Cyber security and the perceived vulnerability of the nation’s supply chain has turned a spotlight on the ship-to-shore (STS) container cranes manufactured by China’s Shanghai Zhenhua Heavy Industries Company (ZPMC) that are installed at a number of U.S. ports.
Currently, nearly 80 percent of the cranes at U.S. ports were built by ZPMC, one of the largest manufacturers in the People’s Republic of China (PRC), with all of them operating with software developed by a Chinese company.
Shanghai-based ZMPC, which also holds a majority market share of the world container crane business, has caught the attention of federal lawmakers, who charge that an eight-month investigation by several U.S. government agencies found that “uncontracted-for equipment and components” was installed on U.S.-bound container cranes and other Chinese-made cargo handling equipment.
In response, on February 21, President Biden signed an executive order intended to bolster the security of the nation’s ports by jump-starting a series of actions that will strengthen maritime cybersecurity.
“The security of our critical infrastructure remains a national imperative in an increasingly complex threat environment. MTS owners and operators rely on digital systems to enable their operations including vessel navigation, cargo movement, engineering, safety, and security monitoring,” the executive order reads.
These systems, it adds, “have revolutionized the maritime shipping industry and American supply chains by enhancing the speed and efficiency of moving goods to market, but the increasing digital interconnectedness of our economy and supply chains have also introduced vulnerabilities that, if exploited, could have cascading impacts on America’s ports, the economy, and everyday hard-working Americans.”
The order includes giving the U.S. Coast Guard the express authority to respond to malicious cyber activity affecting the nation’s Marine Transportation System and an investment of more than $20 billion in the nation’s port infrastructure over the next five years.
A week after the order was signed, members of two U.S. House Committees – Homeland Security and the House Select Committee on China – drafted a letter to officials at ZPMC’s Shanghai headquarters expressing concerns about possible cyber espionage compromising critical U.S. maritime infrastructure and supply chains.
Referring to the “uncontracted-for equipment and components” reportedly found on several of the company’s cranes, the letter stated that they “do not appear in any way to contribute to the operation of the STS cranes or onshore infrastructure, raising significant questions as to their intended applications” and that ZPMC operates a crane manufacturing facility adjacent to a shipyard that builds the China’s most advanced warships.
The letter also cited a Wall Street Journal article which reported that the Federal Bureau of Investigation discovered intelligence gathering equipment on ZPMC cranes loaded aboard a heavy-lift ship delivering the fully-assembled equipment to the Port of Baltimore.
ZPMC responded in a March 10 statement posted on the company’s website with senior company executives stating that the cranes manufactured by the company “pose no cybersecurity risk to any port.”
According to the company, its cranes “are designed, manufactured, transported, assembled, commissioned, and delivered strictly in accordance with international standards, applicable laws and regulations, and technical specifications determined by customers.”
On February 23, China’s Foreign Ministry spokesperson Mao Ning responded to questions about the cranes and Biden’s plans to invest billions of dollars into domestic manufacturing by saying accusations of security risks are “completely unfounded.”
The PRC, he said, “firmly opposes the U.S. overstretching the concept of national security and abusing state power to go after Chinese products and companies. Weaponizing economic and trade issues will exacerbate security risks in global industry and supply chains and inevitably backfire.”
The U.S., he added, “needs to respect the principles of market economies and fair competition, and provide a fair, just, and non-discriminatory environment for Chinese companies.”
The claim that “Chinese-made cranes pose a security risk to the U.S. is entirely paranoid,” wrote Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, D.C.
“We firmly oppose the U.S. overstretching the concept of national security and abusing national power to obstruct normal economic and trade cooperation with China,” he wrote in a recent message posted on the ‘X’ social media platform in response to the administration’s executive order.
Cary Davis, president and CEO of the Washington, D.C.-headquartered American Association of Port Authorities (AAPA), the country’s largest port organization, has said there are “safeguards in place” to assure that cargo handling equipment manufactured overseas is secure.
“Our ports proactively work with the U.S. Coast Guard, other federal law enforcement, and private sector experts to mitigate risks through inspections and defensive measures,” said Davis.
The AAPA, he added, “supports domestic production of cranes and other equipment at U.S. ports.”
Last year, the organization said that China has subsidized crane manufacturing so to correct that imbalance, the U.S. should ramp-up its reshoring efforts.
“Just picture American factories churning out world-class, low-emission, user-friendly cranes, trucks, and tractors. That’s the opportunity we have here,” Davis said.
In March, the AAPA announced that it is currently working with the U.S. Department of Transportation, the Maritime Administration and U.S. manufacturers “to assess the nationwide demand.”
Gene Seroka, executive director at the Port of Los Angeles (POLA) – the nation’s busiest container port – has expressed concern about cranes being able to collect data. He said officials there have been focused on cyber security for the past decade.
Container terminals at POLA operate 83 cranes, 39 of which were manufactured in China. The facilities are privately operated with cranes and other cargo-handling equipment purchased by the terminal operators, not by the port.
The Biden administration’s executive order is “a wake-up call for all of us in the port and supply chain industry,” said Seroka.
“The bottom line is that today’s high-tech cranes can collect data. That is why this executive order is so important, so that we can work together to shore up lines of communication, protect data and limit accessibility to unauthorized users,” he said.
According to a ‘Fact Sheet’ issued by the White House, the administration’s initiative calls for Japan-based Mitsui Engineering & Shipbuilding to work with PACECO, its California-based subsidiary, to develop container crane production in the U.S.
PACECO, it said, “intends to partner with other trusted manufacturing companies to bring port crane manufacturing capabilities back to the U.S. for the first time in 30 years, pending final site and partner selection.” •