From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 498F53CB37 for ; Thu, 7 Mar 2024 15:35:04 -0500 (EST) Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5682360e095so148144a12.1 for ; Thu, 07 Mar 2024 12:35:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709843703; x=1710448503; darn=lists.bufferbloat.net; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Die4YheZcxGVMVKyu49q+7Ph920wkV3yRC4lszFLnCA=; b=QLvp8AP9+2Qx8yWuxS3UyHYkHEoSGw4sc/zH+oG0NqH/oiz+S0MEDI69PhbZiGdUWn BkzhqMEnVu4NsBPtcGZgi1XpAYSeq9uf+d1pi4gAF4qIZepjTTtK3MHskZ8bxUoEMWeZ yn+y6432NrIvZBx7K/JatAVyWWMlnZ+nY5+3VuFqTs7G/2ZUAS0ad1R8YnnNChs3s8a+ y59vogchKFH+X8OVZPwJt31wM4/CU8HIC9x5sQL8tgNc7BKvIM/yxfUsp90dsHBoYzro CBfeoPdPBeqh0x5zAGabh4NnUy8zlfxYib9cmg3h+WCTDSShAwhBXiueLBntA02oGQUM HBFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709843703; x=1710448503; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Die4YheZcxGVMVKyu49q+7Ph920wkV3yRC4lszFLnCA=; b=SlmZrzZk3KAQc4fh1aUrZrAJ74w14whb44KBz2W5LcYyzhA9gH3GUki7ykrzI2ytf8 TRLCUKzCaST//yIzCql3LG4FN258yQ6MiniO54ODdDK1t/KNDyVtUII8fe07Aq8w3tiK iYQG1dR0+oYC2baGDvBGegrjHVPW80RzAledXlV9x7obNRjz8FAEesspWYG4034ACuAF 8wvt1jlFo2iw2IfNkZa3lXyiOeZMCZwM4/TbaMKRNEv8KnklR/fXQBOKVQghTLn43vVD ckhKM72n92CbhLLPQwR3Xo9cgOjvPFdeiAvHcCmSFDhALnoQPWv356lci2zhpT99HK7q aNcg== X-Gm-Message-State: AOJu0YzCmagzhWoQN/Lird+/t81QuuSKgRQkIfCEgoUbMpsYXpPCbQNu kbN476EGPPxEmk1sjjKLiU6YU7ye/XWOINriTS0e1jnDR6/t08a6Q3iEfdPeHSzssoE7+uBEe2V B4h55NP2PcAddQzsfKUjQtGPgcXtc/TvlJV8= X-Google-Smtp-Source: AGHT+IFFHkc/qV83Xd3/mW82KLh3EALveI+K6AvYV38y0ZyaO0ciiERlhoJgTrz+EQ3g5UlfgVutj8m8Bz6jgccPBkI= X-Received: by 2002:a17:906:2346:b0:a44:f91c:a85 with SMTP id m6-20020a170906234600b00a44f91c0a85mr9426554eja.60.1709843702504; Thu, 07 Mar 2024 12:35:02 -0800 (PST) MIME-Version: 1.0 From: "David Bray, PhD" Date: Thu, 7 Mar 2024 15:34:25 -0500 Message-ID: To: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?= =?UTF-8?Q?ects_heard_this_time=21?= Content-Type: multipart/alternative; boundary="00000000000082637f06131802fe" Subject: [NNagain] Article: Espionage Probe Finds Communications Device [[Modems]] on Chinese Cranes at U.S. Ports X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2024 20:35:04 -0000 --00000000000082637f06131802fe Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable *Of note: * https://www.msn.com/en-us/news/world/espionage-probe-finds-communications-d= evice-on-chinese-cargo-cranes/ar-BB1juBcq *Noting "communications equipment that doesn=E2=80=99t appear to support no= rmal operations, fueling concerns that the foreign machines may pose a covert national-security risk."*Over a dozen cellular modems were found on crane components in use at one U.S. port, and another modem was found inside another port=E2=80=99s server room, according to a committee aide. Some of = the modems had active connections to operational components to the cranes, the aide said. While it isn=E2=80=99t unusual for modems to be installed on cranes to remo= tely monitor operations and track maintenance, it appears that at least some of the ports using the ZPMC-made equipment hadn=E2=80=99t asked for that capab= ility, according to congressional investigators and documents seen by The Wall Street Journal. One port with modems told lawmakers in a December letter that it was aware of their existence on the cranes, but couldn=E2=80=99t ex= plain why they were installed. ZPMC, a Chinese state-owned company, didn=E2=80=99t respond to requests for comment. Liu Pengyu, a spokesman at the Chinese embassy in Washington, didn=E2=80=99t address specific questions about the modems but said claims = that China-made cranes pose a national-security risk to the U.S. is =E2=80=9Cent= irely paranoia=E2=80=9D and amounted to =E2=80=9Cabusing national power to obstru= ct normal economic and trade cooperation.=E2=80=9D Concerns about ZPMC=E2=80=99s cranes have been building steadily in Washing= ton for years. In 2021, the Federal Bureau of Investigation found intelligence-gathering equipment on board a ship that was transporting cranes into the Baltimore port, the Journal previously reported. Last month, the Biden administration announced it would invest more than $20 billion over the next five years to replace foreign-built cranes with U.S.