ZPMC denies cybersecurity threats to U.S. ports

China’s crane manufacturer Shanghai Zhenhua Heavy Industries (ZPMC) responded on Monday to safety concerns raised by U.S. congressional committees, asserting that its cranes do not pose a cybersecurity threat.

At the end of February, the U.S. congressional committee sent a letter to ZPMC seeking answers regarding their cranes and the cybersecurity they might pose for U.S. ports.

Fears have been raised that since the cranes can be remotely controlled they can be exploited for surveillance.

“The letter details concerns related to cellular modems discovered on ship-to-shore (STS) crane components at a U.S. seaport and a cellular modem discovered in another U.S. seaport’s server room that houses STS cranes’ firewall and networking equipment. As part of another cybersecurity investigation, some of these modems were found to have active connections to the operational components of the STS cranes,” the committee said.

Specifically, following an investigation into the relationship between ZPMC and ABB, the committee claims that security vulnerability was “created by the installation of ABB equipment and technology by ZPMC engineers in China onto U.S.-bound ship-to-shore cranes.”

“Zhenhua Heavy Industries takes the concerns of the U.S. seriously and believes that these reports can easily mislead the public without a thorough examination of the facts. The cranes provided by Zhenhua Heavy Industries do not pose a cybersecurity risk to any ports. The company has consistently adhered to relevant national and regional laws and regulations and conducts its operations in compliance with the law,” the company said in a stock exchange filing.

The House of Representatives’ security panels had invited ABB executives to public hearings in January 2024 to clarify their relationship with ZPMC, citing “significant concerns” about the potential cybersecurity implications of the collaboration.

The committees asked that ABB provide documents and information explaining its commercial relationship with ZPMC and produce documents and information to describe ABB’s work with U.S. government agencies involved in defense, intelligence, and other elements of U.S. national security.

In response to the allegations, ZPMC pointed out that the cranes it supplies are utilized in ports worldwide, including the United States, and that they strictly adhere to international standards and applicable laws and regulations.

During a recent congressional hearing, the U.S. Coast Guard reported that after inspecting over 200 cranes manufactured in China, no vulnerabilities were found.

However, there is a rising concern that the U.S. is too reliant on Chinese crane manufacturers, with estimates suggesting that over 80% of cranes operating at U.S. ports were produced in China.

Over the past 18 months, the Biden administration has been investing efforts to bolster domestic crane production, driven by growing political concerns over cybersecurity risks associated with Chinese cranes affecting U.S. port infrastructure.

Simultaneously, measures implemented by the U.S. government have also made it more difficult for ZPMC to secure business in the U.S.

Nevertheless, it is believed that U.S.-built STS cranes are likely to be more expensive, and their production is expected to take much longer than those from ZPMC.