A congressional investigation found that technology embedded in Chinese cargo cranes used in the United States could serve as a “Trojan horse,” giving Beijing the ability to spy on port traffic and even “halt” commerce at U.S. seaports.
It follows questions from congressional and Senate leaders in the spring surrounding the use of communication equipment discovered on Chinese-manufactured cranes.
The report detailed the rising threat to the U.S. maritime supply chain and national security posed by Chinese-made equipment that could be accessed by Beijing’s military.
The CCP mandates that Chinese companies cooperate with state intelligence agencies.
A joint statement about the report from Reps. John Moolenaar (R-Mich.), Mark Green (R-Tenn.), and Carlos Gimenez (R-Fla.) said the United States was risking its economic security for short-term financial gain by purchasing Chinese equipment for U.S. infrastructure.
“We have given the CCP the ability to track the movement of goods through our ports or even halt port activity at the drop of a hat,” they stated.
“Amid China’s aggression in the Indo-Pacific, our greatest geopolitical adversary could wield this power to influence global military and commercial activity in the event of escalation.”
The U.S. maritime sector is “dangerously reliant” on equipment and technology that has been manufactured and assembled in China, such as ship-to-shore cranes and container handling equipment, according to the report.
With financial support from Beijing, state-controlled Shanghai Zhenhua Heavy Industry Co. (ZPMC) dominates the global maritime equipment and technology market, the report said.
“Those container cranes are not cranes,” Col. Mills said. “They’re IP endpoints on a worldwide intelligence collection system.”
The report also noted that Chinese state-owned enterprises, including ZPMC, have made concerted efforts to increase their influence through underpricing equipment and technology, making it more attractive than their competitors.
The report found concerns with ZPMC, which has publicly denied being a cybersecurity threat to the United States.
One problem noted in the document was that ZPMC or its contractors installed cellular modems onto cranes that are currently operational at certain U.S. ports. No contract to install these modems exists.
ZPMC has repeatedly requested remote access to its cranes operating at U.S. ports, with a particular focus on those located on the West Coast, the report said.
That could give China’s military access to the cranes.
Another issue is that ZPMC’s contract requires that all non-ZPMC crane components be shipped to “Changxing Base” in China by third-party companies, such as Sweden, Germany, and Japan.
There, they are installed by ZPMC engineers without oversight from the original manufacturer, raising red flags, according to the report.
The installation of components takes place at or near the Jiangnan Shipyard, where the People’s Liberation Army Navy builds its most advanced warships and houses its intelligence agencies, it noted.
Another potential problem was that contracts between ZPMC and U.S. ports do not contain provisions prohibiting or limiting unauthorized modifications or access to equipment and technology bound for U.S. ports.
The report recommended quick action on removing or disassembling any connection to cellular modems on Chinese-made cranes.
It called for the Department of Homeland Security (DHS) to issue guidance to all U.S. ports using ZPMC cranes to install operational technology monitoring software.
The report also stated that the United States should help provide cybersecurity and port security to Guam, a strategic U.S. ally in the Pacific.
Midterm goals outlined in the report include congressional action to allocate grant money to ports to offset the cost of buying more expensive cranes made by non-adversarial nations.
The United States does not manufacture its own maritime cranes and container equipment, leaving it vulnerable. Manufacturing cranes in America should be a long-term goal, the report stated.
Potential military threats to U.S. seaports stemming from China came to light in February 2021.
The report, citing media accounts, noted that the FBI discovered intelligence-gathering equipment on Chinese cargo cranes that arrived at the Port of Baltimore.
That same year, the Defense Intelligence Agency reportedly conducted a classified assessment, finding that Beijing could potentially throttle port traffic or gather intelligence on military equipment being shipped.
In February 2023, the FBI’s Office of the Private Sector issued an advisory highlighting indicators of malicious Chinese activity in the U.S. maritime sector, including unusual visits and unusually low bids or quotes to supply port equipment and services.
Wray said the malware was designed to disrupt and destroy U.S. infrastructure, which would likely be coordinated should a conflict break out between the two nations.
