In recent years, U.S. national-security officials have pointed to a range of equipment manufactured in China that could facilitate either surveillance or disruptions in the U.S., including baggage-screening systems and electrical transformers, as well as broader concerns about China’s growing control of ports around the world through strategic investments. China makes almost all of the world’s new shipping containers and controls a shipping-data service. In that context, the giant ship-to-shore cranes have drawn new attention. The $850 billion defense policy bill lawmakers passed in December requires the Transportation Department’s maritime administrator, in consultation with the defense secretary and others, to produce an unclassified study by the end of this year on whether foreign-manufactured cranes pose cybersecurity or national-security threats at American ports.
ZPMC cranes entered the U.S. market around two decades ago, offering what industry executives described as good-quality cranes that were significantly cheaper than Western suppliers. In recent years, ZPMC has grown into a major player in the global automated-ports industry, working with Microsoft Corp. and others to connect equipment and analyze data in real time…Today, ZPMC says it controls around 70% of the global market for cranes and has sold its equipment in more than 100 countries. A U.S. official said the company makes nearly 80% of the ship-to-shore cranes in use at U.S. ports…
The huge cranes are generally delivered to U.S. ports fully assembled on ships and are operated through Chinese-made software. In some cases, U.S. officials said, they are supported by Chinese nationals working on two-year U.S. visas, factors they described as potential avenues through which intelligence could be collected…Early in the Trump administration, officials in the National Security Council’s strategic planning office came to consider cranes as a unique point of interest, said Sean Plankey, a former cybersecurity official who was involved in those discussions. “Where would someone attack first and how would they do it?” he asked, characterizing the discussion. He said the officials determined that if Beijing’s military could access the cranes, they could potentially shut down U.S. ports without drawing on their navy.
A National Maritime Cybersecurity Plan, released in December 2020, found that no single U.S. agency had responsibility for maritime network security, leaving port directors without enforceable standards on cybersecurity and generally free to buy equipment from any vendor.
Excerpts from Aruna Viswanatha, Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools, WSJ, Mar. 6, 2023.