In the heart of global maritime trade, a critical yet often overlooked component has become a focal point of national security concerns: the ship-to-shore (STS) cranes manufactured in China. Dominated by the state-owned Shanghai Zhenhua Heavy Industries Co. (ZPMC), these cranes are ubiquitous in U.S. ports, accounting for approximately 80% of the country’s container cargo-handling equipment. However, their widespread use has raised alarming questions about cybersecurity, data privacy, and the potential for disruptive attacks on critical infrastructure.

This in-depth guide delves into the complexities surrounding Chinese-made STS cranes, exploring the reasons behind their dominance, the inherent risks they pose, and the ongoing efforts by U.S. authorities to mitigate these threats. Readers will gain insight into the sophisticated technologies embedded in these cranes, including their remote control capabilities and integrated sensors, which can track and record sensitive information about container shipments. The guide will also cover recent directives and actions taken by the U.S

US warns of cyberthreat from China container cranes

Guide to Cyber Threats from Chinese-Manufactured Port Cranes

Introduction

The U.S. Coast Guard and other security agencies have recently raised significant concerns about the cybersecurity risks associated with Chinese-manufactured ship-to-shore cranes used in U.S. ports. This guide provides an in-depth look at these risks, the vulnerabilities involved, and the potential implications for national security and port operations.

Cybersecurity Risks and Vulnerabilities

Built-In Vulnerabilities

Chinese-made ship-to-shore cranes are equipped with systems that allow for remote access and control. These systems, while intended for maintenance and operational efficiency, contain built-in vulnerabilities that can be exploited by malicious actors. This remote access capability can be used to compromise the security of the cranes and the broader port infrastructure[3].

State-Backed Espionage

There are concerns that these vulnerabilities could be leveraged by state-backed entities, particularly from China, for espionage purposes. The presence of these cranes in critical U.S. ports raises alarms about the potential for unauthorized data collection and sabotage[2].

Potential for Disruption

The exploitation of these vulnerabilities could lead to significant disruptions in port operations. This includes the potential for cranes to be manipulated to cause accidents, damage cargo, or halt port activities, which could have economic and national security implications.

Impact on Port Operations

Operational Disruptions

Any successful cyber attack on these cranes could result in operational disruptions, including delays in cargo handling and potential damage to cargo and infrastructure. This could lead to economic losses and impact the supply chain[3].

Safety Risks

There is also a significant safety risk associated with compromised cranes. Malfunctioning cranes could lead to accidents, injuring personnel and causing damage to surrounding equipment and infrastructure.

National Security Concerns

Data Collection

The primary concern is the potential for these cranes to be used as tools for data collection by foreign entities. This could include sensitive information about port operations, cargo movements, and other critical infrastructure data[2].

Sabotage and Espionage

The ability to remotely control these cranes raises the specter of sabotage and espionage. This could compromise national security by providing foreign actors with the means to disrupt critical infrastructure and gather intelligence on U.S. port operations.

Mitigation and Response

Cybersecurity Directives

The U.S. Coast Guard has issued specific cybersecurity directives aimed at mitigating these risks. These directives include enhanced security protocols for the use and maintenance of Chinese-manufactured cranes, as well as regular security audits to identify and address vulnerabilities[1].

Enhanced Monitoring

Ports are advised to implement enhanced monitoring systems to detect any unauthorized access or unusual activity related to the cranes. This includes real-time monitoring and incident response plans to quickly address any security breaches.

Collaboration and Information Sharing

There is a strong emphasis on collaboration between port authorities, security agencies, and manufacturers to share information about potential threats and best practices for securing these systems. This includes regular updates on new vulnerabilities and patches to ensure the security of the cranes.

Conclusion

The use of Chinese-manufactured ship-to-shore cranes in U.S. ports poses significant cybersecurity risks that need to be addressed urgently. Understanding these risks, identifying the vulnerabilities, and implementing robust mitigation strategies are crucial for ensuring the security and operational integrity of U.S. ports. Continuous monitoring, collaboration, and adherence to cybersecurity directives are key to mitigating these threats and protecting national security.

USCG Instructs Owners of Chinese STS Cranes to Take …

Guide to U.S. Coast Guard’s Cyber Risk Management Directive for Chinese-Made STS Cranes

Introduction

The U.S. Coast Guard has issued a new cyber risk management directive, MARSEC Directive 105-5, targeting the owners and operators of Chinese-made ship-to-shore (STS) cranes. This directive is part of a broader effort to protect U.S. port infrastructure from potential cyber threats associated with these cranes.

Background and Context

• Chinese-made STS cranes dominate the global market, with nearly 80% of the STS cranes at U.S. ports manufactured by Chinese companies, particularly the state-owned Shanghai Zhenhua Heavy Industries Co. Ltd.[1][3][5].
• The widespread use of these cranes has raised significant security concerns due to their remote access, control, and programming capabilities, which could be exploited by malicious actors.

