Unexplained Modems Raise Red Flags in Probe of China-Built Cranes at US Ports

National security concerns at U.S. ports are picking up even more steam as Congress investigates potential espionage and disruption risks presented by Chinese-built cargo cranes.

An eight-month probe into the deployment of the cranes at the ports found communications equipment including cellular modems that could be remotely accessed, says the House Committee on Homeland Security and the Select Committee on the Strategic Competition between the United States and the Chinese Communist Party (CCP).

More from Sourcing Journal

More than a dozen cellular modems were found on crane components in use at one U.S. port, and another modem was found inside another port’s server room that houses cranes’ firewall and networking equipment., according to a report from the Wall Street Journal. An unnamed aide of the House Homeland Security Committee told the WSJ some of the modems had active connections to operational components to the cranes.

Cranes can often be controlled remotely, meaning hackers with access to the cranes’ networks could collect intelligence from ports or, in theory, even cause disruptions of equipment.

In a partially redacted December letter to the committee viewed by the WSJ, an unidentified U.S. port operator said that the modems weren’t part of an existing contract, but that the port had been aware of their installations on the cranes and that they were intended for a “mobile diagnostic and monitoring” service the port didn’t enroll in.

“We are unsure who installed the modems as they were on the cranes when we first saw them in China,” the letter to the committee said. The modems, according to the letter, were believed to have been installed around June 2017, when the cranes were manufactured and assembled, and removed in October 2023.

It is unknown what prompted the port to take action on the modems or who did so.

Amid the probe, one Homeland Security trade official said during a subcommittee hearing on Feb. 29 that U.S. ports are relying too heavily on the China-built cranes.

Concerns about the cranes across some officials at the Pentagon and the Biden Administration have persisted throughout 2023, with the Wall Street Journal first reporting on the apprehensions in March last year. The WSJ said at the time that officials compared the cranes, manufactured by Shanghai Zhenhua Heavy Industries (ZPMC), to a Trojan horse, giving Beijing a “possible spying tool hiding in plain sight.”

To address the potential threats, the congressional committees formally launched the joint investigation last June. At the center of the probe are the more than 200 Chinese-made cranes installed at U.S. ports and related facilities.

In total, 80 percent of the ship-to-shore cranes at the ports were manufactured by ZPMC, U.S. officials say.

Last month, the White House earmarked $20 billion to bolster cybersecurity initiatives across the ports, with President Biden signing an executive order directing the U.S. Coast Guard to mandate certain digital security requirements for China-built cranes deployed at strategic ports. Additionally, the Coast Guard will now have the authority to control the movement of vessels that present a known or suspected cyber threat to U.S. maritime infrastructure, and be able to inspect those vessels and facilities that pose a threat to cybersecurity.

In a letter dated Feb. 29, House Homeland Security Chairman Mark Green (R-Tenn.), Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez (R-Fla.), and House Select Committee on the CCP Chairman Mike Gallagher (R-Wisc.) demanded ZPMC answer to some of the findings in the joint investigation into the cranes.

The letter said that lawmakers found that many cranes at U.S. ports were built at the ZPMC’s Changxing base, adjacent to a shipyard on Shanghai Island where the Chinese navy builds advanced warships. It also said lawmakers had learned from briefings with ports and U.S. law-enforcement agencies that ZPMC had repeatedly made requests for remote access to U.S.-based cranes and other maritime infrastructure.

“The Committees have serious concerns that this proximity to the [Chinese navy’s] main shipyard provides malicious CCP entities, including its intelligence agencies and security services, with ample opportunity to modify U.S.-bound maritime equipment, exploit it to malfunction, or otherwise facilitate cyber espionage thereby compromising U.S. maritime critical infrastructure,” the letter said.

One trade association has cautioned against pointing any fingers at the Chinese government or any state-owned companies just yet. The American Association of Port Authorities (AAPA) has said there have been no known security breaches due to the presence of Chinese cranes at U.S. ports.

The committees acknowledge the AAPA’s March 2023 comments of calling media reports on the cranes “alarmist” in their letter, but retorted that the “committees have found otherwise” with regards to the potential security threat.

Additionally, the committees shared concern that ZPMC has benefited from extensive subsidies which from the Chinese government “have facilitated its dominant market position.”

“ZPMC’s 2022 Annual Report reveals that the company is the recipient of large PRC government subsidies, amounting to tens of millions of dollars,” the letter said. “As a result of the PRC’s economic support, ZPMC can submit unusually low bids for U.S. port contracts, furthering the CCP’s economic influence within the U.S. maritime sector. Our nation’s dependence on PRC state-owned enterprises, including ZPMC’s port equipment, for international trade, and the lack of sufficient domestic industrial alternatives, introduces significant risk of future exploitation by the CCP, putting the American people in potential danger in future national emergencies.”