Chinese-Built Port Cranes May Be Able to Call Home On Their Own

Brand new cranes leave the ZPMC yard aboard a heavy-lift ship (ZPMC file image)
Brand new cranes leave the ZPMC yard, bound for an American port (ZPMC file image)

Published Mar 7, 2024 10:30 PM by The Maritime Executive

The House Homeland Security Committee asserts it has discovered a pattern of suspicious device installations on the Chinese-built STS cranes that dot almost every American container port. The committee's inquiry into Chinese threats to American maritime security claims to have uncovered dozens of cranes with previously-unidentified cellular modems attached to their electronic systems, reports The Wall Street Journal. 

While there are legitimate reasons for industrial systems like cranes to be fitted with their own telecom access points - for example, remote diagnostics data for aftersales support - the purpose of these particular devices is unknown, and they were not documented in any sales contract. The modems appear to have been installed in China, before the cranes' delivery. One port's staff told the Journal that they were not sure what the modems were for; in some cases, these devices connected to the cranes' operating control systems. 

The suspicious hardware is another example of Chinese government efforts to "systematically burrow into America’s critical infrastructure," committee chairman Rep. Mark Green (R-TN) told the WSJ. Green is concerned that this effort is not just intended for spying, but for creating the capability to disrupt American commerce at will. 

The American Association of Port Authorities is responding that there is a focus on cyber defense. They highlight that the U.S. Coast Guard also told the committee during its hearing last month that there were no known security breaches involving port equipment.

One single Chinese manufacturer, ZPMC, holds a dominant position in the global STS crane market. It accounts for about 70 percent of all STS crane installations worldwide, and the percentage is even higher in the United States. ZPMC's heavy-lift delivery ships are a familiar sight whenever an American container terminal expands its quays.

The U.S. Coast Guard's cyber command has previously said that it has found intentional vulnerability points for hackers in the operating systems for these cranes. 

The Biden administration believes that Chinese cranes are such a serious cybersecurity risk that it is willing to invest billions in restoring an American-made replacement option. The last U.S.-based builder of STS cranes exited the business three decades ago, but that firm - a division of Mitsui - is willing to partner with the government and with American manufacturers to restart production. 

The administration has also empowered the U.S. Coast Guard to require vessels and ports to address "cyber conditions that may endanger the safety of a vessel, facility, or harbor." It also implemented a mandatory reporting requirement for cyber incidents along the waterfront. Cybersecurity concerns are also now an explicit justification for controlling a vessel's movement.