The United States will invest tens of billions of dollars to boost maritime cybersecurity around its strategic seaports, including by replacing China-made container cranes that officials believe could leave American infrastructure vulnerable to sabotage.

Foreign-manufactured ship-to-shore cranes, in particular those built by China's state-owned ZPMC, have been a national security concern for several years. The heavy industries company is the world's largest crane maker, whose machines account for nearly 80 percent of the lifting equipment used at U.S. ports, according to official estimates.

"By design, these cranes may be controlled, serviced, and programmed from remote locations. These features potentially leave PRC-manufactured cranes vulnerable to exploitation," said Rear Adm. Jay Vann, head of the U.S. Coast Guard's cyber command, referring to the People's Republic of China.

Cranes are part of the Marine Transportation System (MTS) that enable "critical national security sealift capabilities that enable the U.S. Armed Forces to project and maintain power around the globe," Vann said. "Any disruption to the MTS, whether man-made or natural, physical or in cyberspace, has the potential to cause cascading impacts to our domestic or global supply chains."

US to Replace China-Owned Cranes Over Cybersecurity

Vann's comments were made at a press call on Tuesday, a day before the White House announced President Joe Biden's plan to put $20 billion toward strengthening cybersecurity in maritime infrastructure, using funds from the $1 trillion bipartisan infrastructure deal passed in 2021.

Port operators with ZPMC cranes will be asked to address specific software and hardware vulnerabilities, according to the White House. Officials declined to disclose further details on the cybersecurity requirements.

Vann said the directive was based on the prevalence of China-manufactured cranes "and threat intelligence related to PRC's interests in disrupting U.S. critical infrastructure."

A Chinese government spokesperson previously described the U.S. concerns as misleading and "complete paranoia." Its Foreign Ministry did not immediately respond to a written request for comment.

ZPMC, or Shanghai Zhenhua Heavy Industries Co., delivers its cranes fully assembled and supports their operations with Chinese engineers on site. Port operators say the equipment is of good quality and relatively inexpensive compared with that built by rival firms in the West.

The company's representatives in the U.S. did not return an email seeking comment.

"Right now, America's ports employ 31 million Americans, contribute $5.4 trillion to our economy, and are the main domestic point of entry for cargo entering the United States," Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said at the press call.

Biden's plan to phase out China-made port equipment will see crane production return to American shores for the first time in 30 years, she said, with part of the investment going toward a U.S. subsidiary of Japanese gantry crane maker Mitsui.

Neuberger told reporters the Biden administration was not exploring a "rip and replace" approach to the China-made cranes at U.S. ports. She and other officials did not elaborate on the existence of any timeline.

Classified and unclassified government studies suggest sophisticated crane sensors and the data they process could expose information linked to U.S. troop deployment, sustainment and logistics.

Vann said there are more than 200 China-made cranes at U.S. ports and other facilities.

"Our Coast Guard cyber protection teams have assessed cybersecurity or hunted for threats, as of today, on 92 of those cranes," he said.

Vann did not say whether the U.S. saw any evidence pointing to the cranes having been accessed by an adversary in the past, and did not specify how the machines might be exploited in the future.

In a post on X, formerly Twitter, Rahm Emanuel, the U.S. ambassador to Tokyo, said the new cybersecurity measures would "protect ourselves from Chinese malware."

"Chinese cyber forces are attacking water, electricity, and other critical infrastructure in the USA, Europe, and countries in the Indo-Pacific," Emanuel said on Thursday. "The new measures are a recognition that secure infrastructure requires trusted partners, like Japan."