviewed by lawmakers showed that many agreements allowed critical internal components from third-party contractors to be sent to ZPMC for installation. This lack of oversight raises concerns about unauthorized modifications to the equipment[1][3].

Remote Access Requests

• ZPMC has pressured port operators to allow remote access to the cranes, ostensibly for diagnostic and maintenance purposes. However, this remote access could be exploited for espionage and sabotage[2][4][5].

National Security Implications

Dominance in Maritime Infrastructure

• ZPMC dominates the global market share of ship-to-shore cranes, with roughly 80% of STS cranes in US ports being manufactured by this Chinese state-owned company. This dominance creates significant cybersecurity and national security vulnerabilities for the US and its allies[3][4].

Potential for Espionage and Disruption

• The presence of these backdoors and the potential for remote access pose a serious threat to national security. The Chinese government could exploit these vulnerabilities to gather intelligence, disrupt port operations, or even halt port activity at will[2][3][4].

Geopolitical Context

Tensions Over Taiwan

• The report highlights that the PRC’s geopolitical ambitions, particularly regarding Taiwan, raise concerns about the security of US maritime supply chains. In a potential future dispute, the PRC could restrict or manipulate the supply of critical components essential to US maritime infrastructure[3][4].

Recommendations and Actions

Severing Connections and Enhancing Cybersecurity

• The committees recommend that US ports sever the connections between ZPMC cranes and cellular modems and install operational technology monitoring software. The Department of Homeland Security (DHS) and the US Coast Guard are advised to prioritize closing security gaps, especially at strategic seaports like Guam’s port[3].

Domestic Production Initiatives

• To mitigate these risks, the Biden administration has called for investing billions of dollars in domestic production of ship-to-shore cranes. This includes working with Japanese heavy industrial company Matsui to start domestic production of these critical hardware components in the US[1].

Conclusion

The findings of the congressional investigation underscore the critical need for enhanced cybersecurity measures and reduced reliance on Chinese-manufactured equipment in US ports. The presence of technological backdoors and the potential for remote access by Chinese entities pose significant risks to national security and the integrity of port operations. Addressing these vulnerabilities is essential to safeguarding US critical infrastructure and ensuring the secure operation of maritime supply chains.

Congressional probe finds communications gear in … – CNN

Congressional Investigation into Chinese-Made Cranes at US Ports

Overview

A recent congressional investigation has uncovered significant concerns regarding Chinese-made cranes installed at various US ports. The investigation, conducted by the House Committee on Homeland Security and the House Select Committee on China, revealed the presence of undocumented communications equipment on these cranes, raising fears of potential surveillance and sabotage.

Key Findings of the Investigation

Presence of Undocumented Communications Equipment

• The investigation discovered that several Chinese-made cranes, manufactured by Shanghai Zhenhua Heavy Industries (ZPMC), contain cellular modems capable of remote communication. These modems were not documented in any contracts between US ports and ZPMC[2][3][5].

Installation of Modems

• US port personnel found these modems already installed when they inspected the cranes in China. This was confirmed by congressional aides, who stated that the modems were present on more than one occasion[1][2][3].

Potential Security Risks

• The presence of these undocumented modems has fueled concerns that the cranes could be used for espionage or to disrupt supply chains and cargo movement. This could have devastating effects on the US economy[2][3][5].

Implications and Reactions

National Security Concerns

• The discovery has heightened US concerns over national security, particularly in the context of heightened US-China tensions. Rep. Mark Green, the Republican chair of the House Homeland Security Committee, emphasized the potential for the Chinese Communist Party (CCP) to undercut trade competitors through espionage and disrupt critical infrastructure[2][3].

Response from ZPMC and Chinese Authorities

• ZPMC has stated that it is committed to providing high-quality products and services and complies strictly with the laws and regulations of applicable countries. However, the Chinese Embassy in Washington, D.C. has denied any security risks, calling the concerns “entirely paranoia”[2][3].

Actions by US Authorities

• The US Coast Guard has issued directives for better cybersecurity measures at maritime ports in relation to the Chinese-made cranes. There are also discussions about replacing these cranes to prevent potential Chinese control over US infrastructure[2][4].

Operational and Non-Operational Modems

Operational Use

• Some of the cellular modems found on the cranes are used for legitimate operational functions, such as remote monitoring and tracking of maintenance. However, not all modems serve this purpose[3][5].