-manufactured ones. The money will go toward supporting the building of cranes by a U.S. subsidiary of Mitsui, a Japanese company, marking what officials said would create a domestic option for ports for the first time in 30 years. The administration also rolled out a suite of maritime cybersecurity measures, which comes amid rising fears that Chinese hackers have been pre-positioning themselves to disrupt American critical infrastructure in the event of open hostilities, such as a military conflict over Taiwan. Those actions by the Biden administration followed a Wall Street Journal investigation last year that revealed U.S. fears that cranes made by ZPMC in use at a number of America=E2=80=99s ports could present an espionage an= d disruption risk. More recently, there has been a surge of warnings from top U.S. officials about the potential threat to American lives posed by the infiltration of the nation=E2=80=99s critical infrastructure by Chinese hac= kers. The new focus on cranes and broader maritime security =E2=80=9Chas been a w= ake-up call for many western countries,=E2=80=9D Wille Rydman, minister of economi= c affairs for Finland, said in an interview. Finland, which joined the North Atlantic Treaty Organization last year, has been seeking to expand the market share of its maritime industry globally amid the rising concerns about Chinese technology supply chains. The Finnish company Konecranes, for example, supplied four large container cranes to the port in Savannah, Georgia, last summer. Biden administration officials say the Chinese cranes have security shortcomings that should worry ports. =E2=80=9CWe have found, I would say, openings, vulnerabilities, that are there by design,=E2=80=9D Rear Adm. Joh= n Vann, who leads the Coast Guard cyber command, said during congressional testimony about the cranes to Green=E2=80=99s committee last week. In a partially redacted December letter to the committee seen by the Journal, an unidentified U.S. port operator said that the modems weren=E2= =80=99t part of an existing contract, but that the port had been aware of their installations on the cranes and that they were intended for a =E2=80=9Cmobi= le diagnostic and monitoring=E2=80=9D service the port didn=E2=80=99t enroll i= n. =E2=80=9CWe are unsure who installed the modems as they were on the cranes = when we first saw them in China,=E2=80=9D the letter to the committee said. The mod= ems, according to the letter, were believed to have been installed around June 2017, around the time of the cranes=E2=80=99 manufacturing and assembly, an= d removed in October of last year. It couldn=E2=80=99t be determined what prompted the port to take action on = the modems or who did so. A committee aide said information collected by the panel indicated the modems had been physically disabled, but not yet fully removed. =E2=80=9CThese components do not contribute to the operation of the (ship-t= o-shore) cranes or maritime infrastructure and are not part of any existing contract between ZPMC and the receiving U.S. maritime port,=E2=80=9D the Republican-controlled committees said in a letter sent to the company last week. The letter to ZPMC said that lawmakers found that many cranes at U.S. ports were built at the company=E2=80=99s Changxing base adjacent to a shipyard o= n the Shanghai island where the Chinese navy builds advanced warships. It also said lawmakers had learned from briefings with ports and U.S. law-enforcement agencies that ZPMC had repeatedly made requests for remote access to U.S.-based cranes and other maritime infrastructure. ZPMC cranes entered the U.S. market around two decades ago, offering what industry executives described as good-quality cranes that were significantly cheaper than Western suppliers. In recent years, ZPMC has grown into a major player in the global automated-ports industry, working to connect equipment and analyze data in real time. Green, the committee chairman, said that the additional components discovered on some cranes =E2=80=9Care just one example of the worrisome fi= ndings in our investigation.=E2=80=9D The panel intends to finish its probe, which is being done jointly with the Select Committee on the Chinese Communist Party, next month. A public report will focus on ZPMC, its suppliers, and potential threats posed by equipment and technology at U.S. ports that were manufactured in China, a committee aide said. --00000000000082637f06131802fe Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Of note:

