The lawmakers say that numerous modems with no known function were uncovered from ship-to-shore (STS) cranes, which are used to unload cargo at the nation’s largest ports.
All of the cranes in question were manufactured by Shanghai Zhenhua Heavy Industries (ZPMC), a subsidiary of the state-owned China Communications Construction Co.
Relatedly, the lawmakers noted that ZPMC’s manufacturing facility is located adjacent to China’s most advanced ship-making facility, where the regime builds its aircraft carriers and houses advanced intelligence capabilities.
In a letter (pdf) addressed to the president and chairman of ZPMC, the lawmakers demand to know the purpose of the cellular modems discovered on crane components and in a U.S. seaport’s server room that houses firewall and networking equipment.
“These components do not contribute to the operation of the STS cranes or maritime infrastructure and are not part of any existing contract between ZPMC and the receiving U.S. maritime port,” the letter said.
“The Committees have serious concerns that this proximity to the [Chinese military’s] main shipyard provides malicious CCP [Chinese Communist Party] entities, including its intelligence agencies and security services, with ample opportunity to modify U.S.-bound maritime equipment, exploit it to malfunction, or otherwise facilitate cyber espionage thereby compromising U.S. maritime critical infrastructure.”
U.S. Coast Guard Rear Adm. John Vann, who leads the Coast Guard’s Cyber Command, told reporters last month that there were over 200 China-manufactured cranes operating across U.S. ports and regulated facilities.
At that time, Coast Guard cyber protection teams had assessed the cybersecurity or hunted for threats on 92 of those cranes, he said.
The discovery comes amid an ongoing congressional investigation into the operation of cranes manufactured in China and operating at U.S. ports.
Though the investigation is still ongoing, the committees identified serious concerns regarding ZPMC’s relationship with the CCP, particularly given the recent discovery of Chinese malware on vital infrastructure related to the port system.
As part of another cybersecurity investigation, some of the modems in question were also found to have active connections to the operational components of the STS cranes, suggesting they could be remotely controlled by a device no one previously knew was there.
Speaking to reporters last month, White House Deputy National Security Adviser Anne Neuberger said the cranes were designed to be serviceable from a remote location, which leaves them open to such exploitation.
“By design, these cranes may be controlled, serviced, and programmed from remote locations,” Ms. Neuberger said. “These features potentially leave [China]-manufactured cranes vulnerable to exploitation.
As such, the letter suggests that every U.S. seaport with ZPMC cranes could already be, or is at risk of being, compromised by the CCP.
Retired Army Col. John Mills told The Epoch Times that the cranes were effectively an extension of the CCP’s global cybercrime operation, which could be used during an invasion of Taiwan to sow chaos in the United States.
“Those container cranes are not cranes,” Mr. Mills said. “They’re IP endpoints on a worldwide intelligence collection system.”
To that end, he said that the cranes’ operational and safety features could likely be overridden remotely. This would allow the CCP to potentially trick one of the giant cranes into shifting its counterbalance in such a way that would cause it to crash into ships or containers in the nation’s busiest ports.
Complicating the issue all the more, he said, was the fact that the niche nature of the cargo cranes and their programming means it is unlikely a tailored cyber response to secure the systems will be created anytime soon.
To counter the threat in the long term, he added, the United States would need to ensure that it manufactured such vital equipment in its own territory.
“As things play out, they’re [the CCP] going to start initiating the hitting of target sets in cyber. The port cranes are a perfect example,” Mr. Mills said.
“This is the importance of making things here. If you want to reduce the Chinese threat, start making things here.”
What if the modem sabotaged the crane into falling into the water?