Gallagher, Green Demand Immediate Compliance from DHS Secretary Mayorkas after Failure to Respond to Chinse Crane Inquiry

Letter

Dear Secretary Mayorkas,

The Committee on Homeland Security and the Select Committee on the Strategic Competition between the United States and the Chinese Communist Party (Select Committee on China) (Committees) are conducting oversight of the presence of Chinese software and operational technology in U.S. port infrastructure. This includes software used for cranes, terminal industrial control systems, power systems, and telecommunications equipment.

On April 3, 2023, Members of the Committee on Homeland Security sent a letter to the Department of Homeland Security (DHS) requesting a briefing on DHS' maritime port security responsibilities. The letter, among other requests, asked for documents sufficient to show DHS' efforts to address security vulnerabilities related to the use of Chinese-manufactured cranes at U.S. ports by April 17, 2023. To date, however, DHS has failed to provide a briefing or documentation, and these requests remain outstanding. We seek your immediate compliance.

We remain concerned about the security risks associated with the widespread use of Chinese-manufactured cranes that threaten to undermine our national security, particularly those made by Shanghai Zhenhua Heavy Industries (ZPMC), a Chinese state-owned business whose governing shareholder is China Communications Construction Company. We request additional information on the prevalence of such equipment and technology at U.S. ports and DHS actions to address the potential national security threats posed by the Chinese Communist Party's (CCP) use of this technology in U.S. port infrastructure.

ZPMC has operated under the umbrella of the Chinese state since its conception and has rapidly grown to be the dominant global manufacturer of ship-to-shore cranes. Today, ZPMC controls around 70 percent of the global market share for cranes and accounts for nearly 80 percent of the ship-to-shore cranes in use at U.S. ports, posing significant risk to U.S. homeland security. These security risks include cyberattacks, espionage, and supply chain vulnerabilities due to the shared software and interconnectivity among ZPMC cranes operating at our nation's ports. According to the Wall Street Journal, "[s]ome national-security and Pentagon officials have compared ship-to-shore cranes made by the China-based manufacturer, ZPMC, to a Trojan horse." ZPMC cranes pose a potential risk for intelligence gathering purposes and we find it disconcerting that CCP-backed entities may use their access to ZPMC cranes to target and disrupt our nation's ports in the event of a Chinese invasion of Taiwan.

As stated recently in Politico, "President Joe Biden has committed multiple times to sending U.S. troops to Taiwan in the event of a Chinese invasion, something China would want to stop. This could include targeting the networks of ports on the West Coast, airfields, and other transportation networks that move troops." These transportation networks include our nation's ports, pipelines, and freight railways. As a Co-Sector Risk Management Agency for the Transportation Systems Sector, DHS is responsible for securing these networks and providing response and recovery assistance to impacted entities.

In February 2023, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency, stated that in the event of a Chinese invasion of Taiwan, the CCP may target "multiple U.S. gas pipelines; the mass pollution of our water systems; the hijacking of our telecommunications systems; the crippling of our transportation nodes--all designed to incite chaos and panic across our country . . . ." In testimony before the Committee on Homeland Security on April 27, 2023, Director Easterly emphasized that DHS must be able to help mitigate, recover, and "have the resilience to get our nation back up and running again if there is a major [cyber] attack [from China]". To prepare for potential threats to our critical infrastructure, DHS must assess its current capabilities to combat them, and make clear to Congress what resources and authorities DHS may need to do so.

Given the security risks associated with the extensive use of Chinese-manufactured cranes that threaten to undermine our national security and to assist the Committees with their oversight of operational technology in U.S. port infrastructure, please provide a full production in response to the April 3, 2023 Committee on Homeland Security letter, and the following documents and information as soon as possible, but no later than 5:00 p.m. on May 24, 2023:

1. All documents and communications, including but not limited to memoranda, intelligence bulletins, threat assessments, and briefing materials referring or relating to ZPMC and/or any other Chinese-based crane manufacturer for the period of January 1, 2000, to the present;

2. All documents sufficient to describe the steps DHS has taken to identify, assess, and mitigate the risks associated with Chinese software and operational technology in U.S. ports;

3. All documents sufficient to describe any existing DHS collaborations or partnerships with private sector entities, state and local governments, and international partners to address the issue of Chinese software and operational technology in U.S. ports;

4. All documents sufficient to describe any training or education initiatives provided to DHS personnel, state and local governments, and private sector entities to identify and respond to the risks associated with Chinese software and operational technology in U.S. ports;

5. All documents sufficient to describe any and all outreach efforts made to foreign allies and partners to raise awareness about the risks of Chinese software and operational technology in their ports;

6. All documents listing any and all known or suspected incidents of cyber-attacks or espionage linked to Chinese software and operational technology in U.S. ports from January 1, 2000, to the present;

7. All documents sufficient to show an analysis of the potential long-term consequences of continued reliance on Chinese software and operational technology in U.S. port infrastructure and any potential threats to U.S. national security posed by the presence of Chinese software and operational technology in U.S. ports;

8. All documents sufficient to describe how DHS coordinates with other federal agencies, such as the Department of Commerce, the Department of Defense, and the Committee on Foreign Investment in the United States (CFIUS), to address the issue of Chinese software and operational technology in U.S. ports; and

9. All documents sufficient to describe ongoing research and development initiatives within DHS or in collaboration with external partners, aimed at creating secure alternatives to Chinese software and operational technology in U.S. ports.

Additionally, please provide a staff-level briefing to the committees as soon as possible, but no later than May 31, 2023.

Source