Unexplained Modems

• Several modems were installed without any clear purpose or request from the US ports. These modems were connected to the cranes’ operating control systems, raising questions about their intended use[3][5].

Broader Implications and Future Actions

Economic and Security Impact

• The potential for these cranes to be used for espionage or sabotage poses a significant threat to US economic and national security. This includes the ability to disrupt logistics and supply chains, particularly in the event of a conflict with China[4].

Legislative and Policy Responses

• There are ongoing efforts to address these concerns, including legislative proposals to ban or replace the Chinese-made cranes. The US government is also working to prevent similar vulnerabilities in other critical infrastructure and to coordinate with allies to mitigate these risks[4].

In conclusion, the congressional investigation has highlighted critical vulnerabilities in the security of US ports due to the presence of undocumented communications equipment on Chinese-made cranes. This issue underscores the need for stringent security measures and careful scrutiny of foreign-made equipment used in critical US infrastructure.

Chinese Cargo Cranes at U.S. Ports Pose Espionage Risk …

Chinese Cargo Cranes at U.S. Ports: An Espionage and Security Risk

Introduction

A recent congressional investigation has uncovered significant security risks associated with Chinese-made cargo cranes used at U.S. seaports. The cranes, manufactured by Shanghai Zhenhua Heavy Industries (ZPMC), a state-owned Chinese company, pose potential threats to national security, supply chains, and the overall integrity of U.S. port operations.

Scope of the Problem

• Market Dominance: ZPMC cranes account for approximately 80% of all ship-to-shore cranes in U.S. ports, highlighting a critical dependence on Chinese-manufactured equipment[2][3][5].
• Geographic Focus: The investigation found that ZPMC has shown particular interest in requesting remote access to its cranes located on the West Coast of the United States[3].

Security Risks and Vulnerabilities

Embedded Technology and Remote Access

• Cellular Modems: ZPMC cranes are equipped with cellular modems that can be remotely accessed. These modems, often installed without the knowledge or consent of port authorities, could be used for espionage and disruption of port operations[2][3][5].
• Maintenance Access: ZPMC has pressured port operators to allow remote access to the cranes for maintenance purposes. However, this access could potentially be extended to other PRC government entities due to China’s national security laws that mandate cooperation with state intelligence agencies[2][3][5].

Espionage and Disruption

• Intelligence Gathering: The embedded technology in these cranes could allow Beijing to covertly collect sensitive information, undermining U.S. national security and disrupting supply chains[1][2][5].
• Supply Chain Vulnerability: The ability to disrupt port operations through these cranes could give China significant leverage over the global supply chain, particularly in future economic and military confrontations[1].

National Security Implications

Strategic Vulnerability

• Critical Infrastructure: The widespread use of Chinese-made cranes at U.S. ports creates a strategic vulnerability that could be exploited in a future geopolitical conflict. This could serve as a “choke point” to disrupt U.S. and global supply chains[1][2][5].

Economic and Military Consequences

• Economic Impact: Disruption of port operations could devastate the U.S. economy by undercutting trade competitors through espionage and disrupting the movement of cargo[4].
• Military Significance: ZPMC’s involvement in militarizing the South China Sea and its designation as a “Communist Chinese Military Company” by the Department of Defense further underscores the national security risks[5].

Regulatory and Policy Responses

Congressional Findings and Recommendations

• Joint Investigation: The House Homeland Security Committee and the Select Committee on the Chinese Communist Party conducted a yearlong investigation that highlighted these security risks and recommended severing connections between ZPMC cranes and cellular modems, as well as installing operational technology monitoring software[2][5].
• Department of Homeland Security (DHS) and US Coast Guard: The committees suggested that DHS and the US Coast Guard should prioritize closing security gaps at strategic seaports, including those designated by the Department of Defense[5].

Administrative Actions

• Biden Administration Measures: In response to these findings, the Biden administration has announced plans to replace foreign-made cranes with American-manufactured ones and imposed a 25% tariff on cranes made in China[1].
• Executive Order: The administration has also issued an Executive Order to strengthen maritime cybersecurity, fortify the supply chain, and invest $20 billion in U.S. port infrastructure over the next five years[5].

