Citing national security concerns in an escalating trade war, the Biden Administration on Monday proposed a ban on Chinese- and Russian-software in internet-connected cars in the U.S., a move that would effectively remove Chinese vehicles from American roads.

The prohibitions over several years would force U.S. and other major automakers to remove key Chinese software and hardware from vehicles in the United States, as well as extend the ban to vehicle software and hardware produced by Russia and other foreign rivals.

“Cars today have cameras, microphones, GPS tracking and other technologies connected to the internet. It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens,” Commerce Secretary Gina Raimondo said in a statement.

AWS

In a briefing Monday, Raimondo said the department is acting “before suppliers, automakers and car components linked to China or Russia become commonplace and widespread in the U.S. automotive sector… We’re not going to wait until our roads are filled with cars and the risk is extremely significant before we act.”

Software prohibitions would go into effective in the 2027 model year while the hardware ban would be enforced in the 2030 model year or January 2029. The Alliance For Automotive Innovation, a group representing General Motors Co., Toyota Motor Corp., Hyundai Motor Co. and others, has warned such changes will take time.

The Chinese Embassy, meanwhile, has criticized the White House’s planned action. “China urges the U.S. to earnestly abide by market principles and international trade rules, and create a level playing field for companies from all countries,” the embassy said in August. “China will firmly defend its lawful rights and interests.”

Cyber-spying on U.S. drivers and infrastructure via connected cars has been a focus of the Biden administration amid escalating tensions with China and Russia. Earlier this month, the administration imposed a 100% duty on electric vehicles and hikes on EV batteries; in February, the White House ordered an investigation into the potential dangers of internet-linked cars.

The proposal would essentially bar all existing Chinese light-duty cars and trucks from the U.S. market, though it would let Chinese car makers seek “specific authorizations” for exemptions. Almost all of China’s new cars and trucks are considered “connected” with onboard network hardware that allows internet access, allowing them to share data with devices both inside and outside the vehicle.

“With potentially millions of vehicles on the road, each with 10- to 15-year lifespans the risk of disruption and sabotage increases dramatically,” White House National Security Adviser Jake Sullivan said in a briefing Monday.

The potential ban underscores the hazards of an interconnected economy dependent on data, handheld devices and vehicles in the U.S., says Stairwell Chief Executive Mike Wiacek, who previously worked at the National Security Agency, Defense Department and Alphabet Inc.’s Google in various security roles.

“As vehicles become increasingly reliant on sophisticated software, the potential risks of foreign control or exploitation cannot be overstated,” Wiacek said in an email. “Organizations must adopt a resilient, forward-thinking approach to securing not just vehicles but all connected systems, ensuring they remain impervious to infiltration even as new threats emerge.”

Yet in its broad ban proposal, U.S. authorities could also impact American tech companies, security experts warn.

“It’s going to be hard to deal with this in the sense of CarPlay,” Chris Mattmann, president and founder of Mattmann.AI, said in an email. “Imagine CarPlay which is controlled by Apple’s iPhone security policy. This will be difficult to implement, banning Chinese or Russian apps from the iPhone app store. I am not sure that Apple is prepared to do this, and given their privacy stance, they may push back…, so all in all hard to implement this.”

Conversely, John Vecchi, a security strategist at Phosphorus Security, considers it “far-fetched” to have national security concerns over autonomous Chinese and Russian manufactures vehicles when the “reality is that nearly every modern vehicle already operating here in the U.S. is already vulnerable to attack via network-connected IoT Cyber-Physical Systems that provide Bluetooth, cellular, satellite, Wi-Fi and other services to drivers.”

“These existing IoT systems are network-connected computers that can be exploited by most any threat actor, not just Russian and Chinese nation-states,” Vecchi said in an email. “And they are already here and made by U.S., Japanese, Korean, German and many other car manufacturers. Simply jumping to potential Chinese and Russian autonomous vehicles first, without considering cyber-physical attacks on existing vulnerable vehicles seems to be a bit of a red herring.”

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

AI Data Infrastructure Field Day

SHARE THIS STORY

RELATED STORIES