A top trade official at the Department of Homeland Security said in Capitol Hill testimony on Thursday that the Biden administration is concerned about the extent of Chinese manufacturing presence in critical U.S. port operations.
During a House hearing that centered on cranes operating at the ports in the United States, 80% of which are manufactured in China, representatives pressed Homeland Security and Coast Guard officials about the nation’s infrastructure reliance on China, including spare parts for these cranes and how it could impact the resiliency of U.S. ports.
“We absolutely agree and we do see an overreliance on these People’s Republic of China (PRC) manufacturer cranes,” Christa Brzozowski, acting assistant secretary for trade and economic security at the Department of Homeland Security, told representatives on the House Subcommittee on Transportation and Maritime Security examining the port cybersecurity threat.
The seaports move more than 99% of the cargo coming to the U.S. from overseas, with 31 million American jobs tied to the ports, which generate $5.4 trillion in economic value, representing more than a quarter of nation’s economy.
In early 2023, U.S. defense officials said they were worried that Chinese ship-to-shore crane manufacturer Shanghai Zhenhua Heavy Industries Co. (ZPMC) could be used by Beijing as a possible spying tool, leading to more pressure on the administration from Capitol Hill. China said at the time that the concerns were “paranoia-driven.”
ZPMC has not responded to CNBC’s requests for comment.
The AAPA, which lobbies on behalf of the nation’s major container ports, has said in the past there is no evidence to the support the claims about Chinese-manufactured crane cyber vulnerabilities, characterizing the comments as “sensational.”
Gene Seroka, executive director of the Port of Los Angeles, told CNBC that Biden’s executive order is a wake-up call for the port and supply chain industry.
“The bottom line is that today’s high-tech cranes can collect data and that is why this executive order is so important,” said Seroka. “The Port of Los Angeles opened the nation’s first port Cyber Security Operations Center in 2014, and in 2023, the center stopped nearly three-quarters of a billion intrusion attempts, an average of about 63 million intrusion attempts each month,” he said.
2023 was the highest number of cyberattacks the port ever recorded.
Brzozowski said reliance on China for shipping cranes is not an anomaly.
“We see this as a concerted effort where the PRC has proven and stated its intent to be the lead leading manufacturer in not only cranes like this, but other types of maritime equipment,” she told the House subcommittee.
When asked if any threat had been verified in current cranes in use, Brzozowski said, “not to my knowledge.”
But she added, “I think as we’re taking a close look at this issue, it’s because of the potential for such a risk and the known exploitation by the PRC of critical infrastructure, even domestic critical infrastructure sectors.”
Almost half of the PRC-manufactured cranes have been assessed, according to Coast Guard testimony at the hearing. The hearing came a week after the Biden administration issued an executive order on port cybersecurity which included a focus on the shipping crane concerns and to make sure all critical port infrastructure that is owned and operated adheres to international and industry recognized safety regulations.
China has been on a tear creating airports and ports around the world, and in line with the security threat, Subcommittee Chairman, Carlos Gimenez (R-FL) asked Brzozowski if the “zeal” of the Belt and Road initiative could also put the U.S. at a disadvantage allowing China to process its trade faster than U.S. trade.
“I think it’s it’s not only a possibility, but something that we’re seeing play out around the world,” said Brzozowski. “It’s no secret that China has both the capability and the intent to challenge the rules based trade system. They’re leveraging all instruments of their national power to do so. They’re looking to gain access not only to technology and data, and in particular, the vulnerabilities that we’re talking about around the cranes today.”
China is “engaging in a number of other practices to undercut American workers and businesses,” she said.
The acting secretary referred to the influx of production of fentanyl through American ports and practices associated with forced labor to undercut the competitiveness of the U.S. and other global companies, and to bring in goods to market that are contrary to U.S. values.
The Biden administration has positioned the executive order as part of a “whole government approach” in securing the nation’s ports. A new White House cabinet-level Supply Chain Resilience Center is working with interagency partners, including the Departments of Commerce, Transportation, and Defense in this mission.
“What the EO [Executive Order] really does, again, is allow a captain of the port if it’s determined that there is a threat or there has been some disruption because of a cyber intrusion, to take action to secure a crane or secure a terminal until such time that the operator, maybe with our assistance, or at least with our validation takes action to secure that particular node of the system,” Rear Admiral John Vann, Coast Guard Cyber Command, said at the House hearing.
The subject of port automation was also addressed, with Vann saying it offers efficiencies, but the potential to increase the cyber terrain that must be protected. “The point I really want to make here is all of us, whether it’s government, private companies that are operating in the ports, all need to take the vulnerabilities that are created by this increased surface, this threat surface that’s now there with increased automation, is take that very seriously, make it part of their calculus in securing the system.”
Rear Admiral Wayne R. Arguin Jr., assistant commandant for prevention policy for the US Coast Guard, told U.S. representatives that the Coast Guard maintains a 24/7 presence in all ports and if they were made aware of a challenge they would decide which teams would need to be involved, and then decide what would be needed to minimize that disruption.
“Any disruption, cyber or otherwise, hurricane, anything that would cause a ripple in that very tightly, fine-tuned system would have diverse impacts,” said Arguin Jr. “We are hyper-focused on that. I know that the Supply Chain Resilience Center is also looking at that to ensure that disruption is minimized.”