Sunday, April 21, 2024

Do the Hills Have Eyes? No, But Chinese Cranes Have Ears

It’s well known that China is infamous for its hacking prowess. On many occasions we have learned of their infiltration into our country’s sensitive data. What I find personally upsetting is the lack of repercussions that this administration has taken to stop these attacks and to penalize China for them. Even the frontal attacks by platforms like TikTok, which we have come to know over the last several years is an information gathering site for the CCP. TikTok Inc. is owned by a Chinese company, ByteDance Ltd., and because China requires its companies, upon request, to share any national security-related data with the government. Therefore, TikTok’s popularity among Americans carries implications well beyond the mobile-phone screen. 

We still don’t know the full truth about the spy balloons that flew unimpeded over the country last year, or what, if any sensitive data they gathered. Yet, it seems that the Chinese are as inventive as they are devious. Recently, we have learned that a new Congressional investigation has discovered that some Chinese-made cranes used at US ports contain communications equipment with no clear purpose or record of their installation, that have heightened US concerns that the cranes could be used for surveillance or sabotage.

The investigation by the House Committee on Homeland Security and House select committee on China focused on the more than 200 Chinese-made cranes installed at US ports and related facilities. Last month, over growing U.S. and China tensions concerning national security, The Coast Guard ordered ports to better secure the Chinese-made cranes.

House lawmakers said that the equipment that is installed on the cranes are cellular modems that can be used for remote communication. The modems were not documented in the contracts between crane maker ZPMC and any U.S. ports. When US port personnel went to China to inspect the cranes, the modems were already installed, and were found “on more than one occasion” an aide familiar with the investigation told CNN.

Rep. Mark Green, the Republican chair of the House Homeland Security Committee, said in a statement to CNN:

“Our Committee’s investigation found vulnerabilities in cranes at U.S. ports that could allow the CCP [Chinese Communist Party] to not only undercut trade competitors through espionage, but disrupt supply chains and the movement of cargo, devastating our nation’s economy. Without a swift sea-change, we will continue to gift the CCP with an easy means of infiltrating our critical infrastructure on their quest for global dominance.”

ZPMC responded predictably on its website stating that:

“it has always been committed to providing high-quality products and services to clients around the world. ZPMC always strictly complies with the laws and regulations of applicable countries.”

The spokesperson for the Chinese Embassy in Washington, D.C., Liu Pengyu, also defended ZPMC. In a statement to CNN, he stated that claims that Chinese-made cranes pose a security risk are “entirely paranoia.”

“We firmly oppose the US overstretching the concept of national security and abusing national power to obstruct normal economic and trade cooperation between China and the US.” 

The Wall Street Journal first reported on the congressional probe’s findings.

Ship-to-shore cranes are the key to moving goods through US maritime ports and generate trillions of dollars in economic activity every year, according to experts. According to the Coast Guard, Chinese-made cranes account for nearly 80 percent of all cranes used at US ports.

Rear Admiral John Vann, head of the Coast Guard Cyber Command, told lawmakers last month, “we have found openings, vulnerabilities that are there by design. What we have not found is instances, of malware or a Trojan-Horse-type software.”

Cary Davis, the CEO of the American Association of Port Authorities, added in a statement to CNN: “Our ports proactively work with the U.S. Coast Guard, other federal law enforcement, and private sector experts to mitigate risks through inspections and defensive measures.”

That’s all fine and well, but cranes can often be controlled remotely, meaning that a hacker with access to the cranes’ networks could collect intelligence from ports or, in theory, even cause disruptions of equipment.

My question is this, If these devices were not listed in any of the contracts, when they were discovered, why wasn’t ZPMC told to immediately remove them? Does anyone believe that if the situations were reversed China would have allowed them to remain?

Marco Ayala, an industrial cyber expert with years of experience in the maritime sector says that a lot of machinery in the maritime and oil and gas sectors have hardware, such as cellular modems, that technicians use for remote maintenance. However, he added that the hardware is not always well documented at some of the facilities, opening security risks. Ayala is president of the Houston chapter of InfraGard National Members Alliance, a public-private threat-sharing organization.

He told CNN that having modems embedded in a crane’s operational systems “physically bypasses” the ports traditional IT security defenses. He added that the US government and private maritime experts are trying to change that with more rigorous security assessments.

Trying to change that?

I would think that this should have been corrected already. I am stupefied that our government acts as though they are aware of all these things, yet they haven’t been corrected. Especially when we are dealing with a government like China, that makes no secret of the fact that they will do anything to enhance their world power and position.

The Biden administration announced plans last month to invest $20 billion in new US-made port infrastructure, including US-made cranes that officials say are less of a security risk.

No kidding. Here’s another question, why are we purchasing cranes from China anyway? Surely, we can build our own cranes. The fact that we allowed these to be delivered to our ports is another failure by the inept Biden administration. It’s obvious that they have no regard for national security on any front. God knows what else is going on that the American people are in the dark about.