US ports voice confidence in Chinese-made cargo cranes

Amid mounting scrutiny and an executive order over "national security" concerns relating to Chinese-made cranes, US ports are continuing to operate and even commission them.

US President Joe Biden issued an executive order on Wednesday addressing cybersecurity and espionage concerns over Chinese-made cranes in use at US ports. The administration also pledged $20 billion toward infrastructure security over the next five years, including funding domestic manufacturing of cargo cranes.

The initiative targets ship-to-shore cranes made by Shanghai Zhenhua Heavy Industries, or ZPMC, a Chinese engineering company and one of the world's largest makers of cranes and large steel structures. The ship-to-shore cranes are used to load and unload container ships.

ZPMC dominates the market with a near 80 percent share and in many cases is the only supplier to more than 100 of the world's top ports. In the United States nearly 80 percent of cranes at ports were made by ZPMC.

US officials said these cranes may be controlled, serviced and programmed from remote locations and are thus vulnerable to data breaches. However, they have provided no evidence for cybersecurity incidents linked with the ZPMC cranes.

China denies the claims, calling the initiative paranoia and an overreach of national security concerns to unfairly target Chinese companies and products.

Despite US officials' claims of potential vulnerabilities, there have been no reported instances of security breaches involving ZPMC cranes in the US.

Port authorities have said they are confident about the security of their equipment. Additionally, media reports claiming ports were ordered to replace Chinese cranes have been dismissed by port authorities.

The Virginia Port Authority has expressed no intention to replace its ZPMC-made cranes, and the port officials have said they have not had any discussions with the federal government about that.

New orders

In fact all 27 of the Port of Virginia's ship-to-shore cranes were made by ZPMC, and it has just ordered eight more cranes from the company, the port's spokeswoman Cathie Vick said.

Vick expressed confidence that the cranes are secure, saying they underwent detailed forensic cyber analysis before going online.

There have been no reports of cybersecurity breaches affecting Port of Virginia cranes, she told Virginia Business, and the federal government has not alerted the port to any instances of cranes in Virginia being used for espionage.

At the Port of New York and New Jersey, the US East Coast's busiest port and one of the top three busiest ports in the country, APM Terminals, a Dutch port operating company, has recently commissioned two ZPMC cranes, emphasizing increased efficiency and sustainability benefits.

These decisions echo the American Association of Port Authorities' position. The group, calling the security concerns "sensationalized claims", has repeatedly said there is no evidence of cranes being used to harm or track port operations.

The lack of concrete evidence of security breaches poses a challenge for the US government in justifying its concerns, and the absence of viable US alternatives makes it difficult for ports to fully abandon ZPMC in the short term.