Wednesday, April 24, 2024

Chinese cranes getting scrutinized at NC ports

The Biden administration is ordering Wilmington and other key U.S. seaports that own and operate Chinese-made container cranes to make certain their cybersecurity program is in order.

Officials coupled the move to the issuance of a maritime advisory that underscored the need to “verify the integrity and security of on-board crane devices and networks,” have good back-ups and ensure there’s “strong physical security and access control” over cranes’ supporting infrastructure.

The U.S. Coast Guard is issuing more specific directives that will go directly — and only — to port officials.

“The specific requirements are deemed sensitive security information and cannot be shared publicly,” Coast Guard cybersecurity chief Rear Adm. Jay Vann told reporters on Wednesday.

He added that “our captains of the port around the country will be working directly with crane owners and operators to deliver the directive and verify compliance.”

Vann did, however, explain the underlying reason for official concern.

“People’s Republic of China-manufactured ship-to-shore cranes make up the largest share of the global market and account for nearly 80 percent of cranes at U.S. ports,” he said. “By design, these cranes may be controlled, serviced and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation.”

Wilmington and Morehead City are two of the 18 designated “commercial strategic seaports” around the country that can support military deployments. Others relatively nearby include those in the Norfolk area, Charleston and Savannah.

Back in 2018, the N.C. Ports Authority took delivery of three massive “Neo-Panamax” ship-to-shore container cranes for Wilmington’s port.

Their manufacturer — Shanghai Zhenhua Heavy Industry Co. Ltd., a state-owned enterprise that services the lion’s share of the worldwide container-crane market.

The same company also built the Port of Wilmington’s four smaller container cranes, a Ports Authority spokesperson said.

Wednesday’s maritime advisory singled out Shanghai Zhenua, along with two other bits of Chinese-made technology — a software package called LOGINK and security scanners made by Nuctech Co. Ltd. — for concern.

The software “can collect massive amounts of sensitive business and foreign government data” and likely provides the Chinese government access to “sensitive logistics data,” the advisory said.

The scanners gather similar sorts of information.

Wilmington’s cranes use software from a company based in Sweden, and the state’s ports don’t use Nuctech scanners or cameras, a Ports Authority spokesperson said.

The Coast Guard directive said “threat intelligence related to the PRC’s interest in disrupting U.S. critical infrastructure” is one of the reasons for acting now.

Vann said there are more than 200 PRC-made container cranes operating in U.S. port, and the Coast Guard has already conducted cybersecurity assessments on 92 of them.

The N.C. Ports Authority “recently conducted a vulnerability assessment for our container crane hardware and software at the Port of Wilmington to ensure they are secure,” an authority spokesperson said.

Morehead City is a bulk-cargo port that doesn’t deal in containers. Its crane come from Liebherr, a German company now headquartered in Switzerland.

Biden coupled the action on cranes to the issuance of an executive order that beefed up the Coast Guard’s control of ports and instituted a mandate that ports report any actual or threatened cyber incident to the FBI, Coast Guard and other federal agencies.

Administration officials also said they intend to put more than $20 billion into port infrastructure across the country over the next five years, and want to rebuild U.S. “industrial capacity to produce port cranes with trusted partners” such as Japan.

Related Articles