What do cargo cranes, drones and undersea cables have in common? This isn’t a trick question. All three have significant intersections with Chinese businesses, and all three could be considered critical infrastructure elements that has got our Congress worried. And while normally I wouldn’t highlight the fear mongering (we have enough of that, especially lately), this seems to merit some attention.

A joint Congressional report was released this week which focuses on Shanghai Zhenhua Heavy Industries, a Chinese company which accounts for roughly 80% of the ship-to-shore port cranes operational in the US, and 70% of the worldwide port cranes. These are those huge structures that take cargo off and on container ships. What has got Congress worried is that the cranes are fitted with cellular modems which may have remote software installed. Much of the control systems used by these cranes is subcontracted to industrial suppliers such as ABB and Siemens. However, their gear is shipped to Shanghai and installed by the Chinese before the crane is sent to the ultimate port destination. The investigation found that these companies allow for their gear to be sitting in China for long periods of time outside of their operational control. As you might have guessed, there are no US-based crane manufacturers.

The report cites that more than a dozen software vulnerabilities from SZHI have been reported to American but not Chinese security regulators, saying that it could be a potential national cybersecurity issue.

Let’s move on to drones. The U.S. House of Representatives voted on Monday to bar new drones from Chinese drone manufacturer DJI from operating in the United States, one of a series of measures aimed at China that lawmakers are considering this week. The bill, which still needs to be approved by the Senate before it could become law, would prohibit the company’s products from operating on U.S. communications infrastructure. It would not prevent existing DJI drones from operating in the United States. DJI has 80% of the US drone market share and 54% of the global drone market. Again, one motivation for this proposed ban is the potential for data collection from their operation. Another is the recent fears about Tik Tok data ownership.

Finally, Tom’s Hardware reports that the US and EU are working on a draft statement about undersea communications cable ownership. The proposed language would intentionally exclude Chinese ownership and ask member countries to only consider “trusted suppliers from allied countries,” and require cable operators to have supply chain and data security measures in place, along with more transparent ownership documentation. The lofty proposed language doesn’t specify any enforcement mechanisms, however. The cable market is not yet dominated by any Chinese supplier and is quite competitive. The major US supplier is SubCom.  You might have guessed that here the US dominates in terms of cable ownership, with Google, Amazon, Microsoft and Facebook/Meta owning or leasing at least half of all undersea bandwidth. I am not sure whether FAANG or China would be more of an issue to our regulators.

It is hard to sort out the technology issues from the political, something we have seen with the various Tik Tok screeds. it is clear that figuring out what is happening, understanding the extent of Chinese market control, and understanding whether insidious remote control software is actually present or could be present is a difficult lift.