Previous Actions and Directives

• In February 2024, the U.S. Coast Guard issued MARSEC Directive 105-4, which mandated initial security measures for STS cranes made by Chinese companies. This was in response to President Joe Biden’s instructions to enhance cybersecurity protections for U.S. port infrastructure[1][3][5].
• The new directive, MARSEC Directive 105-5, dated November 13, 2024, builds upon the previous requirements and addresses additional security concerns.

Key Security Concerns

• Remote Access Vulnerabilities: The cranes’ ability to be controlled, serviced, and programmed from remote locations creates significant vulnerabilities. These features could be exploited by China or other malicious actors to disrupt U.S. critical infrastructure[1][3][5].
• Threat Intelligence: There is intelligence suggesting China’s interest in disrupting U.S. critical infrastructure, which heightens the urgency for immediate preventive measures[1][3][5].
• Modem Installations: Recent reports have highlighted the discovery of suspicious modems installed on some of these cranes, further fueling concerns about potential spying and interference with port operations[1][4].

Requirements and Actions

• Contacting Local Authorities: Owners and operators of Chinese-made STS cranes must contact their local Coast Guard Captain of the Port or District Commander to obtain a copy of the directive, which contains security-sensitive information and is not publicly available[1][3][4].
• Enhanced Cyber Risk Management: The new directive outlines additional cyber risk management requirements beyond those specified in the previous directive. These measures are designed to prevent security incidents in the national transportation system[1][3][5].
• Coordination with Other Agencies: The Coast Guard has consulted with various agencies, including the Department of State, Department of Defense, Department of Transportation, Transportation Security Administration, and Cybersecurity and Infrastructure Security Agency (CISA), to establish these revised guidelines[3].

Policy and Regulatory Responses

• Executive Order and Infrastructure Funding: President Joe Biden has issued an executive order allocating billions of dollars in infrastructure funding to replace Chinese-made cranes with American-made alternatives. This initiative aims to enhance national supply chain resilience and reduce dependence on foreign-manufactured cranes[1][3][5].
• Tariffs on Chinese Cranes: The United States Trade Representative has imposed a 25% tariff on Chinese-made STS cranes for orders placed after May 2024, although exceptions have been made for orders placed prior to this date and delivered by 2026[1][4].

Industry and Stakeholder Reactions

• American Ports Association: The association has criticized the additional costs imposed by the tariffs and the lack of clear alternatives to Chinese-made cranes. They initially dismissed the cyber threat concerns but have since acknowledged the need for heightened security measures[1][4].
• Congressional Investigations: Congressional investigations have recommended disabling the modems and communications capabilities on these cranes and barring the use of Chinese cranes and logistics software to protect U.S. ports[1][4].

Future Steps and Initiatives

• Cybersecurity Training and Resources: The Department of Homeland Security and CISA have launched a new cybersecurity training platform for port operators to improve security. However, there is a noted gap in the adoption of these services, with only 36% of private operators using Coast Guard cybersecurity services[4].
• Control Environment Laboratory Resource (CELR) Platform: The DHS’ Science and Technology Directorate, alongside CISA, has introduced the CELR platform to bolster cybersecurity at U.S. harbors. This platform will serve as a training and research hub for enhancing maritime infrastructure security[3].

Conclusion

The U.S. Coast Guard’s MARSEC Directive 105-5 is a critical step in addressing the cybersecurity risks associated with Chinese-made STS cranes at U.S. ports. The directive underscores the importance of proactive measures to protect national infrastructure and ensures that all stakeholders are aligned in mitigating these risks. As the U.S. continues to enhance its cybersecurity posture, the replacement of foreign-manufactured cranes with domestic alternatives and the implementation of robust security protocols will be key to safeguarding maritime operations.

Why China’s cargo cranes at U.S. ports pose espionage risk

Guide to Security Risks Associated with Chinese-Made Cargo Cranes in U.S. Ports

Introduction

The use of Chinese-made cargo cranes in U.S. ports has raised significant security concerns due to potential vulnerabilities in these systems. Here is a comprehensive guide outlining the key issues and measures being taken to address these risks.

Prevalence of Chinese-Made Cranes

• Chinese-made ship-to-shore (STS) cranes, primarily manufactured by Shanghai Zhenhua Heavy Industries Co. Ltd. (ZPMC), dominate the global market and are used in approximately 80% of U.S. ports[2][4][5].

Security Risks

Cybersecurity Vulnerabilities

• These cranes are equipped with control technology that allows for remote access and control, which could be exploited by Chinese entities to gain unauthorized access to U.S. port systems[1][4][5].
• The presence of cellular modems in some cranes, not specified in the original contracts, raises concerns about potential espionage and sabotage. These modems could enable remote monitoring and control, bypassing existing security measures[3][5].

National Security Implications

• ZPMC is a state-owned Chinese company that has been identified as a “Communist Chinese Military Company” by the Department of Defense. This affiliation increases the risk of the cranes being used for intelligence gathering and disrupting U.S. critical infrastructure[2][3][5].

Geopolitical Concerns

• The People’s Republic of China’s (PRC) geopolitical ambitions, particularly regarding Taiwan, pose a risk that the PRC could restrict or manipulate the supply of critical components essential to U.S. maritime infrastructure in a future dispute[2].

Investigations and Findings

Congressional Probe

• A joint investigation by the House Homeland Security Committee and the Select Committee on the Chinese Communist Party found that the cranes contain unexpected communications equipment, including cellular modems, which could be used for espionage and sabotage[3][5].

Discovery of Unauthorized Components

• The investigation revealed that some of the modems were installed without the knowledge or request of the U.S. ports, fueling concerns about covert national-security risks[3][5].

Regulatory and Administrative Responses

MARSEC Directives

• The U.S. Coast Guard has issued MARSEC Directive 105-5, which sets out additional cyber risk management requirements for STS cranes made by Chinese companies. This directive follows a previous mandate issued in February and is part of a broader effort to enhance maritime cybersecurity[1][4].

Executive Order

• President Joe Biden signed an executive order in February that strengthens maritime cybersecurity, fortifies the supply chain, and allocates $20 billion for U.S. port infrastructure upgrades over the next five years. The order specifically addresses the threat posed by Chinese cranes and mandates the replacement of these cranes with ones made in America[1][5].

Recommended Mitigations

Disconnection of Cellular Modems

• Port operators are advised to disconnect the cellular modems from the cranes to prevent potential remote access and espionage[2][5].

Installation of Monitoring Software

• The installation of operational technology monitoring software is recommended to enhance the security of the crane systems[2].

Enhanced Oversight

• The Department of Homeland Security (DHS) and the U.S. Coast Guard are urged to prioritize closing security gaps, particularly at strategic seaports, and ensure the safety and security of these critical infrastructure points[2][5].

Conclusion

The use of Chinese-made cargo cranes in U.S. ports presents significant cybersecurity and national security risks. Ongoing investigations and regulatory actions aim to mitigate these risks through enhanced security measures, the disconnection of unauthorized components, and the eventual replacement of these cranes with domestically manufactured alternatives. These efforts are crucial to protecting the integrity and security of U.S. maritime infrastructure.

Chinese-made port cranes in US included ‘backdoor …

Chinese-Made Port Cranes: A Security Risk to US Ports

Introduction

A recent congressional examination has uncovered significant security vulnerabilities associated with Chinese-made port cranes used in US seaports. This guide outlines the key findings and implications of the report.

Background

The investigation was conducted jointly by the House Select Committee on China and the House Homeland Security Committee. The focus was on the Shanghai-based, state-owned company Shanghai Zhenhua Heavy Industries Co., Ltd. (ZPMC), which dominates the global market for ship-to-shore (STS) cranes.

Key Findings

Technological Backdoors

• The report revealed that Chinese-made STS cranes in US ports contain technological backdoors, specifically cellular modems, that were not requested by US ports or included in contracts. These modems are connected to Linux computers on the port cranes and were intended for the collection of usage data on certain equipment[1][3][5].

Unauthorized Installations

• In some cases, these cellular modems were installed without the knowledge of port authorities and beyond the scope of contracts with ZPMC. Technicians at the ports believed these modems were for diagnostic purposes, but they created an obscure method to collect information and bypass firewalls, potentially disrupting port operations[1][3][4].

Remote Access and Cybersecurity Risks

• ZPMC has pressured port operators to allow remote access to its cranes, ostensibly for maintenance and diagnostic purposes. However, this access could potentially be extended to other PRC government entities due to China’s national-security laws that mandate companies cooperate with state intelligence agencies[2][4][5].

Supply Chain Vulnerabilities

• Contracts reviewed by lawmakers showed that many agreements allowed critical internal components from third-party contractors to be sent to ZPMC for installation. These components, often from non-Chinese companies like German, Japanese, or Swiss firms, are shipped to China for assembly without oversight from the original manufacturers, posing significant supply-chain security risks[1][3][4].

Implications for National Security

Potential for Espionage and Disruption

• The embedded technology in these cranes could allow Beijing to covertly gain access to the machines, making them vulnerable to espionage and disruption. This vulnerability has the potential to affect Americans nationwide by compromising critical infrastructure[2][4][5].

Geopolitical Concerns

• The report highlights concerns over the PRC’s geopolitical ambitions, particularly regarding Taiwan. In a potential future dispute, the PRC could restrict or manipulate the supply of critical components or materials essential to US maritime infrastructure, including STS cranes, severely disrupting US commercial activities and hindering the Department of Defense’s (DoD) ability to deploy supplies and resources[3][5].

Recommendations and Actions

Severing Connections and Enhancing Security

• The committees recommend that US ports sever the connections between ZPMC cranes and cellular modems and install operational technology monitoring software to enhance cybersecurity[3].