Mitigation and Future Steps

Reducing Dependence on Chinese Equipment

• Domestic Manufacturing: Encouraging the domestic production of port equipment to reduce reliance on Chinese manufacturers is a key recommendation. This could involve higher costs but would enhance national security[4].

Enhancing Cybersecurity

• Monitoring Software: Installing operational technology monitoring software to detect and prevent unauthorized access to crane systems is crucial[5].
• Cyber Hygiene Practices: Improving cyber hygiene practices, such as using secure passwords and adequate system segregation, is essential to protect against cyber attacks[1].

Conclusion

The use of Chinese-made cargo cranes at U.S. seaports poses significant security risks, including the potential for espionage, disruption of supply chains, and leverage over the global economy. Addressing these risks requires a multifaceted approach involving policy changes, regulatory actions, and enhanced cybersecurity measures to protect U.S. national security and critical infrastructure.

U.S. Moves Forward with Sweeping Tariffs on China …

U.S. Tariffs on Chinese-Made Port Cranes: An In-Depth Guide

Introduction

The U.S. has implemented sweeping tariff increases on a wide range of Chinese goods, including ship-to-shore (STS) cranes used in American ports. This move is part of the Biden Administration’s efforts to counter China’s unfair trade practices and address national security concerns.

Tariff Details

Scope and Implementation

• The tariffs cover various Chinese goods such as semiconductors, steel and aluminum products, electric vehicles, batteries, permanent magnets, and medical products including gloves, facemasks, and syringes[1][3][4].
• The tariff rate on Chinese-made STS cranes has been increased to 25% effective in 2024[1][3][4].

Exclusions

• Contracts for STS cranes executed prior to May 14, 2024, and cranes that enter the United States prior to May 14, 2026, are excluded from the tariffs. This exclusion aims to mitigate the immediate financial impact on U.S. ports that had already placed orders before the tariff announcement[1][3][5].

Impact on U.S. Ports

Financial Burden

• The tariffs are expected to significantly increase costs for U.S. port operators. For instance, the American Association of Port Authorities (AAPA) estimated that the tariff would result in an additional $131 million in unexpected costs for ports that had already ordered cranes from Chinese manufacturers[1][3][5].

Operational and Strategic Implications

• Port officials argue that the tariffs could delay critical port infrastructure investments and raise operational costs, potentially making U.S. ports less competitive compared to ports in other countries like Mexico and Canada[1][2][5].
• The Port of Houston, for example, faces an additional $28.5 million in costs for eight container cranes ordered from ZPMC, which could impact their capital investment plans and the expansion of the Houston Ship Channel[2].

Security Concerns and Cybersecurity Measures

Accusations of Espionage

• There have been accusations and reports suggesting that Chinese-made STS cranes, particularly those from Shanghai Zhenhua Heavy Industries (ZPMC), pose cybersecurity risks. These cranes have been found with cellular modems that could potentially bypass the port’s local area network, raising concerns about espionage and remote control vulnerabilities[1][3].

Government Response

• In response to these concerns, the Biden administration has ordered a review and granted the U.S. Coast Guard new authorities for cybersecurity and port operations. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has been advised to issue guidance to U.S. ports using ZPMC cranes to install operational technology monitoring software[1][3].

Industry and Market Dynamics

Dominance of ZPMC

• ZPMC, a state-owned Chinese company, dominates the global market for STS cranes, supplying around 80% of all STS cranes ordered by U.S. ports and holding a 70% global market share[1][2][3].

Efforts to Reshore Manufacturing

• To reduce dependence on Chinese manufacturers, the Biden administration is supporting efforts to reshore the manufacturing of STS cranes in the U.S. Agreements have been made with companies like PACECO Corp. (a U.S.-based subsidiary of Japan’s Mitsui E&S Co.) and Konecranes (a Finnish-based port equipment manufacturer) to relaunch U.S. manufacturing capabilities for cranes[1].

Future Outlook and Recommendations

Long-Term Alternatives

• The AAPA and port officials are urging the Biden Administration and Congress to consider long-term alternatives, including the development of a domestic crane manufacturing sector. Until such alternatives are available, they recommend that tariffs on cranes should not be imposed, as they would only harm U.S. port development and efficiency[1][2][5].

Financial Incentives

• The U.S. government is encouraged to introduce financial incentives to support U.S. ports in purchasing cranes from non-adversarial countries. This approach aims to balance security concerns with the economic needs of U.S. ports[3].

