Click here to download a pdf of the full report.
Executive Summary
Port security is a growing concern for the federal government. In March 2023, for example, members of the United States House Select Committee on the Strategic Competition between the United States and the Chinese Communist Party visited the Port of Miami to inspect Chinese-made cranes. Just a few weeks before, the Pentagon had raised concerns that Chinese made cranes could be a tool for spying. These actions and warnings continue the concerns about port security expressed by Representative Carlos A. Gimenez (R-FL), the Solarium Commission, and other people and organizations. As a result of the 2023 National Defense Authorization Act, the United States Maritime Administration (MARAD) is conducting a study of the potential threat to American national security posed by foreign-made ship-to-shore (STS) cranes, which load and unload cargo from container ships.
To track Chinese cranes in American ports, I have collected data on the STS crane inventory of major American container ports. My analysis finds that the average container port of those surveyed has 49 percent of its STS cranes from a single Chinese company, Shanghai Zhenhua Heavy Industries Company. My review of available data also reveals serious accessibility problems with data on American ports. There is no standardized format for ports to provide basic details such as how many cranes they have or where their cranes are from, making it difficult for Americans to understand how ports operate. Improving port cybersecurity and data on ports would make the United States safer against foreign threats.
There are good reasons to be concerned about potential hacks into U.S. STS cranes. First, a malign actor could spy on American ports and collect critical information on our port system. Second, by having software access to the cranes, a malign actor could sabotage the cranes and disrupt port operations. Because ports are a critical part of the economy, supporting millions of jobs, processing annually goods worth trillions of dollars, and producing trillions in economic value, even a temporary disruption to them through cyberattacks would have drastic consequences.
As MARAD begins to study the potential cybersecurity risks of foreign cranes in U.S.ports, Congress, ports, and federal agencies should take steps to improve cybersecurity in U.S. ports.
- Congress should use its appropriations, legislative, and oversight powers to require federal agencies and American ports to take action to address potential security threats.
- Ports should inventory their STS cranes, publish the inventory data, and report their findings to Congress, MARAD, the Coast Guard, and the Department of Homeland Security (DHS). DHS should develop a remediation plan for American ports to address potential cybersecurity risks identified by the forthcoming MARAD report.
- DHS, through the Federal Emergency Management Act, should prepare and issue new grant guidance for the Port Security Grant Program for FY2024 grant awards to instruct grantees to use grants to remediate security vulnerabilities identified by the MARAD report.
- DHS, through the Federal Emergency Management Act, should prepare and issue new grant guidance for the Port Security Grant Program for FY2024 grant awards to instruct grantees to use grants to remediate security vulnerabilities identified by the MARAD report.
