The US Coast Guard has issued a second security directive warning that Chinese ship-to-shore cranes used widely in the United States pose a cybersecurity risk. Maritime Security Directive 105-5 calls on port operators to take “risk management” measures to mitigate the threats.
Built-in vulnerabilities for remote access and control of the cranes “combined with intelligence regarding China’s interest in disrupting US critical infrastructure, necessitate immediate action,” according to a portion of the directive first noted by the trade website gCaptain.
The directive is the second security order issued by the Coast Guard regarding Chinese-made STS cranes, which claim the largest share of the global ship-to-shore crane market, including 80% of cranes at US ports. “By design, these cranes may be controlled, serviced and programmed from remote locations, and those features potentially leave STS cranes manufactured by [Chinese] companies vulnerable to exploitation, threatening the maritime elements of the national transportation system,” a November 19 Federal Register notice on the directive states. The actual directive was not published because it contains “security-sensitive information.” The directive calls on all owners or operators of STS cranes to immediately contact US Coast Guard at ports using the cranes.[1]
An investigative report by the US House Homeland Security Committee in September stated that the container shipping cranes made by Shanghai Zhenhua Heavy Industries, a state-owned company known as ZPMC, pose significant cybersecurity and national security threats. “The evidence gathered during our joint investigation indicates that ZPMC could, if desired, serve as a Trojan horse capable of helping the [Chinese Communist Party] and the PRC military exploit and manipulate US maritime equipment and technology at their request,” said committee Chairman Mark E. Green, Tennessee Republican.
The crane manufacturer was linked to efforts by China to militarize disputed islands in the South China Sea. “Cybersecurity risks include unauthorized installations of cellular modems on cranes and ZPMC’s requests for remote access to its cranes in US ports,” the report said. The FBI reportedly discovered electronic intelligence-collection devices on Chinese cranes in the Port of Baltimore.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.washingtontimes.com/news/2024/dec/2/coast-guard-issues-second-warning-chinese-port-cra/
Comments