Italy, the Marghera Port Paradox: Green Chinese Cranes, Cyber Risk, and the Urgency of National Security - OSINT

Although the Chinese company has always denied the cyber threat, the arrival of ZPMC cranes reopens international alarm over the CCP's cyber “Trojan horse.”

The current geopolitical and security scenario sees the maritime sector emerging as a crucial battleground for strategic competition, particularly with the People's Republic of China (PRC) and its state-owned enterprises. The imminent arrival of new Chinese-made yard cranes (E-RTGs) at the Vecon-PSA Venice terminal in Porto Marghera (Venice) perfectly crystallizes this dilemma, placing Italy in a paradoxical situation where sustainability and efficiency objectives clash with documented national security risks, cyber espionage risks, and potential sabotage linked to the supplier Shanghai Zhenhua Heavy Industries (ZPMC).

PSA Italy and the arrival in Marghera

PSA Italy's investment in the Porto Marghera terminal is significant for the modernization and sustainability of the Venetian port, a strategic hub for the Adriatic.

• Value and Purpose. The purchase has a total value of 8.5 million euros and the cranes, expected to be operational by 2026, represent a "technological leap" and a "clear signal of the commitment to sustainability and innovation" by PSA Venice-Vecon. The new 100% electric units will replace the current diesel units, significantly increasing yard capacity, improving operational performance (including container delivery times), and reducing emissions.

• Strategic Context. This intervention is the culmination of the first tranche of strategic investments planned as part of the commitment of over 80 million euros announced during the renewal of the concession in June 2023. Related interventions include the commissioning of four new Reach Stackers (in 2024) and two more arriving in 2025, the resurfacing and asphalting of the yard, and the creation of new Reefer Racks with an increase of 96 reefer plugs for refrigerated cargo storage.

• The Chinese Shipment. The cranes were custom-designed and built for the Port of Marghera terminal by ZPMC. They sailed from the port of Shanghai aboard the ship Zhen Hua 35, which is navigating through the Indian Ocean. The journey, lasting over two months, includes calls in Morocco and Genoa before reaching Venice/Port Marghera, with arrival anticipated in the last week of December.

The paradox is that while Italy takes a commendable step toward a greener and high-performing port industry, it entrusts its critical maritime infrastructure to a supplier – ZPMC – that is at the center of a joint investigation by the U.S. Congress and an international alert for national security vulnerabilities and potential espionage.

ZPMC: the “Trojan horse” in Western ports?

The supplier of the Marghera cranes, Shanghai Zhenhua Heavy Industries (ZPMC), is a Chinese state-owned company with alleged close ties to the Chinese Communist Party (CCP) and the People's Liberation Army (PLA). Its cranes (known as “ship-to-shore cranes” or “yard cranes”) are considered the most vulnerable technological platform for cyber infiltration and sabotage.

The Shocking Revelations of the U.S. Investigation

In March 2024, the House Homeland Security Committee and the Select Committee on the Chinese Communist Party (along with other subcommittees) sent a formal letter to ZPMC, demanding immediate answers following disturbing findings from their investigation.

• Clandestine Equipment. The investigation discovered cellular modems installed on crane components in a U.S. port. In another port, a cellular modem was even found in the server room housing the cranes' network equipment and firewall.

• No Contract. These communication devices were not part of any contracts for the equipment, nor could port officials determine the reason for their installation. Port personnel who traveled to China to inspect the cranes noted that the modems were already installed.

• The Remote Threat. The nature of the cellular modems, which can be used for remote communication and accessed remotely, fuels fears that the cranes could be used as "Trojan horses" or a pre-positioned data collection network, capable of tracking and recording the origin and destination of containers.

• Risk of Economic Sabotage. House Homeland Security Committee Chairman Mark Green stated that the vulnerabilities found could allow the CCP not only to undermine commercial competitors through espionage but also to disrupt supply chains and cargo handling, devastating the nation's economy.

• Market Dominance. ZPMC accounts for nearly 80% of the ship-to-shore (STS) cranes in use at U.S. maritime ports, confirming a dangerous technological dependency on the CCP-controlled company.

Supply Chain Vulnerability and ABB's Role

Security concerns extend to the component supply chain, which also involves Western companies, highlighting a structural vulnerability.

• ABB Under Scrutiny. The Swiss company ABB Ltd was investigated by the U.S. Committees due to its commercial relationship with ZPMC. Many of the critical operating components manufactured by ABB are shipped to the PRC, where they are stored for several months and subsequently installed on the port equipment by ZPMC engineers prior to delivery to the United States.

• Potential Conflict of Interest. The investigation sought to determine whether ABB's commercial ties to ZPMC and its ongoing work for U.S. government agencies involved in defense and intelligence could pose a potential conflict of interest or expose U.S. agencies to foreign intelligence risks.

 ZPMC's Position and the European Alarm

• Official Denial. On March 12, 2024, Zhenhua Heavy Industries issued a statement categorically denying the cyber threat posed by its cranes in U.S. ports, claiming its cranes do not entail any cyber risk and that reports are misleading the public.

• Alarm in the EU. As early as March 16, 2023, the alarm was not limited to the U.S. A European Parliament question (E-000894/2023) raised concerns that ZPMC cranes were also used in the European Union, citing the example of the Port of Rotterdam. The question highlighted how this appeared to be yet another instance of equipment produced by Chinese state-owned companies infiltrating crucial EU infrastructure, asking the Commission what measures it intended to take.