In summary, the imposition of tariffs on Chinese-made STS cranes is a multifaceted issue that involves economic, security, and operational considerations. While the tariffs aim to counter China’s unfair trade practices and address cybersecurity risks, they also pose significant challenges for U.S. ports, highlighting the need for a balanced approach that supports both national security and economic viability.

China can spy on US with intelligence-gathering devices …

Guide to Chinese Espionage Threats Through Seaport Cranes in the US

Introduction

A recent congressional investigation has uncovered significant national security concerns regarding Chinese-made cargo cranes used at U.S. seaports. These cranes, manufactured by the Chinese company Shanghai Zhenhua Heavy Industries Co. (ZPMC), have been found to contain technology that could be exploited by the Chinese government for espionage and disruption of critical infrastructure.

Key Findings of the Congressional Investigation

Presence of Cellular Modems

• The investigation revealed that many of the Chinese-made cranes were equipped with cellular modems that could be accessed remotely. These modems were often installed without the knowledge or consent of the U.S. port authorities[1][3][4].

Potential for Espionage

• The cellular modems, while ostensibly used for diagnostic and maintenance purposes, could potentially allow the Chinese government to gain access to the cranes due to China’s national-security laws that mandate companies to cooperate with state intelligence agencies[1][3][5].

Scope and Prevalence

• The cranes in question, made by ZPMC, account for approximately 80% of the seaport cranes in use across the U.S. This widespread presence amplifies the potential security risks[1][3][5].

Security Vulnerabilities

Remote Access and Control

• The ability to remotely access and control these cranes poses a significant threat. This could allow the Chinese government to collect intelligence on port operations, track cargo movements, and potentially disrupt or sabotage port activities[2][4][5].

Undocumented Installations

• In some cases, the cellular modems were installed without being documented in the sales contracts or requested by the port authorities. This lack of transparency further exacerbates the security concerns[3][4].

Implications for National Security

Economic and Security Consequences

• Any potential disruption or sabotage of port operations could have catastrophic economic and security consequences. This includes the ability to cripple supply chains and affect the movement of cargo, which could devastate the U.S. economy[5].

Comparison to Other Security Threats

• The threat posed by these cranes has been likened to the security concerns surrounding Huawei, a Chinese telecommunications company banned in the U.S. due to similar espionage risks[5].

Response and Mitigation Efforts

Government Actions

• The Biden administration has announced plans to invest in replacing foreign-built cranes with domestically manufactured ones to mitigate these risks. Additionally, the Department of Homeland Security (DHS) has been given more authority to address maritime cyber threats[2][5].

Cybersecurity Measures

• The U.S. Coast Guard has been directed to implement better cybersecurity measures at ports, including requiring marine transportation systems to improve their cyber security conditions. The Coast Guard is also working with Japanese companies to start domestic production of ship-to-shore cranes[4][5].

Legislative and Regulatory Steps

• Lawmakers have demanded more detailed information on the cybersecurity threats posed by these cranes and are pushing for stricter regulations to prevent future vulnerabilities. This includes working with crane owners and operators to ensure compliance with new cybersecurity directives[5].

Conclusion

The presence of Chinese-made cranes with embedded intelligence-gathering technology at U.S. seaports represents a critical national security risk. The potential for espionage, disruption, and sabotage underscores the need for immediate and comprehensive action to secure these critical infrastructure points. Ongoing efforts by the U.S. government to replace these cranes and enhance cybersecurity measures are crucial steps in mitigating these threats.

Pentagon Sees Giant Cargo Cranes as Possible Chinese …

Guide to the Concerns Over Chinese-Made Cargo Cranes as Potential Spying Tools

Introduction

U.S. national security and Pentagon officials have raised significant concerns that giant cargo cranes manufactured by the Chinese company ZPMC (Zhenhua Heavy Industries Co., Ltd.) could be used as spying tools by China. Here is a comprehensive guide to the issue.

Background

• ZPMC is a Chinese state-owned company that dominates the global market for ship-to-shore cranes, with its products deployed in over 100 countries, including the United States.
• Approximately 80% of the cranes used in U.S. ports are made by ZPMC, including some used by the U.S. military[3][4].

Security Concerns

Sophisticated Electronics and Sensors

• The cranes are equipped with sophisticated electronics and sensors that can register and track the provenance and destination of containers. This capability has raised fears that China could capture information about materials being shipped in or out of the country, potentially compromising U.S. military operations and logistical security[1][3][4].

