Cybersecurity Concerns About Port Cranes and an Incoming Trump Administration Could Significantly Change the Infrastructure Adopted by U.S. Ports

Chinese state-owned Shanghai Zhenhua Heavy Industries Company (ZPMC) has long been the go-to supplier for port cranes. Some reports indicate that around 80% of quay cranes built in the United States have been provided by ZPMC.

In early September, the House Committee on Homeland Security and the Select Committee on the Chinese Communist Party released a report detailing the cybersecurity risk posed by these cranes after a probe found communications gear installed in the Ship-to-Shore (STS) cranes provided by ZPMC. The investigation found that ZPMC installed cellular modems on cranes that have no clear purpose for operation, or record of installation, allowing access to sensitive data, potential “spying,” and remote access to critical infrastructure.

While ZPMC has denied any wrongdoings, labeling the investigation as “entirely paranoia” and the Coast Guard have confirmed it has not found any evidence of malware or Trojan horse-type software, U.S. government departments remain firm on the vulnerabilities that this equipment creates.

Given that ports are considered crucial parts of national infrastructure, it’s understandable why any hint of a cybersecurity risk raises alarm bells. And while there is no evidence of malicious intent, the capability for remote access or even remote control of equipment is never going to go down well. Given ZPMC’s dominance in the market, equipment won’t be able to be replaced, but it’s highly likely that measures will be put in place by policymakers to tackle this risk.  

The review comes at an interesting time, given that the Biden administration announced a US$20 billion investment in U.S. ports infrastructure back in February, with a primary goal of “bolstering cybersecurity at U.S. ports.” The investment is intended to spur domestic innovation in the port infrastructure. PACECO Corp., a U.S. based subsidiary of Japanese company MITSUI E&S Co. Ltd., now has plans to produce STS cranes in the United States, which will be one of the first instances of domestic STS crane production in over 30 years. The push toward onshoring crane production is unlikely to change with the incoming Trump administration and could be pushed even further if tariffs are increased on Chinese imports.

Such an issue could also have an impact on the uptake of automated port infrastructure, and who these are going to be supplied by going forward. ABI Insight “Strike Action Threatens to Put U.S. Ports Even Further Behind in Terms of Automation, but This Doesn’t Need to Be an Issue” discussed the United States’ relatively low levels of automation and how adoption remains a contentious issue in the negotiations between the United States Maritime Alliance (USMX) and the International Longshoremen's Association (ILA). While this is expected to continue, it’s unlikely that U.S. ports will waiver on their endeavor to catch up with the more automated ports of Europe and Asia. And when they do, who provides these cranes will likely play a big factor.

The fact that planned domestic production of STS cranes by PACECO Corp. signifies the first time that cranes have been manufactured in the United States shows just how limited the U.S. port infrastructure market is. European port solution providers like Konecranes and Liebherr have seen double-digit growth in annual sales, with business in North America on the rise. Should new deployments of either standard cranes or semi/fully autonomous cranes be regulated against or pushed away from ZPMC, such European alternatives could see an even greater rise in their North American deployments.

Partnerships with these providers would be a strategic move for providers of private wireless networks or Terminal Operating Systems (TOSs), given the potential rise in business, but also considering that these solutions help improve the effectiveness and decrease time to value of automated systems. In many cases, ports don’t realize any significant Return on Investment (ROI) when deploying automation initially, due to integration issues and the need for scale. Providing combined solutions in a scaled format could remedy many of the issues seen when adopting automation, and help ports see the benefits of better terminal execution platforms or a private 5G network.

The cybersecurity concerns raised also reconfirm the delicate nature of how ports are controlled and how the operational data are managed. Providers continue to try and push end users to the cloud, quite understandably so, given the benefits and ability to offer Software-as-a-Service (SaaS) packages, but ports continue to look for complete, on-premises control. This varies by region, as is explored in ABI Research’s Port Operations: Key Trends and Regional Technology Adoption report (AN-5781), with some more open to advanced digital solutions that require more open data channels, but on-premises is very much here to stay. Being able to combine the benefits of cloud-native solutions with the security of on-premises solutions and demonstrating this capability will be a key factor when winning new business in the North American and European port markets.