International Countermeasures

The US Department of Transportation - Maritime Administration (MARAD) issued notice 2025-006, highlighting the risks of ZPMC, LOGINK, and Nuctech scanners. It provided specific guidelines for operators of Chinese-made cranes:

• Cyber Segmentation. Improve segmentation between the crane network and other port systems.

• Remote Access Control. Require the use of multi-factor authentication (MFA) for remote access.

• On-site Updates. Require vendor updates to be completed via physical on-site visits, discouraging remote updates.

• Physical Security. Keep onboard devices (PLCs, network devices) in locked cabinets and allow access only to authorized and supervised personnel.

Chinese Infiltration of Critical Italian Infrastructure: Layered Risks

The Porto Marghera episode could be part of a broader Chinese strategy that uses “civil-military fusion” to transform civilian infrastructure into platforms for espionage or sabotage.

Maritime and Logistics Sector

• COSCO Shipping. China's COSCO Shipping Italy operates extensively in major Italian ports, including Genoa, Vado, La Spezia, Livorno, Naples, Trieste, Bari, and Catania. Control or significant influence over port operations can be exploited for information gathering or logistical support in the event of a crisis.

• LOGINK in Italy. The Chinese integrated logistics data platform LOGINK, accused of expanding the CCP's global influence and collecting sensitive data, has a presence in Italy in the ports of La Spezia and Marina di Carrara.

• CCCC in Trieste. A cooperation agreement was signed in 2019 between the Port of Trieste and CCCC, the same parent company of ZPMC, already blacklisted by the US for its military ties.

Energy Sector and Supply Chains

• Hardware Vulnerability. A similar alarm to that raised for cranes concerns renewable energy components: clandestine communication devices (cellular radios) have been discovered in Chinese-made solar inverters and batteries in Europe and the United States. These devices would allow remote access for data collection or the deactivation of electrical networks.

• Ming Yang and Taranto/Brindisi. Ming Yang Smart Energy, a Chinese wind turbine manufacturer with ties to the PLA and the CCP, plans to open a wind turbine plant in Taranto and a cable manufacturing site in Brindisi, cities that are crucial to the activities of the Italian Navy and NATO.

• CDP Reti. The State Grid Corporation of China (SGCC), a Chinese state-owned company, holds a 35% stake in CDP Reti, an investment vehicle that manages holdings in Snam (gas pipelines) and Terna (power lines), giving it a "soft veto" over strategic decisions.

Technology

• Nuctech Scanners. Notice 2025-006 from the US Department of Transportation's Maritime Administration (MARAD), valid for the threat of "adversarial foreign technological, physical, and cyber influence," specifically mentions the security risks associated with Chinese-made Nuctech scanners (used for security inspection), which have potential access to critical cargo information and network vulnerabilities.

Italian Repositioning: From BRI to Cybersecurity

Italy has undertaken a recalibration of its foreign and security policy toward China:

• Post-BRI Strategy. Withdrawal from the Belt and Road Initiative (BRI) agreement in December 2023 marked a turn toward a "constructive disengagement" strategy. The goal is to maintain economic engagement while strengthening vigilance and resilience against strong technological and supply dependency on China.

• Anti-Chinese restrictions on cyber procurement: incentives introduced for cyber technologies from EU and NATO countries in public procurement. This is provided for in a Prime Ministerial Decree signed by Undersecretary Alfredo Mantovano and published in the Official Gazette last May to curb the penetration of Russian and Chinese technologies.

• 5G Shielding (October 2025). The Italian government took a crucial step in digital defense by including 4G and 5G mobile networks among the sensitive technologies protected by the National Cyber Security Perimeter. This act establishes a clear preference for suppliers from EU, NATO, or Atlantic partners, effectively reducing dependency on high-risk extra-European actors, primarily China. This move strengthens the Atlantic axis and Italian digital sovereignty.

• Pervasive Hybrid Threat. Analysis of the Italian strategic context highlights the persistence of multiple risks: from industrial espionage (elite capture) and the presence of alleged Chinese "overseas police stations" (undermining national sovereignty and implementing transnational repression) to the vulnerability inherent in hardware components in the supply chain (such as solar inverters or batteries) which could conceal clandestine communication devices.

Conclusions and Mitigation: The Urgency of Resilience

The arrival of the ZPMC cranes in Port Marghera is a concrete and current reminder of Chinese penetration into one of the most vital infrastructures for the Italian economy and security. The investment, while commendable for its environmental objectives, makes the Venetian terminal part of a global network of at-risk equipment, documented by U.S. investigations and EU alarms.

It is imperative that Italy adopts and rigorously enforces the internationally suggested mitigation measures, including:

1. In-Depth Hardware Inspection. Conducting a meticulous physical and forensic inspection of the cranes upon arrival to identify and remove any unauthorized communication components (such as cellular modems) before they become operational.

2. Cyber Segmentation. Ensuring total separation (segmentation) of the cranes' network (Operational Technology - OT) from the business network (IT) and broader port control systems.

3. Restriction of Remote Access. Limiting remote access (tele-assistance) to strictly necessary cases and with continuous monitoring of outgoing traffic, prioritizing software updates completed exclusively via physical on-site visits by authorized personnel.

4. Strengthening Governance. Fully utilizing special powers (Golden Power) not only for investments but also for critical infrastructure supply contracts, ensuring that national security prevails over the acquisition cost.

In the absence of a rapid and rigorous implementation of these countermeasures, Italy will continue to provide the CCP with an easy means to infiltrate its critical infrastructure in its pursuit of global dominance, leaving its economic and digital sovereignty vulnerable to the potential for espionage and sabotage.