Remote Access and Disruption

• The technology integrated into these cranes allows for remote monitoring and control, which could be exploited by China to disrupt the flow of goods at U.S. ports. This remote access raises concerns about the potential for cyber attacks and the ability to clog American ports[1][3][4].

Comparisons and Analogies

• National security officials have compared these Chinese-made cranes to a “Trojan horse,” suggesting they could masquerade as legitimate business equipment while serving clandestine intelligence purposes. This analogy is drawn from the concerns previously raised about Huawei Technologies Co., whose equipment was banned in the U.S. due to similar spying fears[1][2].

Official Responses and Reactions

U.S. Government and Agencies

• The U.S. government has initiated steps to address these concerns, including a requirement for the Transportation Department to consult with the defense secretary to produce a study on whether foreign-manufactured cranes pose cybersecurity or national-security threats at American ports[2].
• The Coast Guard, on behalf of the Department of Homeland Security, has announced new cyber-risk management requirements for owners and operators of Chinese-made container cranes at U.S. ports[4].

Chinese Government

• The Chinese Embassy in Washington has dismissed the U.S. concerns as “paranoia-driven” and an attempt to obstruct trade and economic cooperation with China. Chinese officials have described the reports as “hysterically laughable” and part of the “delusion of persecution” among Americans[1][2][3].

Industry and Port Authority Responses

American Association of Port Authorities (AAPA)

• The AAPA has called the media reports “alarmist” and “sensationalized.” While acknowledging the security concerns, the AAPA emphasized that modern cranes cannot track the origin, destination, or nature of the cargo. The association is supporting legislative efforts to restore U.S. manufacturing capabilities for cranes and other heavy port equipment[2].

Legislative and Regulatory Actions

Crane Reshoring and National Enforcement of Supply Chain Security Act

• The AAPA is backing the introduction of the “Crane Reshoring and National Enforcement of Supply Chain Security Act” to jump-start American production of port equipment. This initiative aims to reduce dependence on foreign-manufactured cranes and enhance supply chain security[2].

New Regulations and Directives

• New regulations, such as Maritime Security Directive 105-4, have been introduced to require owners and operators of Chinese-made cranes to follow specific cyber-risk management actions to mitigate potential security threats[4].

Broader Context and Implications

Comprehensive Penetration by China

• Retired General Jack Keane has described the situation as part of the “most comprehensive penetration of the United States in our entire history” by China. This includes concerns over Chinese surveillance flights, spy balloons, and other forms of espionage[3].

Economic and Military Implications

• The issue is not just about security but also has economic and military implications. China’s dominance in advanced technologies and its investment in research are seen as key factors in its bid to replace the U.S. as a world superpower[3].

Conclusion

The concerns over Chinese-made cargo cranes highlight a complex issue that intersects national security, economic policy, and technological advancement. While the Chinese government dismisses these concerns as paranoia, U.S. officials are taking steps to address potential security risks and reduce dependence on foreign-manufactured equipment. The ongoing debate underscores the need for heightened vigilance in protecting U.S. supply chains and logistical operations.

Chinese-Built Port Cranes May Be Able to Call Home On …

Chinese-Built Port Cranes: Potential Security Risks and Implications

Introduction

Chinese-built port cranes, predominantly manufactured by Shanghai Zhenhua Heavy Industries Co. (ZPMC), have raised significant concerns regarding national security and cybersecurity in the United States. Here is a comprehensive guide to the issues surrounding these cranes.

Presence and Dominance of Chinese Cranes

• ZPMC cranes are widely used in U.S. ports, accounting for nearly 80% of the cranes in American ports and dominating the global market with around 70% market share[2][4].
• These cranes have been in use at U.S. ports for over 20 years, initially attractive due to their high quality and lower cost compared to Western vendors[2].

Security Concerns

Communication Devices and Remote Access

• Investigations have uncovered that some of these cranes contain communication devices, including cellular modems, which can be accessed remotely. This raises concerns about potential espionage and the ability to disrupt port operations[1][4][5].
• These modems allow for real-time monitoring and control of the cranes from remote locations, which could be exploited by Chinese authorities or other malicious actors[4].

Data Collection and Intelligence Gathering

• The cranes are equipped with sophisticated sensors that can register and track the provenance and destination of containers. This could provide valuable information about materiel being shipped in or out of the country, including military equipment[2][4].
• The data collected can be used for intelligence gathering, potentially compromising U.S. military operations and critical infrastructure[2][4].

Potential for Disruption

• The ability to remotely control or disable these cranes poses a significant risk to the flow of goods. Disabling even one sensor on a crane could prevent it from operating, disrupting port activities and potentially crippling supply chains[2][4].
• This vulnerability could be exploited to shut down domestic port operations, leading to catastrophic economic and security consequences[4].

Cybersecurity and National Security Implications

Comparison to Huawei

• The concerns about ZPMC cranes are often compared to those surrounding Huawei Technologies, another Chinese company whose equipment has been banned in the U.S. due to security concerns. Similar fears exist that ZPMC cranes could be used as a “Trojan horse” for Chinese espionage[2][4].

Government Response

• The U.S. government is taking steps to address these concerns, including investing in replacing foreign-built cranes with domestically manufactured ones and introducing maritime cybersecurity measures[1].
• Congressional investigations and hearings have led to demands for more detailed information on the cybersecurity threats posed by these cranes and calls for action to mitigate these risks[4].

Economic and Geopolitical Implications

Global Automation Trends

• China’s dominance in port automation extends beyond U.S. borders, with significant investments in port infrastructure worldwide. This raises concerns about China’s leverage over global trade routes and resources[3].

Competition and Cooperation

• The automation of ports is a global trend, with multiple countries and companies involved. Ensuring robust communication networks, standardizing self-driving solutions, and addressing data security are critical for a secure and efficient global trade environment[3].

Conclusion

The use of Chinese-built port cranes in U.S. ports presents substantial security risks, including the potential for espionage, disruption of critical infrastructure, and economic instability. Addressing these concerns requires a multifaceted approach involving government action, industry cooperation, and the development of robust cybersecurity measures. As the global shipping industry continues to automate, balancing technological advancement with security is paramount.

Investigation by Select Committee on the CCP, House …

Investigation into Chinese Communist Party (CCP) Threats to U.S. Security

Overview

The House Select Committee on the Chinese Communist Party and the House Committee on Homeland Security have conducted a joint investigative report that highlights significant threats to U.S. economic and national security posed by the Chinese Communist Party (CCP). Here is a detailed guide based on the findings of this investigation.

Threats to U.S. Maritime Infrastructure

Chinese-Manufactured Cargo Equipment

• The investigation revealed that Chinese-manufactured cargo equipment, particularly cranes produced by Shanghai Zhenhua Heavy Industries Co., Ltd. (ZPMC), poses substantial cyber and espionage threats to U.S. ports. ZPMC is a wholly owned subsidiary of China Communications Construction Group (CCCG), which has been named a ‘Communist Chinese Military Company’ by the Department of Defense[3][4].

Vulnerabilities and Risks

• The report indicates that ZPMC cranes could serve as a “Trojan horse” for the CCP and the PRC military to exploit and manipulate U.S. maritime equipment and technology. This vulnerability could allow the CCP to track the movement of goods through U.S. ports or even halt port activity, affecting Americans nationwide[3][4].

Intelligence Gathering Equipment

• In February 2021, the FBI discovered intelligence-gathering equipment near or on ZPMC cranes at the Port of Baltimore. Similar installations of cellular modems on ZPMC cranes at other U.S. ports have been identified, which were not part of any existing contract between the ports and ZPMC[3][4].

Contractual Gaps

• The investigation found that contracts between ZPMC and U.S. ports lack provisions prohibiting or limiting unauthorized modifications or access to equipment and technology. This allows ZPMC and other PRC state-owned enterprises (SOEs) to install backdoors into the equipment without contractual restrictions[4].

Implications for National Security

Potential for Disruption

• In a potential future dispute with the United States over Taiwan, the PRC could restrict or manipulate the supply of critical components or materials essential to U.S. maritime infrastructure. This could severely disrupt U.S. commercial activities and hinder the Department of Defense’s ability to deploy supplies and resources to the Indo-Pacific region[3][4].

Geopolitical Influence

• The CCP’s control over U.S. maritime equipment and technology could influence global military and commercial activity, particularly in the event of escalation in the Indo-Pacific region[3][4].

