Ports Provide Context Refuting Overblown Reports of “Chinese Spy Cranes"

Chinese cargo cranes
China's ZMPC builds the cranes and ships them fulyl assembled for installation at the ports (PortHouston file photo)

Published Mar 8, 2024 5:07 PM by The Maritime Executive

The American Association of Port Authorities (AAPA), the more than 100-year-old trade association representing port leaders, is speaking out on the media reports about Chinese “spy cranes” and in response to the media reports after the recent hearing by the U.S. House of Representative’s Homeland Security Committee. The organization says there needs to be “more context” on the story so that the public knows the reality of the situation.

“Coast Guard Rear Admiral John Vann recently testified under oath that there have been no known security breaches involving port equipment,” stated Cary Davis, American Association of Port Authorities President and CEO. “Our ports proactively work with the U.S. Coast Guard, other federal law enforcement, and private sector experts to mitigate risks through inspections and defensive measures.”

AAPA is responding after the wide media coverage first reported by The Wall Street Journal that said a pattern of “suspicious devices” had been discovered on the installations on the Chinese-built STS cranes. The U.S. Coast Guard revealed last month that it was assessing 200 cranes for cybersecurity vulnerabilities. Vann told reporters in February that by design the cranes and software have remote programming capabilities and tracking devices built into their systems which he contended are “vulnerable to exploitation.”

The trade group is highlighting that while speaking at Homeland Security Committee on February 29, Vann however also said “What we have not found is instances…of malware or a trojan horse type software.” The group says that there are extensive efforts to monitor potential threats with a strong focus on cyber defense and domain awareness.

When the issue first surfaced in the media in March 2023, AAP called the stories “alarmist media reporting.” They said at the time, all the efforts at examining the cranes and the software employed showed no evidence of the accusations, saying simply “There’s no smoke in this story,” referring to the lack of a smoking gun.

The group called attention to the lack of U.S. manufacturing capabilities for cranes highlighting that China has subsidized crane manufacturing in a way that makes its cranes half the cost of the competition. Chinese manufacturer ZMPC is reported to have between 70 and 80 percent of the market worldwide for the large cranes used to move containers on and off boxships.

“Without reshoring our domestic manufacturing capacity, legislative proposals to hastily remove cranes from U.S. ports without immediate replacements would harm U.S. supply chains, jack up prices for everyone, and exacerbate inflation even further,” AAPA warned in March 2023.

The politically charged issue was picked up by the Biden administration which in February launched an Executive Order saying, “Every day malicious cyber actors attempt to gain unauthorized access to the Marine Transportation System’s control systems and networks.” The administration ordered the US Coast Guard to develop a mandatory cybersecurity bulletin and made reporting cybersecurity events mandatory for ports.

They also used the issue as part of the broader effort to reinvigorate domestic manufacturing. The administration announced that after an absence of more than 30 years, a U.S.-based subsidiary of Japan’s Mitsui E&S Co. is planning to relaunch a U.S. manufacturing capability for cranes.

The Chinese responded after the Biden Executive Order was announced saying the premise of the initiative of port cybersecurity and the focus on Chinese-manufactured cranes was “entirely paranoia.” Chinese officials criticize the U.S. for not understanding China calling the repeated use of the “China card” by the U.S. “irresponsible.”