The joint congressional report recommends that all U.S. ports immediately disable and remove any modems found on cranes.
A congressional investigation found that technology embedded in Chinese cargo cranes used in the United States could serve as a “Trojan horse,” giving Beijing the ability to spy on port traffic and even “halt” commerce at U.S. seaports.
The 52-page report, released on Sept. 12, was a joint venture between the Republican-controlled House Homeland Security Committee and the Select Committee on the Chinese Communist Party.
It follows questions from congressional and Senate leaders in the spring surrounding the use of communication equipment discovered on Chinese-manufactured cranes.
The report detailed the rising threat to the U.S. maritime supply chain and national security posed by Chinese-made equipment that could be accessed by Beijing’s military.
The Chinese Communist Party (CCP) mandates that Chinese companies cooperate with state intelligence agencies.
A joint statement about the report from Reps. John Moolenaar (R-Mich.), Mark Green (R-Tenn.), and Carlos Gimenez (R-Fla.) said the United States was risking its economic security for short-term financial gain by purchasing Chinese equipment for U.S. infrastructure.
“We have given the CCP the ability to track the movement of goods through our ports or even halt port activity at the drop of a hat,” they stated. “Amid China’s aggression in the Indo-Pacific, our greatest geopolitical adversary could wield this power to influence global military and commercial activity in the event of escalation.”
The U.S. maritime sector is “dangerously reliant” on equipment and technology that has been manufactured and assembled in China, such as ship-to-shore cranes and container handling equipment, according to the report.
With financial support from Beijing, state-controlled Shanghai Zhenhua Heavy Industry Co. (ZPMC) dominates the global maritime equipment and technology market, according to the report.
Retired Army Col. John Mills previously told The Epoch Times that the cranes are believed to be an extension of the CCP’s global cybercrime operation, which could be used to disrupt U.S. ports during an invasion of Taiwan.
“Those container cranes are not cranes,” Mills said. “They’re IP endpoints on a worldwide intelligence collection system.”
The report also noted that Chinese state-owned enterprises, including ZPMC, have made concerted efforts to increase their influence through underpricing equipment and technology, making it more attractive than their competitors’.
Cargo cranes are necessary for the U.S. maritime sector to conduct international trade and military logistical operations during a military conflict.
The report found concerns with ZPMC, which has publicly denied being a cybersecurity threat to the United States.
One problem noted in the document was that ZPMC or its contractors installed cellular modems onto cranes that are currently operational at certain U.S. ports. No contract to install these modems exists.
ZPMC has repeatedly requested remote access to its cranes operating at U.S. ports, with a particular focus on those located on the West Coast, according to the report. That could give China’s military access to the cranes.
“These modems—although not necessary for the operation of the cranes—created an obscure method to collect information,
and bypass firewalls in a manner that could potentially disrupt port operations,” the report reads.
Another issue is that ZPMC’s contract requires that all non-ZPMC crane components be shipped to “Changxing Base” in China by third-party companies, such as Sweden, Germany, and Japan.
There, they are installed by ZPMC engineers without oversight from the original manufacturer, which raises red flags, according to the report.
The installation of components takes place at or near the Jiangnan Shipyard, where the People’s Liberation Army Navy builds its most advanced warships and houses its intelligence agencies, according to the report.
Another potential problem, the report notes, is that contracts between ZPMC and U.S. ports do not contain provisions prohibiting or limiting unauthorized modifications or access to equipment and technology bound for U.S. ports.
The report recommends quick action to remove or disassemble any connection to cellular modems on Chinese-made cranes.
It calls for the Department of Homeland Security to issue guidance to all U.S. ports using ZPMC cranes to install operational technology monitoring software.
“The evidence gathered during our joint investigation indicates that ZPMC could, if desired, serve as a Trojan horse capable of helping the CCP and the PRC military exploit and manipulate U.S. maritime equipment and technology at their request,” the lawmakers wrote in their statement. “This vulnerability in our critical infrastructure has the potential to affect Americans from coast to coast.”
The United States should strengthen cybersecurity and port security in Guam, a strategic U.S. territory in the Pacific, according to the report.
Midterm goals outlined in the report include congressional action to allocate grant money to ports to offset the cost of buying more-expensive cranes made by non-adversarial nations.
The United States does not manufacture its own maritime cranes and container equipment, leaving it vulnerable. Manufacturing cranes in the United States should be a long-term goal, according to the report.
Potential military threats to U.S. seaports stemming from China came to light in February 2021.
The report, citing media accounts, notes that the FBI discovered intelligence-gathering equipment on Chinese cargo cranes that arrived at the Port of Baltimore.
That same year, the Defense Intelligence Agency reportedly conducted a classified assessment and found that Beijing could potentially throttle port traffic or gather intelligence on military equipment being shipped.
In February 2023, the FBI’s Office of the Private Sector issued an advisory highlighting indicators of malicious Chinese activity in the U.S. maritime sector, including unusual visits and unusually low bids or quotes to supply port equipment and services.
In January, FBI Director Christopher Wray said during a congressional hearing that Chinese Volt Typhoon malware embedded in critical infrastructure throughout the United States had been removed.
According to Wray, the malware was designed to disrupt and destroy U.S. infrastructure, which would likely be coordinated should a conflict break out between the two nations.
In February, President Joe Biden issued an executive order allowing the Department of Homeland Security to address maritime cyber threats and establish cybersecurity standards to secure the networks and systems of U.S. ports.
Aaron Pan contributed to this report.