Cybersecurity Threats

State-Sponsored Cyber Actors

• The investigation highlights the activities of state-sponsored cyber actors associated with the CCP, such as Volt Typhoon, which have infiltrated American critical infrastructure and installed malware for potential future cyber-attacks[2].

Need for Interagency Coordination

• To combat these threats, there is a need for a coordinated, whole-of-government response. The proposed ‘Strengthening Cyber Resilience Against State-Sponsored Threats Act’ aims to establish an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to address these cybersecurity threats[2].

Recommendations and Actions

Legislative Measures

• The ‘Strengthening Cyber Resilience Against State-Sponsored Threats Act’ requires the establishment of a joint interagency task force to detect, analyze, and respond to cybersecurity threats posed by the CCP. The task force will provide annual classified reports and briefings to Congress on their findings and recommendations[2].

Oversight and Compliance

• The House Committee on Oversight and Accountability is conducting a governmentwide investigation into the CCP’s influence and infiltration efforts across various U.S. sectors, including education, agriculture, critical infrastructure, research, energy, business, space, and technology. This includes probing agencies on their policies and actions to safeguard against CCP’s political and economic warfare[1].

Port Security Enhancements

• The report calls for urgent action from maritime sector stakeholders and the federal government to address the security threats posed by PRC-linked port infrastructure. This includes ensuring that contracts with Chinese manufacturers prohibit unauthorized modifications and access to equipment[3][4].

Conclusion

The joint investigation by the House Select Committee on the CCP and the House Committee on Homeland Security underscores the critical need for enhanced security measures and coordinated federal responses to counter the CCP’s multifaceted threats to U.S. national and economic security. Addressing these vulnerabilities is essential to protect American interests and ensure the security of critical infrastructure.

Frequently Asked Questions (FAQs)

What is the role of cranes in port operations?

Cranes play a crucial role in port operations as they are essential for the efficient loading and unloading of cargo from ships. The process involves several steps, including planning, crane selection, and crane positioning. Cranes help in lifting containers, bulk goods, or other cargo from the ship’s hold and loading them onto trucks, trains, or directly onto the port yard. This equipment is vital for facilitating the movement of heavy objects, ensuring smooth and efficient cargo handling.

What types of cranes are commonly used in ports?

Ports utilize various types of cranes to handle different cargo sizes and weights. The most common types include mobile cranes, gantry cranes, and ship-to-shore (STS) cranes. Mobile cranes offer flexibility and can be moved to different locations within the port. Gantry cranes are large, fixed structures that straddle the dock or yard, providing high lifting capacities. STS cranes are specifically designed for loading and unloading cargo from ships and are often the most critical for container ports.

What are the security concerns associated with Chinese-made port cranes?

There are significant security concerns related to Chinese-made port cranes, particularly those manufactured by companies like Shanghai Zhenhua Heavy Industries Co. (ZPMC). These concerns include the potential for data collection and espionage, as these cranes can be serviced and programmed remotely. The presence of undocumented cellular modems in some Chinese cranes has raised suspicions about their ability to transmit sensitive information back to China. This has led to fears that these cranes could be used to disrupt American commerce or gather intelligence, prompting the US government to take measures to address these cybersecurity risks.

How do ports ensure the safety and maintenance of cranes?

Ensuring the safety and maintenance of cranes is a top priority in port operations. Safety measures include strict guidelines for crane operators and port workers, such as proper signaling, securing loads, and wearing personal protective equipment. Regular maintenance is also crucial, involving inspections, lubrication, and repairing any damaged parts to prevent breakdowns. Additionally, ports must comply with international standards and regulations, such as ISO and CE certifications, to ensure that all cranes are reliable and safe to operate.

What steps is the US taking to address the reliance on Chinese-made port cranes?

The US is taking several steps to reduce its reliance on Chinese-made port cranes due to security concerns. The Biden administration has issued an Executive Order to strengthen maritime cybersecurity, which includes actions to address the risks posed by Chinese cranes. The US plans to invest $20 billion over five years to rebuild its industrial capacity to produce port cranes domestically. A US-based subsidiary of Mitsui E&S Company of Japan is set to lead this effort. Additionally, there are proposals for legislation, such as the Crane Reshoring and National Enforcement of Supply Chain Security (CRANES) Act, aimed at promoting the production of American-made port container handling equipment.