Some Chinese-made cranes used at US ports contain communications equipment with no clear purpose or record of their installation, according to a new congressional investigation that will heighten US concerns that the cranes could be used for surveillance or sabotage.
The investigation by the House Committee on Homeland Security and House select committee on China focused on the more than 200 Chinese-made cranes installed at US ports and related facilities. It comes amid heightened US-China tensions over national security and as the Coast Guard last month ordered the ports to better secure the Chinese-made cranes.
House lawmakers found that the equipment installed on the cranes — cellular modems that can be used for remote communication — were not documented in any contract between US ports and Chinese crane maker ZPMC, a congressional aide familiar with the investigation told CNN. When US port personnel went to China to inspect the cranes, the modems were already installed, the aide said.
The modems were found “on more than one occasion” on the ZPMC cranes, the aide said.
“Our Committees’ investigation found vulnerabilities in cranes at U.S. ports that could allow the CCP [Chinese Communist Party] to not only undercut trade competitors through espionage, but disrupt supply chains and the movement of cargo, devastating our nation’s economy,” Rep. Mark Green, the Republican chair of the House Homeland Security Committee, said in a statement to CNN.
“Without a swift sea-change, we will continue to gift the CCP with an easy means of infiltrating our critical infrastructure on their quest for global dominance.”
In a statement on its website, ZPMC said it “has always been committed to providing high-quality products and services to clients around the world. ZPMC always strictly complies with the laws and regulations of applicable countries.”
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, DC, told CNN that claims that Chinese-made cranes pose a security risk are “entirely paranoia.”
“We firmly oppose the US overstretching the concept of national security and abusing national power to obstruct normal economic and trade cooperation between China and the US,” Liu said.
The Wall Street Journal first reported on the congressional probe’s findings.
Ship-to-shore cranes are key to moving goods through US maritime ports, which generate trillions of dollars in economic activity each year, according to experts. Chinese-made cranes account for nearly 80% of the cranes used at US ports, according to the Coast Guard.
Cranes can often be controlled remotely, meaning that a hacker with access to the cranes’ networks could collect intelligence from ports or, in theory, even cause disruptions of equipment.
In the Coast Guard’s inspections of Chinese-made cranes, “we have found … openings, vulnerabilities that are there by design,” Rear Admiral John Vann, head of the Coast Guard Cyber Command, told lawmakers last month. “What we have not found is instances … of malware or a Trojan-Horse-type software.”
Cary Davis, the CEO of the American Association of Port Authorities, said in a statement to CNN: “Our ports proactively work with the U.S. Coast Guard, other federal law enforcement, and private sector experts to mitigate risks through inspections and defensive measures.”
The Biden administration last month announced plans to invest $20 billion in new US-made port infrastructure, including US-made cranes that officials say are less of a security risk.
A lot of machinery in the maritime and oil and gas sectors has hardware, such as cellular modems, that technicians use for remote maintenance, according to Marco Ayala, an industrial cyber expert with years of experience in the maritime sector.
But this hardware is not always well documented by some of those critical facilities, opening up security risks, said Ayala, who is president of the Houston chapter of InfraGard National Members Alliance, a public-private threat-sharing organization.
Having modems embedded in cranes’ operational systems “physically bypasses” the ports’ traditional IT security defenses, Ayala told CNN. US government and private maritime experts are trying to change that with more rigorous security assessments, he added.