Domestic Production and Cybersecurity Measures

• The US is working to start domestic production of STS cranes with Japanese heavy industrial company Matsui to reduce reliance on Chinese-made equipment. Additionally, the Coast Guard has been ordered to implement better cybersecurity measures at ports[1].

Regulatory and Policy Responses

• The Biden-Harris administration has announced an Executive Order to strengthen maritime cybersecurity, fortify the supply chain, and strengthen the US industrial base, including a $20 billion investment into US port infrastructure over the next five years[3].

Conclusion

The presence of Chinese-made port cranes with embedded technological backdoors poses a significant threat to US national security and the integrity of port operations. Addressing these vulnerabilities through enhanced cybersecurity measures, domestic production of critical hardware, and stringent regulatory policies is crucial to mitigating these risks.

US tariffs loom for Chinese-made port cranes, but pre- …

Guide to US Tariffs on Chinese-Made Port Cranes

Introduction

The US has implemented new tariffs on Chinese-made ship-to-shore cranes, a move aimed at protecting American manufacturers and addressing China’s unfair trade practices. Here is a detailed guide to the implications and exemptions of these tariffs.

Tariff Announcement and Objectives

• The US Office of the Trade Representative (USTR) has confirmed plans to levy a 25% tariff on Chinese-made container cranes, effective as part of President Biden’s actions to protect American workers and businesses from China’s unfair trade practices[3][4].
• The tariffs are intended to counteract China’s non-market practices, such as forced technology transfers, intellectual property theft, and artificially low-priced exports, which have led to excessive concentration in the market.

Exemptions for Pre-Orders

• Cranes ordered before May 14, 2024, and delivered before May 14, 2026, are excluded from the tariffs. This exemption was granted after extensive industry lobbying, recognizing the long lead times for purchasing ship-to-shore cranes, which often exceed two years[3][5].

Impact on US Ports

• The tariffs could significantly increase costs for US ports. For example, Port Houston faces an additional $28.5 million in costs for eight container cranes ordered in July, which are critical for their capital investment plan to grow capacity[2].
• The Port of Freeport in Texas could also incur an extra $6 million in costs for two container cranes ordered from Chinese manufacturers[2].

Industry Response and Concerns

• The American Association of Port Authorities (AAPA) and other port officials have strongly opposed the tariffs, arguing they will harm port efficiency and capacity, strain supply chains, increase consumer prices, and weaken the US economy[2][3].
• The AAPA has emphasized that there are currently no US manufacturers of ship-to-shore cranes, making the tariffs counterproductive to port development and urging the USTR to suspend the tariffs until domestic manufacturing options are available[2][3].

Security Concerns

• There are also security concerns related to Zhenhua Heavy Industries Co. (ZPMC), the world’s largest manufacturer of container cranes. Reports suggest that ZPMC cranes may have modems that could be used for espionage, posing significant risks due to China’s national security laws[3].
• Recommendations include disassembling connections to ZPMC cranes and installing operational technology monitoring software to mitigate these risks.

Long-Term Solutions

• The US government is encouraged to enact legislation to build up a domestic crane manufacturing sector. In the meantime, financial incentives are suggested to encourage US ports to buy cranes from non-adversarial countries[3].
• A federal $20 billion investment plan has been announced to launch a new manufacturer in California, though the status of this project remains uncertain[5].

Economic and Competitive Implications

• The tariffs could make US ports less competitive against Mexican and Canadian ports, which do not face similar costs. This could lead to delayed projects and increased economic burdens on US ports[2][5].
• The AAPA has requested a delay in the effective date of the tariffs by at least two years or until a US manufacturer is capable of providing the product domestically, to provide relief to ports with existing contracts and to incentivize domestic production[5].

In summary, the 25% tariff on Chinese-made ship-to-shore cranes is part of a broader strategy to address China’s unfair trade practices, but it poses significant challenges for US ports due to the lack of domestic manufacturing alternatives. The exemptions for pre-orders and ongoing industry lobbying highlight the complexities and potential impacts of these tariffs on the US port industry.

U.S. Moves Forward with Sweeping Tariffs on China …

U.S. Tariffs on Chinese-Made Port Cranes: An In-Depth Guide

Introduction

The U.S. has implemented sweeping tariff increases on a wide range of Chinese goods, including ship-to-shore (STS) cranes used in American ports. This guide provides a comprehensive overview of the tariffs, their impact, and the responses from various stakeholders.

Tariff Details

Scope of Tariffs

The tariffs cover a broad spectrum of Chinese goods, including:
– Semiconductors
– Steel and aluminum products
– Electric vehicles and their batteries
– Permanent magnets
– Medical products such as gloves, facemasks, and syringes
– Ship-to-shore cranes[1][3][4].

Tariff Rates and Implementation

• The tariff rate on Chinese-made STS cranes has been increased to 25% effective in 2024.
• Tariffs on other goods, such as semiconductors, electric vehicles, and medical products, also see significant increases, with some phasing in during 2025 and 2026[1][3][4].

