World’s largest crane manufacturer faces Congressional investigation over Chinese access to U.S. critical infrastructure

House Homeland Security Committee leaders sent a letter to the global crane manufacturer Shanghai Zhenhua Heavy Industries (ZPMC) this week following a joint investigation that found communication equipment on Chinese-made cranes used at American ports.

“Over the course of our eight-month joint investigation, the Committees engaged with several U.S. maritime ports and U.S. federal law enforcement agencies, requesting documents and information through public and non-public oversight inquiries,” the lawmakers wrote. “Analysis of this material has led us to conclude that ZPMC installed certain components onto U.S.-bound STS cranes and onshore maritime infrastructure that are outside of any existing contract between ZPMC and U.S. maritime ports. These components do not appear in any way to contribute to the operation of the STS cranes or onshore infrastructure, raising significant questions as to their intended applications. However, this is not the first reported instance of ZPMC’s apparent misconduct. In 2021, the Federal Bureau of Investigation (FBI) discovered intelligence gathering equipment on board a vessel delivering ZPMC cranes to the Port of Baltimore.”

This equipment consisted of cellular modems capable of remote communication. In poring over details of contracts between U.S. ports and the Chinese crane maker, House lawmakers found that the equipment lacked documentation. More than 200 such cranes are installed at U.S. ports and related facilities, and just last month, the U.S. Coast Guard ordered ports to better secure the cranes against exploitation by hackers and other security risks.

In February, the Cybersecurity and Infrastructure Security Agency (CISA) and federal colleagues published a report detailing how China-linked hackers have maintained access to U.S. critical infrastructure for years. Under that fog, the new allegations are likely to raise tensions. Fearing surveillance or sabotage, the House leaders – including Chairman Mike Gallagher (R-WI) of the House Select Committee on the Chinese Communist Party, House Homeland Security Chairman Mark Green (R-TN), and Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez (R-FL) – demanded answers from ZPMC.

The committees reported that some U.S. seaport personnel have relayed their belief the modems were potentially for maintenance, monitoring, or the collection of usage data. It is the lack of firm answers that has spurred concern, though. As a result, the lawmakers asked ZPMC to provide details on any Chinese requests made of it regarding U.S.-based maritime equipment, the personnel involved with and details of the company’s involvement with multiple PRC entities, communications with the Chinese government, and more.

“ZPMC’s 2022 Annual Report reveals that the company is the recipient of large PRC government subsidies, amounting to tens of millions of dollars,” the lawmakers wrote. “As a result of the PRC’s economic support, ZPMC can submit unusually low bids for U.S. port contracts, furthering the CCP’s economic influence within the U.S. maritime sector. Our nation’s dependence on PRC state-owned enterprises, including ZPMC’s port equipment, for international trade, and the lack of sufficient domestic industrial alternatives, introduces significant risk of future exploitation by the CCP, putting the American people in potential danger in future national emergencies.”

In response, ZPMC announced that it would abide by applicable laws, regulations, and regulatory requirements, and emphasized that its cranes pose no cybersecurity risk to any port.

“ZPMC takes the US concerns seriously and believes that these reports can easily mislead the public without sufficient factual review,” the company said.

In recent years, exchanged accusations of cyberattacks and industrial espionage have become increasingly common between China and the United States, as the economic giants struggle to overcome one another.