Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

House Report Shows Chinese Cranes a Security Risk to US Ports

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

Maritime cybersecurity

The US is dangerously reliant on Chinese cranes in seaports, and the equipment represents a potential threat to US port infrastructure security, the Select Committee on the Chinese Communist Party (CCP) and House Committee on Homeland Security say.

A joint report (PDF) released this week by the two committees focuses on Shanghai Zhenhua Heavy Industries (ZPMC), a company owned and controlled by the People’s Republic of China (PRC), which accounts for roughly 80% of the ship-to-shore (STS) port cranes operational in the US.

ZPMC dominates the global market share of STS cranes, adding to the PRC’s broader maritime infrastructure dominance and creating cybersecurity vulnerabilities and national security risks for the US and its allies, the report shows.

Not only is ZPMC wholly owned by a Chinese company that the Department of Defense has named a “Communist Chinese Military Company” and which is involved in militarizing the South China Sea, but the company is producing and assembling equipment and technology in China and is delivering it upon completion.

US ports have multimillion dollar contracts with ZPMC that do not prohibit or limit unauthorized modifications or access to equipment and technology and do not specifically bar the vendor from “installing backdoors into equipment or modifying technology”, the report shows.

Furthermore, ZPMC, or a third-party contracted by it, has installed on STS cranes that are operational in US ports cellular modems that are not within the scope of existing contracts, and has repeatedly requested remote access to STS cranes in the US.

“If granted, this access could potentially be extended to other PRC government entities, posing a significant risk due to the PRC’s national security laws that mandate cooperation with state intelligence agencies,” the report reads.

[READ: The Vulnerable Maritime Supply Chain – a Threat to the Global Economy ]

Advertisement. Scroll to continue reading.

It also shows that, while strategic seaports say they mitigate the risks of using PRC-origin equipment by using critical crane components from German, Japanese, or Swiss makers, these components are shipped to China for assembly, where ZPMC installs them “without oversight from the original manufacturer”.

“The PRC’s geopolitical ambitions and assertiveness, particularly regarding Taiwan, raise concerns about the security of U.S. maritime supply chains. The committees’ investigation found that in a potential future dispute with the United States over Taiwan, the PRC could restrict or manipulate the supply of critical components or materials essential to U.S. maritime infrastructure, including STS cranes,” the report reads.

The committees recommend that US ports sever the connections between ZPMC cranes and cellular modems, and install operational technology monitoring software, and that the Department of Homeland Security (DHS) and the US Coast Guard prioritize closing security gaps at Guam’s port, and ensure the safety and security of DoD-designated commercial strategic seaports.

The report was released roughly half a year after the Biden-Harris administration announced an Executive Order to strengthen maritime cybersecurity, fortify the supply chain, and strengthen the US industrial base, and a $20 billion investment into US port infrastructure over the next five years. The EO specifically names the threat posed by Chinese cranes. 

Responding to the report, the American Association of Port Authorities (AAPA) said it was not aware of any security breaches involving port equipment to date.

Related: China-Linked Hackers Target Drone Makers

Related: Global Coalition Blames China’s APT40 for Hacking Government Networks

Related: In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions

Related: UK Spy Chief to Warn of ‘Huge’ China Tech Threat

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.