Exclusions and Modifications

Contracts and Delivery Dates

• An exclusion has been added for contracts executed prior to May 14, 2024, and for cranes that enter the United States prior to May 14, 2026.
• This modification addresses concerns from port operators who argued that immediate implementation would punish U.S. ports without a viable alternative[1][3].

Impact on U.S. Ports

Financial Burden

• The tariffs are expected to increase costs significantly for U.S. ports. For example, the American Association of Port Authorities (AAPA) estimated an additional $131 million in costs for ports due to the tariffs on cranes ordered before the tariff announcement[1][3][5].

Operational Challenges

• Port officials, including those from Port Houston and the Port of Freeport, have expressed concerns that the tariffs could delay critical port infrastructure investments and impact future projects. The increased costs could make U.S. ports less competitive compared to Mexican and Canadian ports[2][5].

Security Concerns and Cybersecurity Risks

Accusations Against ZPMC

• Chinese state-owned Shanghai Zhenhua Heavy Industries (ZPMC), which dominates the global market for STS cranes, has been accused of espionage. Inspections have found cellular modems on ZPMC cranes that could bypass the port’s local area network, raising concerns about potential cyber intrusions[1][3].

Government Response

• The Biden administration has ordered a review and given the U.S. Coast Guard new authorities for cybersecurity and port operations. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has been recommended to issue guidance on monitoring software for ZPMC cranes[1][3].

Industry and Stakeholder Responses

American Association of Port Authorities (AAPA)

• AAPA has repeatedly argued against the immediate implementation of the tariffs, citing the lack of a strong alternative and the potential harm to U.S. port operators. They have commended the exclusion for pre-ordered cranes but continue to advocate for long-term alternatives and financial incentives to support domestic manufacturing[1][2][3].

Port-Specific Concerns

• Port Houston, for instance, has a significant order of eight electric STS cranes from ZPMC, which could be subject to the 25% tariff, adding an estimated $28.5 million in costs. This is part of a larger capital investment plan to expand the Houston Ship Channel[2].

Long-Term Solutions

Reshoring Manufacturing

• The Biden administration is working to reshore a portion of the manufacturing of STS cranes to the U.S. and is supporting competitive offers to ZPMC. Agreements have been made with companies like PACECO Corp. and Konecranes to establish U.S.-based manufacturing capabilities for cranes[1].

Encouraging Non-Adversarial Vendors

• The U.S. government is encouraging ports to buy cranes from non-adversarial countries and is considering financial incentives to support this shift. Legislation to build up a domestic crane manufacturing sector is also being explored[3].

Conclusion

The implementation of tariffs on Chinese-made STS cranes is a complex issue with significant financial, operational, and security implications for U.S. ports. While the exclusions for pre-ordered cranes provide some relief, the long-term goal of the U.S. government is to develop a domestic manufacturing sector and reduce dependence on Chinese suppliers. This approach aims to balance economic and security interests while promoting American manufacturing and supply chain security.

Joint Investigation into CCP-Backed Company Supplying …

Joint Investigation into CCP-Backed Company Supplying Cranes to U.S. Ports: Key Findings and Implications

Introduction

A joint investigation by several House committees has uncovered significant concerns regarding Chinese-built cargo cranes deployed at various U.S. ports. The investigation, focused on cranes supplied by Shanghai Zhenhua Heavy Industries (ZPMC), a state-owned Chinese manufacturer, has revealed the presence of unexpected and potentially risky communications equipment.

Scope of the Investigation

• The investigation involves multiple House committees examining the installation and operation of ZPMC ship-to-shore (STS) cranes at U.S. seaports.
• It also includes an inquiry into ZPMC’s connections with the Chinese Communist Party (CCP) and any potential directives from the CCP to ZPMC.

Key Findings

Unauthorized Communications Equipment

• Cellular modems were discovered on ZPMC STS crane components at multiple U.S. seaports.
• These modems were not part of the original equipment contracts between the U.S. ports and ZPMC.
• Port officials were unable to determine why these modems were installed, as they were not requested by the ports.

Specific Incidents

• More than 12 cellular modems were found in Chinese-made cranes across several U.S. ports.
• Some modems were used for operational functions such as remote monitoring and tracking of maintenance, but others were installed without any clear purpose or request from the ports.
• In one instance, a cellular modem was found in a server room at a U.S. port, which housed the firewall and networking equipment for the STS cranes.

FBI Involvement

• In 2021, the Federal Bureau of Investigation (FBI) discovered intelligence gathering equipment on a vessel delivering ZPMC cranes to the Port of Baltimore.

ZPMC’s Dominance and Security Concerns

• ZPMC accounts for nearly 80% of the STS cranes in use at U.S. maritime ports.
• Many of these cranes are built in an area adjacent to a shipyard where the People’s Liberation Army Navy’s most advanced warships are constructed, including aircraft carriers and destroyers.

