Homeland Security Committee Members Conducts Oversight on Threats Posed by Chinese-Manufactured Cranes at U.S. Maritime Ports

April 5, 2023
Press Release

WASHINGTON, D.C. – This week, Congressman Andrew R. Garbarino (R-NY-02), Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection Chairman, joined with Homeland Security Chairman Mark E. Green, MD (R-TN), Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez (R-FL), and Subcommittee on Oversight, Investigations, and Accountability Chairman Dan Bishop (R-NC) to send a letter to Department of Homeland Security (DHS) Secretary Alejandro Mayorkas, demanding answers on the cybersecurity threats posed to business, military, and industrial operations by Chinese-manufactured cranes operating at U.S. ports.

In the letter, the Members wrote in part, “We write today to express our concern about existing vulnerabilities at our nation’s maritime ports. We are particularly concerned about technology employed by Chinese-manufactured cranes operating in U.S. ports, which significantly increases the cybersecurity risk to business operations systems and terminal industrial control systems. To address these concerns, the Committee on Homeland Security is conducting oversight of vulnerabilities in our nation’s maritime ports and the Department of Homeland Security’s (DHS) resilience strategies to address them. As you know, DHS is the lead federal agency responsible for our nation’s maritime port security and cybersecurity. America’s supply chain and economic security are largely dependent on maritime ports, which help facilitate $5.4 trillion worth of commercial and military goods, annually.”

The letter continues, [I]f an adversary exploits the operational technology (OT) system of these cranes, port operations could completely shut down, suspending all commercial activity which would also disrupt our nation’s military and commercial supply chains.  According to a former top U.S. counterintelligence official, ‘[c]ranes can be the new Huawei.’ Any potential port shut down could create catastrophic economic and security consequences. These vulnerabilities could provide opportunities to near-peer nation-state adversaries, such as China, to cripple our economy from behind a computer screen.”
 
To assist the Committee in its oversight of DHS’s maritime port security efforts, please schedule a briefing to Committee staff on maritime port security with a focus on maritime port cybersecurity as well as the vulnerabilities ZPMC’s cranes in U.S. ports may pose, as soon as possible,” the letter concludes. 

Ship-to-shore cranes play a critical role in maritime port operations and U.S. commercial and military supply chains. As reported in the Wall Street Journal, roughly 80 percent of cranes used at U.S. ports are manufactured by the Chinese company Shanghai Zhenhua Heavy Industries Co. (ZPMC), a subsidiary of China Communications Construction Co. These cranes contain technology that allows the company to remotely monitor “in real time” the movement of these cranes and the shipping containers they transport, access that could provide the Chinese Communist Party with valuable information on American critical infrastructure. Just last month, the U.S. intelligence community warned in its annual threat assessment that China represents the "most active, and persistent cyber espionage threat to U.S. Government and private-sector networks."

Read the full letter here and below.

 

Dear Secretary Mayorkas:

We write today to express our concern about existing vulnerabilities at our nation’s maritime ports. We are particularly concerned about technology employed by Chinese- manufactured cranes operating in U.S. ports, which significantly increases the cybersecurity risk to business operations systems and terminal industrial control systems.

To address these concerns, the Committee on Homeland Security is conducting oversight of vulnerabilities in our nation’s maritime ports and the Department of Homeland Security’s (DHS) resilience strategies to address them. As you know, DHS is the lead federal agency responsible for our nation’s maritime port security and cybersecurity. America’s supply chain and economic security are largely dependent on maritime ports, which help facilitate $5.4 trillion worth of commercial and military goods, annually.

Maritime port security is vital to our national security. On November 30, 2022, a bicameral group of Members sent a letter to President Biden urging action and decisive response to the threats posed by China at our nation’s ports. We renew that call. Among other issues, we find troubling that Chinese-made cranes manufactured by Shanghai Zhenhua Heavy Industries Co., also known as ZPMC, are utilized in 80 percent of U.S. ports.

