By: Jake Smith, Daily Caller News Foundation
A congressional investigation has discovered strange communication equipment on Chinese-built cargo cranes at U.S seaports, The Wall Street Journal reported on Thursday.
Rather than building them domestically at potentially higher costs, the U.S. relies heavily on Chinese-built cargo cranes that are relatively cheap to produce and equip at seaports across the country. The congressional probe discovered that several of these cranes, built by Chinese mega-manufacturer ZMPC, contain communications devices that were not requested or don’t appear to support standard operations, heightening existing espionage concerns, according to the WSJ.
U.S. intelligence has warned that Chinese cranes – equipped with an array of sensors and equipment – could be exploited by Beijing, as part of China’s larger effort to disrupt national security through several fronts. Beijing continues to insist the U.S.’ national security concerns about Chinese-built cranes are “entirely paranoia” and constitute “[an abuse of] national power to obstruct normal economic and trade cooperation,” according to the WSJ.
“[Beijing] is looking for every opportunity to collect valuable intelligence and position themselves to exploit vulnerabilities by systematically burrowing into America’s critical infrastructure — including in the maritime sector,” Republican Tennessee Rep. Mark Green, chairman of the House Homeland Security Committee, told the WSJ. “The United States has clearly overlooked this threat for far too long.”
Some of the devices discovered through the probe included over a dozen cellular modems on crane components at one U.S. port and a modem at a server room at another port, according to the WSJ. It isn’t unusual that such equipment would be found in these ports, as it’s often used to monitor and track operations remotely, but several ports with ZMPC cranes didn’t even ask for that capability.
One port told Congress in December they were aware such modems were installed on cranes but did not know why they were there, according to the WSJ.
“We are unsure who installed the modems, as they were on the cranes when we first saw them in China,” the port told the House Homeland Security Committee in a December letter. The port explained in the letter that the modems were believed to be installed in 2017, around the time the cranes were being built in China before delivery to the U.S.; the modems were removed in October 2023.
“We have found, I would say, openings, vulnerabilities, that are there by design,” Rear Adm. John Vann, leader of the Coast Guard cyber command, told Congress during a Homeland Security Committee hearing in late February, noting that there have not yet been any detections of “malware or Trojan horse-type software.”
“Our ports proactively work with the U.S. Coast Guard, other federal law enforcement, and private sector experts to mitigate risks through inspections and defensive measures,” Cary Davis, CEO of the American Association of Port Authorities, said in a statement on Thursday. “This previous incident is actually a positive case study in cyber defense and domain awareness.”
In a separate letter sent last week, the Homeland Security Committee told ZMPC that the unexplained equipment does not “contribute to the operation of the (ship-to-shore) cranes or maritime infrastructure and is not part of any existing contract between ZPMC and the receiving U.S. maritime port,” according to the WSJ. The letter noted that several of ZMPC’s cranes were built at a base on the Changxing island of Shanghai, adjacent to a Chinese naval shipbuilding yard.
The Homeland Security Committee also told ZMPC it was aware that the company made repeated requests for remote access to cranes and infrastructure at U.S. seaports, according to the WSJ.
The Biden administration announced in February it would invest over $20 billion in the production of domestically built cranes in a bid to move away from Chinese-manufactured versions, citing cybersecurity and espionage concerns. More broadly, U.S. intelligence agencies have raised alarm that China-backed cyber operations are targeting key American infrastructure systems, such as water or energy plants.
ZMPC did not immediately respond to a request for comment.
Related Story: Chinese Hackers Exploited Routers in America and Japan
