The Coast Guard has issued a second security directive warning that Chinese ship-to-shore cranes used widely in the United States pose a cybersecurity risk. Maritime Security Directive 105-5 calls on port operators to take “risk management” measures to mitigate the threats.
Built-in vulnerabilities for remote access and control of the cranes “combined with intelligence regarding China’s interest in disrupting U.S. critical infrastructure, necessitate immediate action,” according to a portion of the directive first noted by the trade website gCaptain.
The directive is the second security order issued by the Coast Guard regarding Chinese-made STS cranes, which claim the largest share of the global ship-to-shore crane market, including 80% of cranes at U.S. ports.
“By design, these cranes may be controlled, serviced and programmed from remote locations, and those features potentially leave STS cranes manufactured by [Chinese] companies vulnerable to exploitation, threatening the maritime elements of the national transportation system,” a Nov. 19 Federal Register notice on the directive states. The actual directive was not published because it contains “security-sensitive information.”
The directive calls on all owners or operators of STS cranes to immediately contact Coast Guard at ports using the cranes.
An investigative report by the House Homeland Security Committee in September stated that the container shipping cranes made by Shanghai Zhenhua Heavy Industries, a state-owned company known as ZPMC, pose significant cybersecurity and national security threats.
“The evidence gathered during our joint investigation indicates that ZPMC could, if desired, serve as a Trojan horse capable of helping the [Chinese Communist Party] and the PRC military exploit and manipulate U.S. maritime equipment and technology at their request,” said committee Chairman Mark E. Green, Tennessee Republican.
The crane manufacturer was linked to efforts by China to militarize disputed islands in the South China Sea.
“Cybersecurity risks include unauthorized installations of cellular modems on cranes and ZPMC’s requests for remote access to its cranes in U.S. ports,” the report said.
The FBI reportedly discovered electronic intelligence-collection devices on Chinese cranes in the port of Baltimore.
• Bill Gertz can be reached at bgertz@washingtontimes.com.
Please read our comment policy before commenting.