54826467 © Adkasai | Dreamstime.com

US Government Leery of Chinese-made Port Cranes Thought to be Rigged for Spying

April 1, 2024
US also sees Chinese information gathering as a real threat.

While public attention has been focused on congressional attempts to ban TikTok for gathering data on ordinary Americans for the Chinese government, charges have been leveled that American port cranes built in China are equipped with technology that could be used by China’s communist government to spy on civilian and military port activities.

In response, President Biden issued an executive order giving the Department of Homeland Security (DHS) more authority to directly address maritime cyber threats. The order gives the U.S. Coast Guard permission to require marine transportation systems (MTS) used on ocean vessels, facilities and harbors to improve unsatisfactory cyber conditions.

In addition, the Coast Guard can now control the movement of vessels that pose suspected or known cyber threats to the U.S. maritime infrastructure. The order also codifies rules that require incidents and active threats arising from this sort of technology be reported to the government.

“It’s a shift from requesting to requiring,” explained Anne Neuberger, who serves as deputy national security advisor for cyber and emerging technologies. “The Coast Guard is the regulator for ports, and the executive order takes their existing physical authorities to set security rules for ports and extends that to the cybersecurity domain. So ports will be required to report that to the Coast Guard.”

When they announced the new actions at a press conference in late February, administration officials emphasized that ports in the United States are a critical infrastructure target for Chinese government hackers, which could lead to dire consequences outweighing the mere gathering of intelligence data.

Rear Adm. John Vann, who heads the Coast Guard cyber command, commented that Chinese-manufactured ship-to-shore cranes “make up the largest share of the global market and account for nearly 80% of cranes at U.S. ports. By design, these cranes may be controlled, serviced and programmed from remote locations.” These features, he noted, potentially leave Chinese-manufactured cranes vulnerable to exploitation.

Coast Guard Deputy Commandant for Operations Vice Admiral Peter Gautier also pledged, “Our captains of the port will work directly with crane owners and operators to deliver the directive and verify compliance within a reasonable timeframe.”

Vann also testified about the crane situation before a hearing held by the House Homeland Security Committee in late February.

As a result of those hearings, Representatives Mark Green (R-Tenn.), chairman of the House Committee on Homeland Security; Andrew Garbarino (R-NY), Carlos Gimenez (R-FL), and Dan Bishop (R-NC) wrote to Homeland Security Secretary Alejandro Mayorkas demanding additional detailed information on the cybersecurity threats posed to military and industrial operations by the Chinese-made cranes operating at U.S. ports.

They noted that the operational technology (OT) system of these cranes potentially could be exploited to completely shut down domestic port operations, “suspending all commercial activity which would also disrupt our nation’s military and commercial supply chains.”

Potential Catastrophe

Any potential port shut down could create catastrophic economic and security consequences, the representatives said. “These vulnerabilities could provide opportunities to near-peer nation-state adversaries, such as China, to cripple our economy from behind a computer screen.”

The House members also referred to statements made by a former top U.S. counterintelligence official, who declared that these cranes “can be the new Huawei,” referring to the Chinese cellphone system that had been banned in the U.S. because of security concerns.

The cranes at issue are the products of Shanghai Zhenhua Heavy Industries Co. (ZPMC), a subsidiary of China Communications Construction Co. More than a dozen cellular modems have been found in the Chinese cranes in use at U.S. ports.

According to the congressional letter writers, these cranes contain technology that allows the Chinese to remotely monitor in real time the cranes’ operations and are capable of collecting data from the shipping containers they handle. This access “could provide the Chinese Communist Party with valuable information on American critical infrastructure,” the letter added.

The crane technology would not be the first time the Chinese government has exploited technology to spy on the American logistics industry. Several years ago, it was discovered that handheld barcode readers made in China succeeded in inserting a computer “worm” virus into a major package carrier’s internal systems, which after it had roamed around eventually found its way into the company’s accounting systems. That breach was traced back to the Chinese People’s Liberation Army (PLA).

Also in February, the Biden administration separately announced its plans to spend $20 billion on investments on improved port security and in the future development and manufacture of cranes in the U.S. These funds are supposed to originate from the $1 trillion infrastructure law enacted in 2021.

Cary Davis, president of the American Association of Port Authorities (AAPA) expressed his organization’s support for the administration’s measures. “America’s ports work closely with our federal partners to maintain the highest possible standards of physical and cybersecurity. We welcome and applaud President Biden’s actions which further empower the Coast Guard to keep our ports safe along with the Administration’s efforts to build out domestic manufacturing capacity for key equipment.”

Later, seeking to downplay the controversy raised by the discovery of the modems on the Chinese-made cranes, AAPA chose to make the point that “there have been no known security breaches as the result of any cranes at U.S. ports, despite alarmist media reports. Further, modern cranes are very fast and sophisticated but even they can't track the origin, destination, or nature of the cargo.”

AAPA pointed out that U.S. ports currently partner with government authorities to assess security vulnerabilities from every threat vector. “Recent reports—citing sources that have worked directly with the industry—have at times conflated the approved equipment at ports with other Chinese technology that has consciously been rejected in the U.S. because of potential misuse. Our indelible partnerships with the government have led to identifying the real threats,” AAPA stressed.

However, AAPA noted that China subsidizes the manufacture of its port cranes which ends up allowing them to produce them at half the cost of crane equipment that is manufactured in the America. As a result, the association did express its support for the goal of returning this manufacturing capacity to the U.S. “Just picture American factories churning out world-class, connected, low-emissions, and user-friendly cranes, trucks and tractors,” said Cary Davis, AAPA’s vice president and general counsel. “That’s the opportunity we have here.”

In due recognition of this potential, AAPA reported that it plans to introduce its own federal legislation in the near future, called the Crane Reshoring and National Enforcement of Supply Chain Security (CRANES) Act of 2023, which it hopes will jump-start American production of new port container handling equipment.