During the “China Week” in the United States House of Representatives, where a series of bills related to China were intensively passed, three chairmen of committees in the House of Representatives released a joint investigative report, revealing that Chinese-made cranes have taken over U.S. ports, posing an increasing threat to the U.S. economy and national security.
On September 12, John Moolenaar, Chairman of the House Committee on China, Mark E. Green, Chairman of the Committee on Homeland Security, and Carlos Gimenez, Chairman of the Subcommittee on Transportation and Maritime Security, announced a 51-page joint investigative report. The report exposed that Zhenhua Heavy Industries, a subsidiary of the Chinese state-owned enterprise China Communications Construction Company (CCCC), which produces cranes, poses a threat to the U.S. economy and national security, and this threat is growing.
According to the report, Shanghai Zhenhua Heavy Industries has been strategically dominating the global market for port cranes and, as a dominant force in maritime infrastructure, has been posing significant cybersecurity and national security risks to the United States and its allies. Zhenhua Heavy Industries currently controls nearly 80% of the port crane business in the United States.
The three congressmen stated in their announcement that evidence collected during the joint investigation indicated that if Zhenhua Heavy Industries has the intention, it could act as a Trojan horse and, at the request of the Chinese Communist Party and the military, help leverage and manipulate U.S. maritime equipment and technology. They particularly pointed out that there may be such risks in critical infrastructure across the United States, from the East Coast to the West Coast.
The investigation found that cranes were installed with covert modems by ZPMC without the knowledge of the port authorities. These modems “created a covert information collection method and potentially bypassed firewalls in a way that could disrupt port operations.” The installation of these modems exceeded the scope of the contracts between the ports and ZPMC.
The built-in modems in the cranes, ostensibly for diagnostic and maintenance purposes, could also grant the Chinese government access. This is due to the requirements of China’s National Security Law, which mandate cooperation between Chinese citizens, companies, and the Chinese intelligence agencies.
Earlier this year, ZPMC communicated with U.S. congressional committees regarding related investigations. However, ZPMC later stated that it could not respond to questions from the U.S. Congress in writing without consulting the Chinese government first. Subsequently, a U.S. law firm hired by the company replied that answering questions would require approval from the Chinese government as per Chinese law.
The report authored by the three congressmen also proposes strategies to mitigate security risks, promote safer global maritime infrastructure development, and they believe the United States can lead in this process.
Earlier this year, the U.S. House Homeland Security Committee and other institutions publicized that Chinese-made cranes at U.S. ports were equipped with communication devices unrelated to mechanical operations. One port authority last December wrote to members of Congress, acknowledging the situation, but could not explain the need for those communication devices.
At that time, Mark Green, Chairman of the U.S. House Homeland Security Committee, pointed out that the Chinese government is seeking any opportunity to gather valuable intelligence to systematically infiltrate critical U.S. infrastructure, including maritime facilities. He warned that the United States has apparently long overlooked this threat.
On February 23, the U.S. Coast Guard issued a Maritime Cybersecurity Directive, implementing a network risk management plan for Chinese-made port cranes, requiring owners and operators of these cranes to immediately contact local Coast Guard captains or regional commanders for a copy of the directive.
Due to the sensitivity of the newly issued directive containing security information, the Coast Guard did not make detailed information public.
Rear Admiral John Vann, Commander of the Coast Guard Cyber Command, stated that his cybersecurity team examined 92 of the over 200 Chinese-made cranes at U.S. ports. However, he did not disclose whether China had utilized these cranes for intelligence collection activities so far.
On February 21, the Biden administration signed an executive order authorizing the Department of Homeland Security and the Coast Guard to address related cybersecurity threats and announced an investment of over $20 billion over five years to replace foreign-made cranes with domestically produced cranes. This funding will also support an American subsidiary of Mitsui & Co. in crane production for the first time in 30 years.
Admiral Vann explained that President Biden’s executive order grants explicit authority to Coast Guard captains at U.S. ports to take action in response to cyber threats, including restricting the movement of vessels known or suspected of posing network threats, requiring facilities to rectify any adverse network conditions that may endanger port security, and inspecting vessel or waterfront facility network systems.
According to the official website of Zhenhua Heavy Industries (Group) Co., Ltd. (ZPMC), the company is a manufacturer of heavy equipment and one of the world’s largest manufacturers of heavy industrial equipment. It is a state-owned holding A and B share-listed company. Port machinery, marine engineering, and shipping are its traditional core businesses, and its products have entered 107 countries and regions globally. Its port machinery products have maintained the number one market share in the global industry for over 20 years, adhering to the principle of “dare to be the first, leading the world.”
Chinese-made equipment that poses economic and security threats to U.S. infrastructure is not limited to cranes. Chinese-made equipment used in the U.S. power grid also presents significant security vulnerabilities and has raised high levels of alert in the United States.
On January 31, FBI Director Christopher Wray reported to Congress a grim fact: Chinese hackers are frequently targeting critical U.S. infrastructure such as the power grid, water treatment plants, and transportation systems, preparing to launch attacks on American citizens and communities causing substantial harm at the direction of China.
He warned that China has targeted “our freedoms, pervaded our homeland, covering the U.S., silencing, coercing, and threatening our citizens and residents.”
On July 18 of last year, the House Energy and Commerce Oversight and Investigations Subcommittee held a hearing, during which testimony from a U.S. power company official indicated that the threat posed by China to the U.S. power grid is increasing. A single cyber attack could plunge military facilities and other sensitive locations into darkness, leading to widespread disruption.
The President of the North American Electric Reliability Corporation stated in written testimony that China’s cyber activities could be one of the most significant and dynamic cyber threats facing critical infrastructure. The complexity of Chinese cyber activities, including utilizing adaptive technology to infiltrate networks, conducting espionage, and more, is continuously evolving.
Paul N. Stockton, a Senior Researcher at the Johns Hopkins University Applied Physics Laboratory, testified that the United States’ reliance on Chinese-produced inverters, critical equipment widely deployed nationwide, could jeopardize grid security.
The House Energy and Commerce Oversight and Investigations Subcommittee stated that physical attacks and deliberate disruptions experienced by the U.S. power grid in 2022 increased by 77%, with threats from cyber attacks also on the rise.
In May 2020, a large power transformer exported from China was seized by U.S. federal agencies and sent to Sandia National Laboratories in New Mexico. The transformer, weighing over 500,000 pounds, was manufactured by Jiangsu Huapeng Transformer Co., Ltd.
Experts suspect that the transformer’s electronic equipment may have been secretly implanted with malicious features, allowing adversaries to remotely control it through commands, potentially leading to paralysis. Consequently, the transformer was seized forcefully.
Information regarding the reasons for the seizure and investigation results is currently unclear. However, this unprecedented incident, considered highly unusual in the industry, highlights U.S. government concerns about grid security and actions being taken in response. These transformers could potentially have been installed near critical military bases.
On May 1, 2020, former President Trump signed an executive order aimed at enhancing grid security through trade barriers on large Chinese transformers. The executive order granted the U.S. Energy Secretary the authority to prevent damaged equipment from being installed in the U.S. transmission system.
Following the incident, Jiangsu Huapeng stated that over the past 20 years, the company has sold over 7000 transformers globally, including more than 100 large units to U.S. and Canadian utilities over the past decade.