THE UNITED STATES Committee for Homeland Security has renewed claims the world’s leading ship-to-shore gantry crane manufacturer, Shanghai Zhenhua Port Machinery Company, has equipped container cranes with devices capable of espionage.
In June 2023, the HSC and the House Select Committee on the Strategic Competition between the US and the Chinese Communist Party launched a joint investigation into the cybersecurity risks, foreign intelligence threats, and supply chain vulnerabilities at US ports. The investigation focused on the widespread use of foreign equipment and technology, specifically assessing the risks, threats, and vulnerabilities associated with STS cranes and related components produced, manufactured, assembled, or installed by ZPMC (a state-owned enterprise controlled by the government of the PRC).
In their final report the Committees say the PRC, through its SOEs, has “strategically positioned itself as a dominant force in the global maritime sector, aiming to control key components at ports worldwide including in the US.
“Leveraging access to cheap labour and subsidized steel, PRC SOEs, particularly ZPMC, have sold STS cranes at non-competitive prices, capturing an overwhelming share of the global market. ZPMC is the world’s largest STS crane manufacturer, producing nearly 80% of the STS cranes used at US ports and holding 70% of the global market share,” the committees say, leaving the maritime sector “dangerous reliant” on equipment and technology that has been produced, manufactured, assembled, or installed in the PRC.
The committee noted that while key components of ZPMC cranes come from third party suppliers in Switzerland, Germany and Japan these components are warehoused in the PRC leaving them susceptible to interference.
“This proximity is concerning, and the Committees were further troubled by the discovery of unauthorized cellular modems installed on STS cranes produced in the PRC and bound for US ports. According to sensitive documents reviewed by the Committees, these cellular modems, not requested by US ports or included in contracts, were intended for the collection of usage data on certain equipment. This constitutes a significant backdoor security vulnerability that undermines the integrity of port operations.”
The Committees found that securing US ports and the cranes they rely on will require a comprehensive approach involving short-term, medium-term, and long-term strategies. They have made 12 recommendations starting with the Department of Homeland Security which, through the US Coast Guard, should immediately issue guidance to all US ports to disassemble any connections of ZPMC cranes to cellular modems or any other method of connection to ZPMC, absent an existing contractual obligation.
All major container ports in Australia use ZPMC equipment.