https://www.msn.com/en-us/news/world/espionage-probe-fi= nds-communications-device-on-chinese-cargo-cranes/ar-BB1juBcq

Noting "communications equipment that doesn=E2=80=99t appear to suppo= rt normal operations, fueling concerns that the foreign machines may pose a= covert national-security risk."

Over a dozen cellular mode= ms were found on crane components in use at one U.S. port, and another mode= m was found inside another port=E2=80=99s server room, according to a commi= ttee aide. Some of the modems had active connections to operational compone= nts to the cranes, the aide said.

While it isn=E2=80=99t unusual for= modems to be installed on cranes to remotely monitor operations and track = maintenance, it appears that at least some of the ports using the ZPMC-made= equipment hadn=E2=80=99t asked for that capability, according to congressi= onal investigators and documents seen by The Wall Street Journal. One port = with modems told lawmakers in a December letter that it was aware of their = existence on the cranes, but couldn=E2=80=99t explain why they were install= ed.

ZPMC, a Chinese state-owned company, didn=E2=80=99t respond to r= equests for comment. Liu Pengyu, a spokesman at the Chinese embassy in Wash= ington, didn=E2=80=99t address specific questions about the modems but said= claims that China-made cranes pose a national-security risk to the U.S. is= =E2=80=9Centirely paranoia=E2=80=9D and amounted to =E2=80=9Cabusing natio= nal power to obstruct normal economic and trade cooperation.=E2=80=9D
Concerns about ZPMC=E2=80=99s cranes have been building steadily in Washi= ngton for years. In 2021, the Federal Bureau of Investigation found intelli= gence-gathering equipment on board a ship that was transporting cranes into= the Baltimore port, the Journal previously reported.

Last month, th= e Biden administration announced it would invest more than $20 billion over= the next five years to replace foreign-built cranes with U.S.-manufactured= ones. The money will go toward supporting the building of cranes by a U.S.= subsidiary of Mitsui, a Japanese company, marking what officials said woul= d create a domestic option for ports for the first time in 30 years.
The administration also rolled out a suite of maritime cybersecurity measu= res, which comes amid rising fears that Chinese hackers have been pre-posit= ioning themselves to disrupt American critical infrastructure in the event = of open hostilities, such as a military conflict over Taiwan.

Those = actions by the Biden administration followed a Wall Street Journal investig= ation last year that revealed U.S. fears that cranes made by ZPMC in use at= a number of America=E2=80=99s ports could present an espionage and disrupt= ion risk. More recently, there has been a surge of warnings from top U.S. o= fficials about the potential threat to American lives posed by the infiltra= tion of the nation=E2=80=99s critical infrastructure by Chinese hackers.
The new focus on cranes and broader maritime security =E2=80=9Chas bee= n a wake-up call for many western countries,=E2=80=9D Wille Rydman, ministe= r of economic affairs for Finland, said in an interview. Finland, which joi= ned the North Atlantic Treaty Organization last year, has been seeking to e= xpand the market share of its maritime industry globally amid the rising co= ncerns about Chinese technology supply chains.

The Finnish company K= onecranes, for example, supplied four large container cranes to the port in= Savannah, Georgia, last summer.

Biden administration officials say = the Chinese cranes have security shortcomings that should worry ports. =E2= =80=9CWe have found, I would say, openings, vulnerabilities, that are there= by design,=E2=80=9D Rear Adm. John Vann, who leads the Coast Guard cyber c= ommand, said during congressional testimony about the cranes to Green=E2=80= =99s committee last week.

In a partially redacted December letter to= the committee seen by the Journal, an unidentified U.S. port operator said= that the modems weren=E2=80=99t part of an existing contract, but that the= port had been aware of their installations on the cranes and that they wer= e intended for a =E2=80=9Cmobile diagnostic and monitoring=E2=80=9D service= the port didn=E2=80=99t enroll in.

=E2=80=9CWe are unsure who insta= lled the modems as they were on the cranes when we first saw them in China,= =E2=80=9D the letter to the committee said. The modems, according to the le= tter, were believed to have been installed around June 2017, around the tim= e of the cranes=E2=80=99 manufacturing and assembly, and removed in October= of last year.

It couldn=E2=80=99t be determined what prompted the p= ort to take action on the modems or who did so. A committee aide said infor= mation collected by the panel indicated the modems had been physically disa= bled, but not yet fully removed.

=E2=80=9CThese components do not co= ntribute to the operation of the (ship-to-shore) cranes or maritime infrast= ructure and are not part of any existing contract between ZPMC and the rece= iving U.S. maritime port,=E2=80=9D the Republican-controlled committees sai= d in a letter sent to the company last week.

The letter to ZPMC said= that lawmakers found that many cranes at U.S. ports were built at the comp= any=E2=80=99s Changxing base adjacent to a shipyard on the Shanghai island = where the Chinese navy builds advanced warships. It also said lawmakers had= learned from briefings with ports and U.S. law-enforcement agencies that Z= PMC had repeatedly made requests for remote access to U.S.-based cranes and= other maritime infrastructure.

ZPMC cranes entered the U.S. market = around two decades ago, offering what industry executives described as good= -quality cranes that were significantly cheaper than Western suppliers. In = recent years, ZPMC has grown into a major player in the global automated-po= rts industry, working to connect equipment and analyze data in real time.
Green, the committee chairman, said that the additional components di= scovered on some cranes =E2=80=9Care just one example of the worrisome find= ings in our investigation.=E2=80=9D

The panel intends to finish its = probe, which is being done jointly with the Select Committee on the Chinese= Communist Party, next month. A public report will focus on ZPMC, its suppl= iers, and potential threats posed by equipment and technology at U.S. ports= that were manufactured in China, a committee aide said.
--00000000000082637f06131802fe--