As described recently in the Wall Street Journal, these cranes “contain sophisticated sensors that can register and track the provenance and destination of containers, prompting concerns that China could capture information about materiel being shipped in or out of the country to support U.S. military operations around the world.” If this report is correct, data collection of military shipments and visibility into our nation’s defense industrial base presents an enormous threat to our military strategic competitive advantages.

Even more concerning, the parent company of ZPMC, China Communications Construction Co. (CCCC), is a leading Belt and Road Initiative contractor with close ties to the People’s Liberation Army (PLA) and participates in military civil fusion. In July 2018, the CCCC’s “military-civilian fusion office signed a ‘strategic cooperation’ agreement with the PLA’s Naval Logistics Academy, pledging to collaborate on matters related to the development of maritime defense projects, theoretical research and big-data, among other areas.” ZPMC’s relationship with CCCC is disconcerting, especially given the prevalence of ZPMC cranes in U.S. ports.

Furthermore, if an adversary exploits the operational technology (OT) system of these cranes, port operations could completely shut down, suspending all commercial activity which would also disrupt our nation’s military and commercial supply chains. According to a former top U.S. counterintelligence official, “[c]ranes can be the new Huawei.” Any potential port shut down could create catastrophic economic and security consequences. These vulnerabilities could provide opportunities to near-peer nation-state adversaries, such as China, to cripple our economy from behind a computer screen.

To assist the Committee in its oversight of DHS’s maritime port security efforts, please schedule a briefing to Committee staff on maritime port security with a focus on maritime port cybersecurity as well as the vulnerabilities ZPMC’s cranes in U.S. ports may pose, as soon as possible, but no later than 5:00 p.m. on April 14, 2023. In addition, please provide the following documents and information as soon as possible, but no later than 5:00 p.m. on April 17, 2023:

  1. All documents and communications referring or relating to security vulnerabilities ZPMC or other foreign-manufactured cranes employed at U.S. ports pose to U.S. maritime ports from January 1, 2000 to the present;

  1. Documents sufficient to show the risk assessment and emergency preparedness measures in place by sector risk management agencies (SRMAs) as directed by the FY21 National Defense Authorization Act for the Transportation System Sector, specifically as it relates to the maritime transportation sector;

  1. Documents sufficient to show the United States Coast Guard’s (USCG) Maritime Cyber Readiness Branch (MCRB) standard operating procedures to assess, address, and mitigate cybersecurity risks to maritime ports;

  1. Documents sufficient to show how DHS, including the USCG, engages with the maritime port industry, including private companies, about cybersecurity threats;

  1. A document sufficient to show the percentage of private maritime transportation companies that voluntarily report cybersecurity incidents to DHS;

  1. A document sufficient to show the average response time of DHS, including the Cybersecurity and Infrastructure Security Agency (CISA) and USCG, for reported maritime port cybersecurity incidents; and

  1. Documents sufficient to show which private companies received Federal Emergency Management Agency (FEMA) Port Security Grant program funding for FY20, FY21, FY22, and FY23 and how awardees utilized grant dollars for those fiscal years.

To the maximum extent possible, provide unclassified responses to these requests. Any classified information provided in response to this letter should be provided under separate cover. An attachment contains instructions for responding to this request.

Please contact the Committee on Homeland Security Majority staff at (202) 226-8417 with any questions about this request.

Per House Rule X, the Committee on Homeland Security is the principal committee of jurisdiction for overall homeland security policy, and has special oversight functions of “all Government activities relating to homeland security, including the interaction of all departments and agencies with the Department of Homeland Security.”

Thank you for your prompt attention to this important matter.

Sincerely,

###

Issues: China National Security

Office Locations

Washington DC Office
2344 Rayburn House Office Building
Washington, DC  20515
Phone: (202) 225-7896
Fax: (202) 226-2279
Patchogue District Office
31 Oak Street Suite 20
Patchogue, NY  11772
Phone: (631) 541-4225