Cranes manufactured in China could be the latest security vulnerability facing the United States, with the equipment potentially offering Beijing a peek into import and export data.
Shanghai Zhenhua Heavy Industries Co., Ltd. (ZPMC) is a manufacturer of ship-to-shore cranes, which are used to move containers between ships and docks. ZPMC, a Chinese state-owned firm, is estimated to account for almost 80 percent of such cranes that are currently used in U.S. ports, according to The Wall Street Journal.
Some security experts are concerned about the sophisticated sensors present in the equipment that can potentially track the origin and destination of containers, providing an opportunity for Beijing to access the inflow and outflow of goods in the country.
Threat actors who are looking to disrupt the flow of goods in the United States can make use of the remote access provided by these cranes, Bill Evanina, a former top U.S. counterintelligence official, told the Journal.
“Cranes can be the new Huawei,” Evanina said. “It’s the perfect combination of legitimate business that can also masquerade as clandestine intelligence collection.”
Chris Wolski, who formerly ran cybersecurity for the port of Houston, told the Journal that it wouldn’t be hard for an attacker to disable a sensor on a crane and prevent the crane from moving.
A 2021 classified assessment conducted by the Defense Intelligence Agency found that China can potentially collect information about the shipment of military equipment through the cranes.
ZPMC is a subsidiary of China Communications Construction Co. (CCCC). In 2020, Washington restricted five CCCC units from accessing U.S. technology because of its ties with the Chinese regime’s military-civil fusion initiative, the Journal reported.
NDAA Study, Bill to Limit Foreign Cranes
Lawmakers and officials are increasingly taking steps to counter the potential threat of Chinese-made cranes.
The 2023 National Defense Authorization Act signed in December 2022 contains a provision that requires the maritime administrator to work with the Department of Defense (DOD), the Department of Homeland Security, and the Cyber Security and Infrastructure Security Agency (CISA) to conduct a study of whether foreign cranes used at U.S. ports are a security threat, CSO reported.
The study is scheduled to be completed by December and submitted to the House Transportation Committee, the Senate Commerce Committee, and the House and Senate Armed Services committees.
In January 2022, Rep. Carlos Gimenez (R-Fla.) introduced a bill called the Port Crane Security and Inspection Act of 2022.
The legislation sought to limit the use of foreign cranes made by adversaries at U.S. ports. It also would have required that CISA inspect foreign cranes for security vulnerabilities and threats before they were put into operation.
Concerns about the use of cranes to spy on the United States come as a Chinese spy balloon shot down by the U.S. Air Force in February heightened tensions between the two nations.
Defense Secretary Lloyd Austin also admitted that the balloon had caused concerns within the DOD about U.S. nuclear capabilities being exposed. The balloon had reportedly flown close to critical military strategic sites.
Meanwhile, the U.S. Office of Management and Budget in late February ordered the removal of the Chinese-owned TikTok app from all government systems and devices to protect U.S. data.
According to a survey of Chinese espionage against the United States reported between 2000 and July 2021, 42 percent of the actors were found to be Chinese military or government employees.
The survey, conducted by the Center for Strategic and International Studies, found that 34 percent of the incidents sought to acquire military technology and 51 percent wanted to access commercial technologies.