A recent congressional report has unveiled significant cybersecurity threats associated with Shanghai Zhenhua Heavy Industries Company (ZPMC), a leading Chinese state-owned manufacturer of port cranes. ZPMC, which commands nearly 80% of the U.S. ship-to-shore crane market, is under scrutiny for posing substantial national security risks. The report reveals that the company’s extensive presence in U.S. ports could potentially be exploited by Beijing to manipulate or disrupt maritime supply chains during geopolitical tensions.
The report, issued by the House Committee on Homeland Security Subcommittee on Transportation and Maritime Security and the Select Committee on the Chinese Communist Party, emphasizes ZPMC’s dual role as both a major port infrastructure provider and a strategic asset for China. The committees warn that ZPMC’s advanced port systems, which include “smart” crane technology developed in partnership with Microsoft, could be used by the Chinese government to gain unauthorized access to U.S. maritime operations.
Further investigation has highlighted that ZPMC’s systems, which are integral to U.S. port operations, may contain vulnerabilities that could be exploited for strategic purposes. The report notes that while U.S.-based companies have identified numerous vulnerabilities in ZPMC’s equipment, China’s national cybersecurity database shows no results for these issues. This discrepancy raises concerns about the potential for China to leverage these weaknesses to disrupt critical infrastructure.
In response to these findings, the report recommends immediate action to safeguard U.S. ports. It calls for the Coast Guard to issue guidance to disconnect ZPMC cranes from cellular modems and other remote access methods, and for the Cybersecurity and Infrastructure Security Agency to prioritize closing cybersecurity gaps, particularly at Guam’s port. These measures are part of a broader effort to enhance maritime cybersecurity, following previous incidents such as the ransomware attack on Expeditors International in 2022.
