The US is dangerously reliant on Chinese cranes in seaports, and the equipment represents a potential threat to US port infrastructure security, the Select Committee on the Chinese Communist Party (CCP) and House Committee on Homeland Security say.
A joint report (PDF) released this week by the two committees focuses on Shanghai Zhenhua Heavy Industries (ZPMC), a company owned and controlled by the People’s Republic of China (PRC), which accounts for roughly 80% of the ship-to-shore (STS) port cranes operational in the US.
ZPMC dominates the global market share of STS cranes, adding to the PRC’s broader maritime infrastructure dominance and creating cybersecurity vulnerabilities and national security risks for the US and its allies, the report shows.
Not only is ZPMC wholly owned by a Chinese company that the Department of Defense has named a “Communist Chinese Military Company” and which is involved in militarizing the South China Sea, but the company is producing and assembling equipment and technology in China and is delivering it upon completion.
US ports have multimillion dollar contracts with ZPMC that do not prohibit or limit unauthorized modifications or access to equipment and technology and do not specifically bar the vendor from “installing backdoors into equipment or modifying technology”, the report shows.
Furthermore, ZPMC, or a third-party contracted by it, has installed on STS cranes that are operational in US ports cellular modems that are not within the scope of existing contracts, and has repeatedly requested remote access to STS cranes in the US.
“If granted, this access could potentially be extended to other PRC government entities, posing a significant risk due to the PRC’s national security laws that mandate cooperation with state intelligence agencies,” the report reads.
[READ: The Vulnerable Maritime Supply Chain – a Threat to the Global Economy ]
It also shows that, while strategic seaports say they mitigate the risks of using PRC-origin equipment by using critical crane components from German, Japanese, or Swiss makers, these components are shipped to China for assembly, where ZPMC installs them “without oversight from the original manufacturer”.
“The PRC’s geopolitical ambitions and assertiveness, particularly regarding Taiwan, raise concerns about the security of U.S. maritime supply chains. The committees’ investigation found that in a potential future dispute with the United States over Taiwan, the PRC could restrict or manipulate the supply of critical components or materials essential to U.S. maritime infrastructure, including STS cranes,” the report reads.
The committees recommend that US ports sever the connections between ZPMC cranes and cellular modems, and install operational technology monitoring software, and that the Department of Homeland Security (DHS) and the US Coast Guard prioritize closing security gaps at Guam’s port, and ensure the safety and security of DoD-designated commercial strategic seaports.
The report was released roughly half a year after the Biden-Harris administration announced an Executive Order to strengthen maritime cybersecurity, fortify the supply chain, and strengthen the US industrial base, and a $20 billion investment into US port infrastructure over the next five years. The EO specifically names the threat posed by Chinese cranes.
Responding to the report, the American Association of Port Authorities (AAPA) said it was not aware of any security breaches involving port equipment to date.
Related: China-Linked Hackers Target Drone Makers
Related: Global Coalition Blames China’s APT40 for Hacking Government Networks
Related: In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions