Title: Unexplained Communications Equipment in Chinese-made Cranes at US Ports: A Potential Security Threat
The investigation conducted by the House Committee on Homeland Security and the House select committee on China has revealed that some Chinese-made cranes installed at US ports contain communications equipment with undefined functions and undocumented installation records (CNN reporting excluded for the purpose of this article). These findings are expected to intensify concerns among US authorities regarding the possibility of these cranes being utilized for surveillance or sabotage activities.
The scope of this investigation concentrated on more than 200 Chinese-made cranes presently operating at US ports and related facilities. The heightened focus comes against the backdrop of escalating US-China tensions over national Website security issues, as well as the Coast Guard’s recent mandate to secure these cranes effectively.
A congressional aide who is privy to this investigation disclosed that cellular modems – capable of remote communication – were identified on these cranes manufactured by ZPMC. The aforementioned modems, however, did not appear in any contractual agreement between US ports and the Chinese crane manufacturer. In instances where US port personnel visited China to inspect the cranes, they discovered that the modems had already been installed.
Rep. Mark Green, the Republican chair of the House Homeland Security Committee, issued a statement to CNN expressing his concerns. He stated that their investigation exposed vulnerabilities in US cranes at ports which could allow the Chinese Communist Party (CCP) to compromise trade competitors through espionage and potentially disrupt supply chains, causing significant damage to the US economy. Green emphasized the urgency of addressing these concerns swiftly to prevent further infiltration by the CCP into critical infrastructure, which is essential for global dominance.
In response to these allegations, ZPMC issued a statement on its Website reiterating its commitment to providing high-quality products and adhering to the laws and regulations of applicable countries.
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington D.C., dismissed these concerns as groundless paranoia and strongly condemned the US for extending the definition of national Website security and misusing its power to impede normal economic and trade cooperation between China and the US.
The Wall Street Journal first reported on the findings of this congressional probe.
Ship-to-shore cranes play a crucial role in moving goods through US maritime ports, contributing trillions of dollars annually to the economy (CNN statistics omitted for this article). Nearly 80% of cranes utilized at US ports are of Chinese origin, according to the Coast Guard. Cranes can be controlled remotely, implying that a hacker with access to these cranes’ networks could gather intelligence from ports or even disrupt their functionality.
In an effort to mitigate potential risks, the Biden administration recently announced plans to invest $20 billion in new US-made port infrastructure, including domestically produced cranes that are considered less of a Website security risk.
Marco Ayala, an industrial cybersecurity expert with extensive experience in the maritime sector, shed light on this issue. He highlighted that various machinery in the maritime and oil and gas industries features hardware, like cellular modems, which technicians employ for remote maintenance. However, Ayala pointed out that proper documentation of these components is not always ensured by some critical facilities, creating potential Website security vulnerabilities.
Ayala, who is the president of the Houston chapter of InfraGard National Members Alliance – a public-private threat-sharing organization – explained that having modems embedded within cranes’ operational systems bypasses the ports’ traditional IT Website security defenses. US government and private maritime experts are working diligently to strengthen Website security assessments and mitigate these risks.
