Enable breadcrumbs token at /includes/pageheader.html.twig

China's Crane Kick

Cranes are the most identifiable cyber threat, and the U.S. Coast Guard will issue a specific cyber regulation tackling this.

A recent action was the issuance of a warning against systems created and deployed globally by institutions associated with Beijing.

Meanwhile, most ports have caught up with cybersecurity compliance.

“A lot of the operators of specific terminals have been taking actions to do through modeling, understand their attack surface, make sure their controls and policy framework are in place and to do assessments, third party assessments and penetration tests now,” said Josh Koleda, transport assurance practice director for North America at NCC Group.

Still, the largest and most critical equipment on land is hard to protect.

Cranes “are basically big [signals and electronic intelligence] collection platforms,” said Egon Rinderer, chief technology officer at Shift5.

“You can mount all sorts of things all over them, and in a lot of cases, you don’t even need to obfuscate what that thing is because it’s perfectly reasonable that they have cameras and antennas on them,” said Rinderer.

At least 24 global ports operate the LOGINK logistics platform, a software to control cranes and other port equipment developed by an organization with close ties to Beijing, according to a U.S. Department of Transportation advisory.

Part of the effort in recent infrastructure regulation points toward replacing Chinese cranes with local alternatives.

This follows a Congressional investigation into Chinese firm Shanghai Zhenhua Heavy Industries (ZPMC), a crane builder. The company was under scrutiny for alleged intelligence collection in U.S. ports, as “it controls around 70% of the global market share for cranes and accounts for nearly 80% of the ship-to-shore cranes at U.S. ports,” according to documents published by lawmakers.

The company denied wrongdoing.

“ZPMC takes the U.S. concerns seriously and believes that these reports can easily mislead the public without sufficient factual review,” the company said in a release. “The cranes provided by ZPMC do not pose a cybersecurity risk to any ports.”

Still, the intelligence-gathering opportunities are almost infinite.

“There’s a whole list of manufacturers banned from use in DoD networks, but it has happened in the maritime shipping world, and it’s a big problem because our grey hulls pull into those same ports and, by the way, those same cranes are used all over the world,” Rinderer said.

“There’s pretty much not a port you can pull into anywhere on the planet that doesn’t have PRC [People’s Republic of China]-manufactured cranes that are sort of dual-purpose segment collection platforms,” Rinderer added.