Chinese-made port cranes in US included 'backdoor' modems, House report says
A newly released congressional examination found that China placed various technological backdoors into ship-to-shore cranes that could give access to the machines.
The 51-page, Republican-led study, conducted by the House Select Committee on China and the House Homeland Security Committee, said “these cellular modems, not requested by U.S. ports or included in contracts, were intended for the collection of usage data on certain equipment. This constitutes a significant backdoor security vulnerability that undermines the integrity of port operations.”
In addition, contracts reviewed by lawmakers “revealed that many agreements allowed critical internal components from third party contractors to be sent” to Chinese manufacturer ZPMC for installation.
The report, published Thursday, does not specify the exact nature of the modems, but said they were “connected to Linux computers on port cranes.” Technicians at the ports understood them to be for diagnostic purposes, the report said.
“These modems—although not necessary for the operation of the cranes—created an obscure method to collect information, and bypass firewalls in a manner that could potentially disrupt port operations.”
U.S. officials have long been concerned about China-made products used in critical infrastructure. Tensions have only increased over the threat of potential conflict between Washington and Beijing over Taiwan.
Speaking at a Center for Strategic and International Studies event earlier this week, Rob Silvers, DHS undersecretary for policy, noted the Biden administration has called for investing billions of dollars in cranes to counter Beijing’s potential influence.
He also noted the Coast Guard, which has regulatory authority over ports, ordered sites to implement better cybersecurity and the U.S. is working with Japanese heavy industrials company Matsui to start domestic production of ship-to-shore cranes in America “ for the first time in decades, so that we have, in the long run, a reliable supply of that critical hardware that most American people never think about, but which they rely on every single day to get whatever is coming to their house.”
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.