Chinese cargo cranes used at U.S. seaports around the country have embedded technology that could allow Beijing to covertly gain access to the machines, making them vulnerable to espionage and disruption, according to a yearlong congressional investigation.
The probe, conducted jointly by the Republican majorities of the House Homeland Security Committee and Select Committee on the Chinese Communist Party, found that the China-based manufacturer of the cranes, ZPMC, had at times pressured port operators to allow the companyto maintain remote access.
“Some ports insist on securing their assets, but many cave to the pressure,” the report said, adding that ZPMC had shown particular interest in requesting remote access to its cranes located on the West Coast. Pushing back on ZPMC’s requests, it said, is “difficult for customers who are looking to get the lowest price or guarantee a robust warranty policy.”
Though ostensibly done for diagnostic and maintenance purposes, the committees said the cellular modems built into the cranes could potentially allow access by the Chinese government due to the country’s national-security laws that mandate companies cooperate with state intelligence agencies. In some cases, the investigation uncovered instances where cranescame with cellular modemsinstalled without the knowledge of port authorities and done so beyond the scope of contracts with ZPMC.
The modems, the report said, “created an obscure method to collect information, and bypass firewalls in a manner that could potentially disrupt port operations.”
It isn’t unusual for modems to be installed on cranes or manufacturing equipment to capture data and improve operations. But the prospect of a direct conflict with China over Taiwan or other issues heightens the risks posed to the U.S., the committees said.
The 50-page report was viewed by the Journal ahead of its public release Thursday. Lawmakers received documents from and conducted interviews with a range of federal security agencies. It contains a classified annex that wasn’t disclosed.
The findings in the report showcase “the terrifying potential” of the Chinese Communist Party to “cripple U.S. critical infrastructure,” said Rep.Mark Green(R., Tenn.), chairman of the House Homeland Security Committee.
ZPMC didn’t respond to a request for comment. The report said ZPMC corresponded with the congressional committees earlier this year, but later told the panel it couldn’t provide written answers to questions from Congress without first consulting the Chinese government. A U.S. law firm hired by ZPMC later responded to the committees but said Chinese laws required approval from the government in Beijing to directly answer.
In an April letter to the committee staff, ZPMC denied responsibility for installing the cellular modems found on its cranes. “The exact identity of those responsible for installing the modems, while likely ZPMC, remains unclear,” the report said.
China has dismissed U.S. concerns about ZPMC-built cranes as paranoia driven by economic protectionism. The company is a subsidiary ofChina Communications Construction, a leading contractor for Chinese leaderXi Jinping’sBelt and Road initiativeto develop infrastructure and trade links across Asia and Africa.
Asked about the report,Liu Pengyu, the spokesman for the Chinese embassy in Washington, said: “We firmly oppose some politicians from the U.S. side overstretching the concept of national security and abusing national power to obstruct normal economic and trade cooperation between China and the U.S.”
Concerns about ZPMC’s cranes date back years, but only recently have fears among intelligence agencies and national-security officials begun to emerge publicly.
Earlier this year the Biden administration announced it would invest more than $20 billion toreplace foreign-built craneswith U.S.-manufactured ones andslapped 25% tariffson Chinese shipping cranes. The moves followed a Wall Street Journal investigation last year that revealed U.S. national-security fears about ZPMC cranes, which account for roughly 80% of ship-to-shore cranes in use at U.S. ports.
The American Association of Port Authorities has said there have been no known security breaches due to the presence of Chinese cranes at U.S. ports and has said ports work proactively with the Coast Guard and federal law enforcement to mitigate any perceived risks.
Some ports have argued the security fears are overblown because the technology onboard the cranes, including programmable logic controllers and crane guidance systems, is often supplied by non-Chinese companies.
But the congressional investigation found that cranes that relied on software from the Swiss firmABBand other overseas vendors located outside of China still posed supply-chain security risks to American ports. These third-party companies routinely allow “critical internal components” to be shipped to China for installation by ZPMC into their cranes, and in some cases those components remain in China for up to 18 months before a crane is delivered to a port, according to contracts reviewed by the committees.
In a statement, an ABB spokesman said the company supplies standard electrical and automation software and hardware for cranes in ports around the world. “We responded to the committee’s questions with care,” the spokesman said.
WALL STREET JOURNAL