Security Implications

Potential for Espionage

• The presence of unauthorized communications equipment has raised concerns that these cranes could be used for spying on U.S. ports.
• The Biden administration is particularly concerned about the potential for these cranes to be used as tools for surveillance or sabotage.

Investigation into ABB

• The investigation also involves the Swiss company ABB, as many of the operational components manufactured by ABB are shipped to China, stored for several months, and then installed on U.S.-bound port equipment by ZPMC engineers.

Political and National Security Reactions

Congressional Concerns

• Lawmakers have expressed significant concerns about the security risks posed by these Chinese-made cranes.
• Tennessee politician Mark Green has highlighted China as a major threat to U.S. security, emphasizing the need for vigilance in such matters.

International Context

• The findings have added to the broader discourse on the security risks associated with Chinese technology and infrastructure in critical U.S. facilities.

Conclusion

The joint investigation has highlighted critical security vulnerabilities related to the use of Chinese-built cargo cranes at U.S. ports. The unauthorized installation of communications equipment and the close ties between ZPMC and the CCP have raised alarming concerns about potential espionage and sabotage. These findings underscore the need for enhanced scrutiny and regulation of foreign-made equipment in sensitive U.S. infrastructure.

Biden wants to cut U.S. need for Chinese cranes; ports …

Overview of the Issue with Chinese-Made Cranes at U.S. Ports

Introduction

The use of Chinese-made cranes at U.S. ports has raised significant national security and cybersecurity concerns. Here is a detailed guide on the key issues, investigations, and responses related to this matter.

Security Concerns and Investigations

Discovery of Communications Equipment

A joint investigation by the House Committee on Homeland Security and the House Select Committee on China revealed the presence of unexpected communications equipment, including cellular modems, in Chinese-built cargo cranes. These modems were found to be capable of remote access, raising fears of espionage and disruption of port operations[1][4][5].

Potential for Espionage and Disruption

The modems, which were not requested by U.S. ports and not included in contracts, pose a significant backdoor security vulnerability. They could be used to collect usage data and bypass firewalls, potentially disrupting port operations and undermining the integrity of port security[1][4][5].

Impact on U.S. Ports and Economy

Dominance of Chinese Manufacturing

Chinese state-owned company Shanghai Zhenhua Heavy Industries (ZPMC) supplies nearly 80% of the ship-to-shore cranes used at U.S. ports. This dominance raises concerns about the potential for China to exploit vulnerabilities in U.S. critical infrastructure[1][3][5].

Economic and Operational Risks

The presence of these cranes could allow the Chinese Communist Party (CCP) to undercut trade competitors through espionage and disrupt supply chains, which could devastate the U.S. economy. The tariffs imposed on Chinese-made cranes aim to mitigate these risks but also raise costs for U.S. port operators[1][2][5].

Government Responses and Initiatives

Tariffs and Trade Measures

The Biden administration has implemented sweeping tariffs on Chinese goods, including a 25% tariff on Chinese-made ship-to-shore cranes. However, there are exclusions for contracts executed and cranes entering the U.S. before specific dates to minimize immediate disruption to U.S. ports[2].

Investment in Domestic Manufacturing

The Biden administration has announced a $20 billion investment in U.S. port infrastructure over the next five years, including grants to onshore the manufacturing of ship-to-shore cargo cranes. This initiative involves partnering with companies like PACECO Corp. to establish domestic manufacturing capabilities[3][5].

Cybersecurity Directives

The U.S. Coast Guard has issued a Maritime Security (MARSEC) Directive to provide cyber risk management actions for owners or operators of Chinese-manufactured cranes. This directive includes steps to secure these cranes and mitigate potential cybersecurity threats[3].

Industry and Port Authority Responses

Mitigation Efforts

Port authorities have taken steps to mitigate the risks associated with Chinese-made equipment, although they remain cautious due to the significant dependence on these cranes. Individual ports are in dialogue with the U.S. government to address these concerns[5].

Alternative Manufacturing

Efforts are underway to establish alternative manufacturing sources, including partnerships with international firms like Konecranes and PACECO Corp., to reduce reliance on Chinese-made cranes[2][3].

Conclusion

The issue of Chinese-made cranes at U.S. ports is a complex one, involving significant national security, cybersecurity, and economic concerns. The ongoing investigations and government initiatives aim to address these vulnerabilities and reduce the dependence on Chinese manufacturing. However, the transition to domestic or alternative manufacturing will require careful planning and significant investment to ensure the continued smooth operation of U.S. ports.

Congressional probe finds communications gear in … – CNN

Congressional Investigation into Chinese-Made Cranes at US Ports

Overview

A recent congressional investigation has uncovered significant concerns regarding Chinese-made cranes installed at various US ports. The probe, conducted by the House Committee on Homeland Security and the House Select Committee on China, revealed the presence of undocumented communications equipment in these cranes, raising fears of potential surveillance and sabotage.

