A pair of senators are making a bipartisan argument for launching a nationwide campaign to identify Chinese components in vulnerable critical infrastructure across the United States, especially in the U.S. maritime industry after unusual components were found in port cranes imported from China. 

Sen. Rick Scott, R-Fla., told Just the News on Tuesday that if the United States remains dependent on components from China for running any critical sector in American infrastructure, it could give China the capability to shut them down at will. 

“What would happen if they shut down our electrical grid tomorrow? What would happen … if they shut down our ports tomorrow? Right? If we're buying Chinese products or we are allowing their infrastructure to be part of ours, they're going to have the ability to do that,” Scott said on the Just the News, No Noise TV show.

He unveiled legislation earlier in the day alongside New Jersey Democratic Sen. Andy Kim that would spark a nationwide effort to identify and address foreign cyber threats to America’s maritime and port facilities, especially vulnerabilities to threats from the Chinese Communist Party.   

The bill – the Maritime Cybersecurity Act – will require the U.S. Department of Homeland Security to conduct yearly assessments on the vulnerabilities in the U.S. maritime transportation and commerce infrastructure. 

In recent years, a House investigation uncovered unusual Chinese technological components in port cranes, and U.S. intelligence agencies have warned that Chinese state-backed hackers have burrowed into energy, communications and water infrastructure to lie in wait.

“We’ve got to make sure our grid is safe," Scott also told Just the News. "We've got to make sure everything about this is safe. ... We know that they've already done, you know, had a variety of ways they've hacked into our system.

“So what we're trying to do with the legislation, we have is say, 'OK, how do we make sure we get everybody together to make sure that we don't have China assets in our grid, in our infrastructure?' and then, 'How do we get our federal government to work together?'"

The proposed legislation mandates that facility owners and operators provide yearly disclosures regarding the use of hardware and software that was either manufactured or is operated by a “foreign entity of concern” or a “foreign country of concern,” Just the News reported Tuesday. 

The bill would require operators to formally certify that the systems are safe from cyber threats. In instances where such certification cannot be met, continued operation would hinge upon the issuance of a specific waiver.

“Our nation must be equipped to tackle evolving 21st-century threats," Sen. Kim said in a statement. "Cybersecurity resilience is a critical facet of national security, and this bipartisan bill is a strong first step to ensure we are prepared to address vulnerabilities and stop these threats wherever they are – including at maritime facilities.” 

The bill also directs the Homeland Security Secretary to implement mitigation strategies for any identified vulnerabilities and requires the agency to brief Congress annually on how it plans to mitigate the threats. 

A joint congressional investigation by the House Committee on the Chinese Communist Party and Committee on Homeland Security recently exposed significant security vulnerabilities at American ports involving cargo cranes supplied by a Chinese state-backed manufacturer, sparking concerns about China’s ability to cripple critical infrastructure operations. 

The manufacturer, the Chinese state-backed company Shanghai Zhenhua Heavy Industries (ZPMC), is the dominant manufacturer in the sector, accounting for about 80 percent of the ship-to-shore cranes currently operational at U.S. maritime ports, according to the U.S. Coast Guard. 

The probe uncovered more than a dozen cellular modems installed on crane components and within a port server room—equipment that was both unexpected and undocumented in any existing contracts. Lawmakers and intelligence officials expressed concern that these devices could serve as a back door for remote access, potentially allowing the Chinese Communist Party (CCP) to conduct espionage or disrupt shipping during a crisis.

According to the investigation, one port reported that these modems appeared to have been installed in China during the manufacturing process around 2017 and were subsequently removed in October 2023. These concerns are bolstered by a 2021 incident where the FBI discovered intelligence-gathering equipment on a vessel delivering ZPMC cranes to the Port of Baltimore. 

“ZPMC cranes contain a variety of subcomponents sourced from different countries. Frequently, these subcomponents are assembled and configured within China before being shipped to their final destination. This critical process occurring within China, combined with the requirements placed on SOEs to cooperate with the Chinese government, creates the potential for a supply chain compromise,” the Coast Guard Cyber Command warned in a report. 

“Such a compromise could grant China-affiliated malicious cyber actors remote access to conduct espionage, manipulate, or disrupt US-based cranes,” the service concluded. 

Sen. Scott also separately introduced the Strengthening Cyber Resilience Against State-Sponsored Threats Act to the Senate on Thursday, aiming to establish an inter-agency task force to annually assess threats from Chinese state-sponsored cyber actors. This is the Senate companion of a House bill introduced by Rep. Andy Ogles, R-Tenn., which passed the chamber last November. 

“As the world’s leading digital economy, America has the most to lose in a cyberattack. If we don’t secure our digital infrastructure, hackers could cut power to your house, empty your bank account, or disable life support for a loved one in the hospital,” Scott said in a statement.  

The legislation aims to create mechanisms within the federal government to respond to Chinese hackers' recent efforts to burrow into critical U.S. systems, according to a draft reviewed by Just the News. 

In February 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned that the Chinese state-sponsored cyber group Volt Typhoon had successfully compromised networks in several critical U.S. sectors like communications, energy, transportation systems, and water and wastewater systems. 

Evidence from the Volt Typhoon hack, as well as documented intrusions by the Flax and Salt Typhoon groups, showed that Chinese hackers were “seeking to pre-position” themselves on U.S. networks in order to carry out “disruptive or destructive cyberattacks” in the event of a “major crisis or conflict with the United States,” the agencies concluded. 

The cyber threat, specifically from Chinese-made technology components, has already prompted the Trump administration to take action. 

In March, the Federal Communications Commission took radical action to ban the import of internet routers manufactured in foreign countries, citing the unacceptable security risks posed by Chinese hackers to U.S. critical infrastructure, Just the News previously reported. The FCC specifically cited the Volt, Salt and Flax Typhoon hacks to justify the decision. 

The FCC’s new policy added all foreign-manufactured internet routers to the Covered List, which bans the import of such devices to the United States, but it does not affect previously purchased routers. 

The scrutiny focused on major brands like TP-Link, a Chinese company that is a global leader in networking devices, including routers. While TP-Link’s routers are popular for their affordability and widespread availability, their extensive use in American homes, businesses, and even government networks alarmed lawmakers. 

One fear was that the PRC government could compel Chinese companies, under their national security laws, to install back doors, gather data, or enable sabotage on behalf of the Chinese Communist Party. Under China’s 2015 National Security Law, Chinese companies and citizens must cooperate with the Chinese Communist Party and intelligence agencies. 

In 2024, then-FBI Director Christopher Wray said that Chinese hacking in the United States had “reached something closer to a fever pitch” and warned that China is "poised to attack whenever Beijing decides the time is right.”