US to invest billions to replace China-made cranes at nation’s ports

The move is part of a set of actions being taken by the administration on Wednesday that is intended to improve maritime cybersecurity. They include a U.S. Coast Guard security directive to mandate certain digital security requirements for currently deployed foreign-built cranes at strategic seaports, as well as an executive order by President Biden setting baseline cybersecurity standards for computer networks that operate U.S. ports.

Administration officials said more than $20 billion would be invested in port security, including domestic cargo crane production, over the next five years. The money, tapped from the $1 trillion bipartisan infrastructure bill passed in 2021, would support a U.S. subsidiary of Mitsui, a Japanese company, to produce the cranes, which officials said would be the first time in 30 years they would be built domestically.

“We felt there was real strategic risk here,” Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technology, said in an interview. “These cranes, because they are essentially moving the large-scale containers in and out of port, if they were encrypted in a criminal attack, or rented or operated by an adversary, that could have real impact on our economy’s movement of goods and our military’s movement of goods through ports.”

China has previously dismissed U.S. concerns about Beijing-backed cyber threats, including cranes, as “paranoia-driven.”

The Biden administration’s actions follow a Wall Street Journal investigation last year that revealed U.S. fears that giant cranes made by a Chinese, state-owned company in use at a number of U.S. ports could present an espionage and disruption risk. Cranes at some ports used by the U.S. military were flagged as surveillance threats. Officials also raised the concern that the software on the cranes could be manipulated by the Chinese to impede American shipping or worse, temporarily disrupt the operation of the crane.

“By design these cranes may be controlled, serviced and programmed from remote locations,” said Rear Adm. John Vann, who leads the Coast Guard cyber command, during a press briefing. “These features potentially leave PRC-manufactured cranes vulnerable to exploitation,” he said, referring to the People’s Republic of China.

There has been a surge of warnings from top U.S. officials, including Federal Bureau of Investigation Director Christopher Wray, regarding the potential threat to American lives posed by the infiltration of the nation’s critical infrastructure by Chinese hackers, which could allow them to detonate crippling cyberattacks in the event of a conflict over Taiwan or another flashpoint.

While comparably well-made and inexpensive, the cranes, manufactured by the China-based manufacturer ZPMC, contain sophisticated sensors that can register and track the origin and destination of containers, prompting concerns that China could capture information about the shipment of materiel in or out of the country to support U.S. military operations around the world. They account for nearly 80% of ship-to-shore cranes in use at U.S. ports, officials said.

U.S. officials so far have declined to say whether the Chinese have used the cranes for malfeasance.

Write to Dustin Volz at [email protected] and Gordon Lubold at [email protected]