Key Findings of the Investigation

Presence of Undocumented Communications Equipment

• The investigation discovered that several Chinese-made cranes, manufactured by Shanghai Zhenhua Heavy Industries (ZPMC), a state-owned Chinese company, contain cellular modems that were not documented in any contracts between US ports and ZPMC[2][4][5].

Installation and Discovery

• These cellular modems were found to be already installed on the cranes when US port personnel inspected them in China. The modems were present in more than 12 instances across various US ports[2][4].

Potential Uses of the Modems

• While some of the modems were used for legitimate operational functions such as remote monitoring and tracking maintenance, others had no clear purpose and were not requested by the ports. This has fueled concerns that these devices could be used for remote access, potentially for espionage or sabotage[2][4][5].

National Security Concerns

Surveillance and Sabotage Risks

• The presence of these undocumented modems has heightened concerns that the cranes could be used for spying on US ports or disrupting logistics in the event of a conflict. This could compromise national security by allowing China to gather intelligence or disable critical infrastructure[2][3][4].

Broader Implications

• The discovery is part of a larger context of US-China tensions over national security. It underscores the need for enhanced security measures at US ports and the scrutiny of equipment supplied by Chinese companies, especially those with state ties[1][3][5].

Response and Recommendations

Enhanced Security Measures

• The Coast Guard has ordered US ports to better secure the Chinese-made cranes in response to the findings. This includes stricter inspections and monitoring of the equipment to prevent any potential misuse[1].

Legislative and Administrative Actions

• There are ongoing efforts to introduce legislation aimed at banning or replacing the use of Chinese-made cranes at US ports. This is part of a broader strategy to reduce dependence on Chinese technology and mitigate potential security risks[3].

International Cooperation

• The US is also working with its allies to address similar security concerns globally, as ZPMC cranes are used in ports worldwide. This cooperation aims to ensure that critical infrastructure is secure from potential Chinese espionage or sabotage[3].

Conclusion

The congressional investigation has highlighted critical security vulnerabilities associated with Chinese-made cranes at US ports. The presence of undocumented communications equipment raises significant concerns about surveillance and sabotage, emphasizing the need for robust security measures and a comprehensive review of equipment sourced from Chinese companies. As tensions between the US and China continue, addressing these issues is crucial for maintaining national security and the integrity of critical infrastructure.

Are Chinese-Made Ship-to-Shore Cranes at U.S. Ports a …

Chinese-Made Ship-to-Shore Cranes at U.S. Ports: A Critical Infrastructure Vulnerability

Introduction

The use of Chinese-made ship-to-shore (STS) cranes at U.S. ports has raised significant concerns regarding national security, cybersecurity, and the integrity of critical infrastructure. Here is a comprehensive guide outlining the key issues and recommendations related to this vulnerability.

Dominance of Chinese-Made STS Cranes

• Chinese company Shanghai Zhenhua Heavy Industries (ZPMC) dominates the global market for STS cranes, accounting for roughly 80% of the STS cranes operational in U.S. ports[1][3][4].

Security Risks and Vulnerabilities

Unauthorized Modifications and Access

• U.S. ports have multimillion-dollar contracts with ZPMC that do not prohibit or limit unauthorized modifications or access to the equipment and technology. These contracts do not specifically bar the vendor from installing backdoors into the equipment or modifying the technology[1][2].

Cellular Modems and Remote Access

• Cellular modems, not requested by U.S. ports and not included in contracts, have been installed on STS cranes. These modems are connected to Linux computers on the cranes and could be used for collecting usage data, bypassing firewalls, and potentially disrupting port operations[2][5].
• ZPMC or third-party contractors have repeatedly requested remote access to these STS cranes, which could extend to other PRC government entities, posing a significant national security risk[1][2].

Critical Component Assembly

• Critical crane components from other countries (e.g., Germany, Japan, Switzerland) are shipped to China for assembly by ZPMC without oversight from the original manufacturers, introducing potential security risks[1].

Cybersecurity Concerns

Remote Control and Exploitation

• STS cranes designed for remote control, servicing, and programming are susceptible to exploitation, posing a threat to the maritime components of the national transportation system[3][4].

Threat Intelligence

• There is threat intelligence indicating the PRC’s interest in disrupting U.S. critical infrastructure, highlighting the need for additional security measures to prevent potential security incidents[3][4].

Geopolitical Implications

PRC’s Geopolitical Ambitions

• The PRC’s geopolitical ambitions, particularly regarding Taiwan, raise concerns about the security of U.S. maritime supply chains. In a potential future dispute, the PRC could restrict or manipulate the supply of critical components essential to U.S. maritime infrastructure[1].

Recommendations and Actions

Disabling Modems and Communications

• Congressional investigations recommend that ports disable the modems and communications capabilities on the Chinese-made STS cranes immediately to mitigate security risks[3][5].

Operational Technology Monitoring

• Installing operational technology monitoring software is advised to enhance the security of the cranes and prevent potential disruptions[1].

