Are Chinese-made cranes at US ports – including facilities used by the US military - a huge security vulnerability that could be funneling valuable information back to China?

Supply Chain Digest Says...   ZPMC has grown into a major player in the global automated-ports industry, with around 70% global market share, and 80% in the US.     What do you say?   Click here to send us your comments       Click here to see reader feedback

An article last month in the Wall Street Journal said some national-security and Pentagon officials have compared ship-to-shore cranes made by China-based manufacturer ZPMC to a Trojan horse. The Chinese cranes dominant container handling at US ports.

These cranes, which hoist containers on and off ships, “contain sophisticated sensors that can register and track the provenance and destination of containers, prompting concerns that China could capture information about materiel being shipped in or out of the country to support US military operations around the world,” the Journal reported.

Another worry: the cranes could also provide remote access for someone looking to disrupt the flow of goods by turning them off, according to Bill Evanina, a former top US counterintelligence official.

Many are now comparing ZPMC to Huawei Technologies, the Chinese internet communications equipment maker whose gear is nearly completely banned over concerns that it could be used to spy on Americans, using hidden software even experts can’t find on Huawei routers and other products.
Huawei disputes these claims.
The same message is being delivered relative to the suspect cranes.

“A representative of the Chinese Embassy in Washington called the U.S. concerns about the cranes a “paranoia-driven” attempt to obstruct trade and economic cooperation with China,” the Journal reported.

While the cranes certainly could be a threat, no one is really sure if that is the case. To make that determination, the $850 billion defense bill lawmakers passed in December requires the Transportation Department in consultation with the defense secretary and others to produce an unclassified study by the end of this year on whether foreign-manufactured cranes pose cybersecurity or national-security threats at American ports.

That follows analysis in 2021 by the Defense Intelligence Agency that produced a classified assessment that determined found that China could potentially use cranes to throttle port traffic or gather intelligence on military equipment being shipped.

(See More Below)

ZPMC began selling its cranes to US ports some 20 years ago, with good-quality equipment that – of course - was much less expensive than from Western vendors. Since then, the Journal reports, ZPMC has grown into a major player in the global automated-ports industry, with around 70% global market share, and 80% in the US.
There are not any similar cranes made in the US.

The company has also been working with the likes Microsoft and other firms to collect and analyze data from crane operations.

ZPMC can now monitor all its cranes globally in real time at its Shanghai headquarters.

The Chinese cranes are now used at ports Virginia, South Carolina and Maryland that handle some military equipment.

How big is the threat? The Journal quotes Chris Wolski, who formerly ran cybersecurity for the port of Houston, as saying that “It wouldn’t be hard for an attacker to disable one sensor on a crane and prevent the crane from moving. These systems aren’t designed for security, they are designed for operations.”

Worth noting is the fact that software from other companies, such as Swiss industrial giant ABB, can be used instead of that from ZPMC.

What are your thoughts on the risk of Chinese cranes? Let us know your thoughts at the Feedback section below.

Your Comments/Feedback