Biden Administration Proposes Ban on Chinese Vehicles and Russian Tech for Autonomous Vehicles on U.S. Roads

Citing increasing national security concerns, the U.S. Commerce Department has proposed a ban on new vehicle software originating within China or Russia, and includes software within the supply chain. The ban, if approved, would take effect in 2027 for new internet-connected vehicles sold for use on U.S. public roads, including cars, trucks, and buses. It would exclude vehicles not used on public roads such as those for agriculture.

A second proposed rule would ban imports and sales of vehicles with automated driving hardware created in China or Russia. This ban would go into effect for the 2030 model year or January 2029. Such a delay gives the U.S. vehicle industry time to remove any prohibited software and hardware and also to find suitable replacements.

The two proposals are now in a 30-day review period. A final draft of each will be available at the end of the year, 2024, and, if enacted, in place by January 20, 2025.

According to Reuters, the U.S. Commerce Department said the rule would amount to a ban on all vehicles manufactured in China yet it would allow Chinese automakers to seek "specific authorizations" for exemptions. Also, European manufacturers who use software from China or Russia could also apply for exemptions although the criteria for those exemptions is not currently available.

The Issue
The U.S. concern with software originating from China and Russia consists of two parts.

There is concern about personal data flowing back to either China or Russia regarding vehicle use within the United States. This includes data around geolocation, such as places of employment, childrens’ schools, or medical services, as well as any payments used within the vehicle for third-party services within the vehicle such as Spotify. In certain scenarios, cellular services could also be accessed remotely, as in vehicle-to-vehicle (V2V) or vehicle-to-infrastructure (V2I) 5G communications.

Secondly, there is concern about remote access and/or software backdoors. A scenario might be that with remote access, someone in China or Russia could cripple or otherwise completely disable a fleet of vehicles on roads within the United States. If all the vehicles from a brand suddenly stop on the road at the same time, nationwide, it would pose an immediate threat to the drivers and also to the vehicles around them. This would of course require a certain critical mass of drivers to adopt the vehicles first in order to pose a genuine national threat. Hence the ban was proposed.

In a statement, Commerce Department’s Gina Raimondo said it’s important to have the ban in place "before suppliers, automakers and car components linked to China or Russia become commonplace and widespread ... We're not going to wait until our roads are filled with cars and the risk is extremely significant."

Software Bans Already In Place
Such a national security ban on software origin has already been used by the Biden Administration. This summer, the US banned the sale of Moscow-based Kaspersky Antivirus products and any future updates to its existing customers, citing national security concerns. The US Department of Commerce said that Kaspersky's software could be used to identify sensitive data and make it available to Russian government officials. The company has denied such allegations but has agreed to leave the US market.

Both China and Russia have implemented their own bans mandating that all enterprises in their countries use only domestically produced software, including operating systems. This move effectively eliminates competition from Google, Adobe, and Microsoft in those markets.

This new vehicle software and hardware ban, if enacted, would prohibit importing or selling systems designed, developed, manufactured, or supplied by vendors with close connection to China or Russia. The vehicle software and hardware ban would also apply to imports and sales of vehicles using those countries' connectivity features such as Bluetooth, cellular, satellite, and Wi-Fi.

It’s uncertain how the proposed regulations would affect certain automakers like Volvo, which is primarily owned by the Chinese conglomerate Geely Holding. Volvo has an assembly plant for its worldwide distribution in Chengdu province, China. Also, as noted, European automakers may also be affected, and may also need to apply for exemptions.

One way for U.S. vehicle manufacturers to know the pedigree of its software supply chain is to use Software Bills of Materials (SBOMs). SBOMs are used to show individual components and version numbers within a software binary. Additionally, the software used in hardware (firmware) would also need its own SBOM. By knowing the components of a binary, an OEM can be assured that it is not incorporating prohibited software.

About the Author

Joseph M. Saunders is Founder & CEO, RunSafe Security.

Featured

  • Survey Shows Election Anxiety Crosses Party Lines

    New reports of election worker intimidation are raising concerns about election interference. A majority of Americans (71%) are worried about voter intimidation or safety at the polls, and 75% want security cameras at their voting place, according to a new national survey. Read Now

  • 66 Percent of Cybersecurity Pros Say Job Stress is Growing

    Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • Live from GSX 2024: Post-Show Recap

    Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now

    • Industry Events
    • GSX
  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3