Cyber Risk Management Directives

• The U.S. Coast Guard has issued MARSEC Directives (105-4 and 105-5) that outline additional cyber risk management actions for owners and operators of Chinese-made STS cranes. These directives include security-sensitive information and require owners to contact their local Captain of the Port or District Commander for implementation[3][4].

Domestic Manufacturing Initiatives

• The Biden administration has called for investing billions of dollars in domestic crane manufacturing to reduce reliance on Chinese-made cranes and ensure a reliable supply of critical hardware. Efforts are underway to start domestic production of STS cranes in collaboration with companies like Matsui[2].

Regulatory and Policy Responses

Tariffs on Chinese-Made Cranes

• The U.S. Trade Representative has announced a 25% tariff on Chinese-made STS cranes, with exemptions for orders placed prior to May 2024 and delivered by 2026[3].

Enhanced Cybersecurity Measures

• The Department of Homeland Security (DHS), in conjunction with other agencies, is enhancing cybersecurity measures at U.S. ports, including the launch of the Control Environment Laboratory Resource (CELR) platform to bolster cybersecurity at U.S. harbors[4].

Conclusion

The presence of Chinese-made STS cranes at U.S. ports poses significant security and cybersecurity risks due to potential backdoors, unauthorized modifications, and remote access vulnerabilities. Addressing these issues through immediate action, such as disabling modems and enhancing cybersecurity measures, and long-term strategies like domestic manufacturing initiatives, is crucial for protecting U.S. critical infrastructure and national security.

Frequently Asked Questions (FAQs)

What are the key specifications and components of ship-to-shore cranes manufactured in China?

Ship-to-shore cranes manufactured in China are designed to handle significant weight capacities and operate with precision and speed. Key specifications include the lifting capacity, which typically ranges from 40 to 80 tons per container, and the outreach, which is the horizontal distance the crane can extend to access containers on the ship, usually varying from 30 to 70 meters. These cranes are supported by a framework that spans the width of the shipping vessel and are usually powered electrically, with options for diesel or hybrid power systems. The main components include the boom, girder, legs or columns, and the trolley that runs along the boom to transport containers. The cranes are constructed from high-strength steel to ensure durability and resist corrosion in the harsh maritime environment.

How do ship-to-shore cranes in China ensure safety and efficiency in port operations?

Ship-to-shore cranes in China are equipped with various safety and efficiency features. Safety measures include anti-sway systems to prevent container swinging, overload protection devices to prevent accidents during lifting operations, and the use of personal protective equipment (PPE) by operators. Efficiency is enhanced through automated or semi-automated features such as intelligent systems for container positioning, collision avoidance, and remote control operation. Regular maintenance is crucial, involving routine inspections, lubrication, and the timely replacement of worn parts to prevent mechanical wear, electrical faults, and software glitches. Operators undergo training to familiarize themselves with the new equipment, its features, and safe operational practices, including emergency procedures.

What are the steps involved in importing and shipping ship-to-shore cranes from China?

Importing and shipping ship-to-shore cranes from China involves several detailed steps. First, define the specific operational requirements, including the crane’s lifting capacity, speed, and span. Next, locate the right suppliers through platforms like Alibaba, international expos, or industry networks, and conduct a thorough supplier evaluation by verifying their credentials and visiting their manufacturing facilities if possible. Negotiate and finalize the contract, ensuring it covers all specifications, delivery commitments, and after-sales support. For shipping, choose the right mode of transport, typically ocean freight using Ro-Ro or breakbulk shipping methods, and partner with experienced logistics companies. Ensure necessary arrangements for customs clearance, shipping, and transportation, complying with relevant import regulations and documentation requirements.

What are the cybersecurity concerns associated with Chinese-made ship-to-shore cranes?

Chinese-made ship-to-shore cranes have raised cybersecurity concerns due to their potential vulnerability to remote access and control. These cranes, which account for nearly 80% of the STS cranes at U.S. ports, can be controlled, serviced, and programmed from remote locations, making them susceptible to exploitation. The U.S. Coast Guard has issued directives for owners and operators to take additional security measures to prevent potential cybersecurity threats, given the threat intelligence related to China’s interest in disrupting U.S. critical infrastructure. This includes disabling modems and communications capabilities and ensuring that any logistics software developed in China does not pose a security risk.

What kind of maintenance and servicing are required for ship-to-shore cranes imported from China?

Regular maintenance is crucial for the optimal performance of ship-to-shore cranes imported from China. This involves routine inspections to identify potential issues early, lubrication to prevent mechanical wear, and the timely replacement of worn parts. Preventative maintenance helps address common problems such as mechanical wear, electrical faults, and software glitches. The installation process requires thorough site preparation, including ground assessment, space allocation, and foundation establishment, followed by assembling large components, precise alignment, and extensive testing. Operators should adhere to the manufacturer’s recommended maintenance procedures and ensure adequate availability of spare parts. Regular training for operators on maintenance requirements and emergency procedures is also essential to maintain a safe and efficient working