Chinese-manufactured cargo cranes are sounding alarm bells in D.C. about state-backed espionage and cyber threats.

Why it matters: Many China hawks now believe that Beijing holds the power to knock out most of the U.S.'s cargo cranes — potentially disrupting the global trade of consumer goods, military equipment and other resources.

Driving the news: A new congressional investigation found that China-based Shanghai Zhenhua Heavy Industries, or ZPMC, installed cellular modems onto cranes operating at certain U.S. ports — creating a backdoor for easy information collection and nation-state spying.

• The yearslong investigation — conducted by the House Select Committee on the Chinese Communist Party and the House Homeland Security Committee — also showed that ZPMC has "repeatedly requested remote access to its [ship-to-shore] cranes operating at various U.S. ports."
• The committees worked with port administrators, tech vendors, cybersecurity specialists, equipment manufacturers, various U.S. military branches and key federal government agencies on the probe.

The big picture: ZPMC cranes account for nearly 80% of all cargo cranes at American ports, according to Congress.

• ZPMC doesn't face much competition. The U.S. doesn't have a homegrown alternative, and competitors across Europe offer similar cranes for much higher costs.

Threat level: If China does invade Taiwan in the next few years, officials highly anticipate Beijing will do anything it can to impede the U.S.'s ability to ship military equipment to the region.

Zoom in: Lawmakers found that the modems — which connected to Linux computers on port cranes — were not necessary for the cranes' operation and created "an obscure method to collect information and bypass firewalls."

• That level of access could be manipulated to disrupt operations at ports, the congressional report added, and port technicians believed the modems were supposed to be used only for diagnostic purposes.
• The modems were installed even if they weren't part of installation contracts and after administrators declined them at the time of purchase, per the report.
• The report also concluded that ZPMC is a subsidiary of a major Chinese construction company that provides equipment to help militarize the South China Sea.
• ZPMC USA did not respond to a request for comment.

Between the lines: Fears about a Chinese invasion of Taiwan have spurred lawmakers and national security officials to reexamine Beijing's potential influence over U.S. critical infrastructure.

• U.S. officials warned lawmakers in January of an ongoing hacking campaign that shows China's willingness to shut down American infrastructure and incite societal panic — especially if there's an invasion.
• Earlier this year, President Joe Biden signed an executive order that gave the U.S. Coast Guard new powers to toughen cybersecurity at U.S. shipping ports.
• The Federal Communications Commission has banned sales of Huawei and ZTE telecommunications devices in the U.S. due to similar concerns.

What they're saying: "We kind of sold our soul here," Egon Rinderer, chief technology officer at Shift5 and a former cryptologic technician at the U.S. Navy, told Axios.

• "Now, we have a real predicament because our critical infrastructure that allows us to move goods and material is incredibly vulnerable."

Yes, but: Rinderer argued that resolving the ZPMC security threat may not have to be as involved as ripping out every single crane.

• Cargo cranes aren't super technologically sophisticated, and it's possible the U.S. government could develop a patch to block a malicious backdoor.
• "We've done that with DJI drones," he said. "[Cranes], despite their size and cost, are much simpler than a drone even."

What we're watching: Congress urged the Coast Guard to provide guidance for all U.S. ports on how to disconnect any suspicious modems found on ZPMC cargo cranes.

• The report also suggested a Department of Commerce study on how to build and support a U.S. crane manufacturing base and on how to enhance competition among port construction companies.

OpenAI said Monday that CEO Sam Altman is leaving the board's safety and security committee, which will now be fully composed of independent board members.

Why it matters: Critics had questioned how well the committee could serve as a check on the company's practices if its CEO was part of the committee.

Driving the news: OpenAI said the safety and security committee will now be chaired by Zico Kolter, director of the machine learning department at Carnegie Mellon University.

• Other members include Quora CEO Adam D'Angelo, retired U.S. Army General and former NSA chief Paul Nakasone, and former Sony general counsel Nicole Seligman.
• OpenAI said that the committee will be briefed on major models and that it — together with the full board — has the authority to delay the release of a new model.
• The company noted that the new committee reviewed the safety of the recent o1 model, aka Strawberry, which was rated "medium risk" under the company's internal assessment.
• OpenAI also said it is working to adopt committee recommendations for greater transparency and collaboration with outside groups and to unify its security practices across a growing number of product teams.

The big picture: OpenAI created the committee in May, following a series of departures of employees who had expressed safety concerns. It followed up in June by adding Nakasone to the board.

@ D.C.

🇷🇺 The Biden administration declassified new evidence that Russian state media network RT is fully integrated into Russia's intelligence operations. (CNN)

⚠️ The Cybersecurity and Infrastructure Security Agency is urging federal agencies to either remove or update an end-of-life Ivanti product that hackers are actively targeting. (The Record)

🏛️ The Treasury Department issued additional sanctions against Intellexa, the maker of Predator spyware. (CyberScoop)

@ Industry

🧳 Cisco's latest round of layoffs appears to have affected some members of Talos Security, its threat intelligence and security research unit. (TechCrunch)

🧬 23andMe has agreed to pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the company of failing to protect users' information in last year's data breach. (Reuters)

@ Hackers and hacks

✈️ The Port of Seattle, which operates the city's airport, said that the Rhysida ransomware gang was behind a cyberattack on its operations last month and that the port refused to pay a ransom. (GeekWire)

🇮🇷 The Iranian government pushed a firm to pay a ransom to hackers after a cyberattack on its systems forced banks to shut down cash machines across the nation. (Politico)

🗳️ The FBI and CISA have issued a public service announcement urging people to ignore false claims that a U.S. voter registration database was recently compromised. (BleepingComputer)

Nothing to see here, just another story about jailbreaking ChatGPT to get it to spit out harmful content by telling it you're "playing a game." 🙃