May 9 (Reuters) - China's CRRC plans to bid on a big Washington D.C. subway project as it doubles down on a charm campaign in the United States to quash a rising chorus of critics who have cast the rail car maker as a threat to cyber security and U.S. industry.
The world's largest maker of passenger trains has roared into the U.S. market in recent years, clinching contracts in Boston, Philadelphia, Chicago and Los Angeles by underbidding rivals - including Canada's Bombardier - by hundreds of millions of dollars.
It plans to bid this month on the D.C. Metro rail car contract, worth more than $500 million, Dave Smolensky, a spokesman for the company's Chicago-based CRRC Sifang subsidiary told Reuters. And it has also set its sights on winning an order to supply 1,500 cars as part of New York City's massive subway system upgrade, according to an industry source familiar with the matter.
While there are no U.S. passenger-car builders, CRRC's success has fueled a backlash by American freight companies, which fear the company will encroach on the country's far bigger freight car market. Raising questions about whether China could spy on passengers if CRRC gets the D.C. project, the freight lobby helped U.S. lawmakers craft a bill that would prevent transit agencies from spending federal dollars on projects awarded to the firm.
While some experts have described the purported cyber threat as fear mongering, CRRC is taking steps to counter those concerns, telling Reuters it plans to hire a new lobbyist, engage a cyber security adviser and host an industry summit to explore tougher cyber regulations and take a critical look at its own protocols.
The upcoming bid and charm offensive show how some China-based companies have not been deterred in their quest to grow U.S. market share, despite an ongoing trade war between the two countries and growing concerns about Chinese technology's spying capabilities.
"We want to take this time to say, "Hey, we are willing to sit around the table with you, we want to demonstrate...there are no vulnerabilities in what we provide you," said Lydia Rivera, a spokeswoman for CRRC's Massachusetts unit.
The U.S. Department of Justice has been aggressively pursuing cases of Chinese espionage, elevating the issue to front page news and creating a fresh rationale to oppose CRRC's bid for Washington D.C.'s 8000-series car tender in the military and intelligence hub of the United States.
The Rail Security Alliance, a freight lobbying group made up of manufacturers, suppliers, and steel workers, formed three and a half years ago to oppose CRRC's rapid expansion in the U.S. passenger rail market.
When trains become driverless in the near future, "you are going to have...the ability to control it from here or Beijing or wherever," said RSA lobbyist Erik Olson.
If CRRC won the contract, he added, it could also track the movements of members of Congress and intelligence officials, and steal user data if WIFI is installed.
Some transport industry and cyber security experts reject many of Olson's concerns. Robert Puentes, president of the Eno Center for Transportation, said strong transit agency oversight means it would be very hard for "even the most sophisticated espionage" to work for CRRC, adding that it was unclear why the company would seek to spy on passengers.
"It is kind of a straw man," he said.
As long as the cars do not communicate with the manufacturer, there would be no risk of remote control, beyond the normal hacking risk that comes with offering Wifi, said James Lewis, Director of the Technology Policy Program at think tank CSIS.
"If you are going to spy on somebody would you really use a metro car?" he asked.
"The Chinese government is not trustworthy and that is part of why we are going through all this," he added, noting that CRRC used predatory pricing to hurt its rivals, which "is different from cybersecurity."
Bombardier, which benefits from a joint-venture with CRRC in China, has lost out to the Chinese giant in Chicago, but recently beat the company for a separate order in New Jersey.
"We welcome the competition, but we’re not going to lie down and let anyone take our market," Bombardier Transportation President Danny Di Perna told Reuters last week.
Facing public fears of their trains being hacked, Washington's metro agency WMATA updated its tender in February to beef up cyber security requirements.
Meanwhile, CRRC says it uses non-Chinese suppliers, including Alstom, Siemens and Ansaldo STS for sensitive technology such as the Automatic Train Control Systems safety feature for U.S. models.
Still, CRRC may pose a bigger economic risk if it does make a foray into the U.S. freight market. Australia saw its domestic freight industry obliterated a decade after CRRC arrived.
RSA's influence may be growing. A measure last year to keep cities from allocating federal funds for rail projects led by Chinese companies failed. But Republican Senator John Cornyn of Texas, where freight company and RSA-member Trinity Industries is based, has proposed a similar bill again this year.
Last month, Atlanta transit agency MARTA passed over CRRC to award a 127 car project to Switzerland’s Stadler, after RSA visited them twice.
The bill's passage is far from guaranteed in a deeply divided Congress, where some legislators support CRRC for its affordable trains and local factories with American workers.
"Even though there are these alarms that folks have set off about national and economic security, there is a flip side to it," said Puentes. "It is a major cost saver and a good value for these procurements for these cities around the country." (Editing by Chris Sanders and Edward Tobin)