Biden Administration Proposes Ban on Chinese Vehicles and Russian Tech for Autonomous Vehicles on U.S. Roads

Citing increasing national security concerns, the U.S. Commerce Department has proposed a ban on new vehicle software originating within China or Russia, and includes software within the supply chain. The ban, if approved, would take effect in 2027 for new internet-connected vehicles sold for use on U.S. public roads, including cars, trucks, and buses. It would exclude vehicles not used on public roads such as those for agriculture.

A second proposed rule would ban imports and sales of vehicles with automated driving hardware created in China or Russia. This ban would go into effect for the 2030 model year or January 2029. Such a delay gives the U.S. vehicle industry time to remove any prohibited software and hardware and also to find suitable replacements.

The two proposals are now in a 30-day review period. A final draft of each will be available at the end of the year, 2024, and, if enacted, in place by January 20, 2025.

According to Reuters, the U.S. Commerce Department said the rule would amount to a ban on all vehicles manufactured in China yet it would allow Chinese automakers to seek "specific authorizations" for exemptions. Also, European manufacturers who use software from China or Russia could also apply for exemptions although the criteria for those exemptions is not currently available.

The Issue
The U.S. concern with software originating from China and Russia consists of two parts.

There is concern about personal data flowing back to either China or Russia regarding vehicle use within the United States. This includes data around geolocation, such as places of employment, childrens’ schools, or medical services, as well as any payments used within the vehicle for third-party services within the vehicle such as Spotify. In certain scenarios, cellular services could also be accessed remotely, as in vehicle-to-vehicle (V2V) or vehicle-to-infrastructure (V2I) 5G communications.

Secondly, there is concern about remote access and/or software backdoors. A scenario might be that with remote access, someone in China or Russia could cripple or otherwise completely disable a fleet of vehicles on roads within the United States. If all the vehicles from a brand suddenly stop on the road at the same time, nationwide, it would pose an immediate threat to the drivers and also to the vehicles around them. This would of course require a certain critical mass of drivers to adopt the vehicles first in order to pose a genuine national threat. Hence the ban was proposed.

In a statement, Commerce Department’s Gina Raimondo said it’s important to have the ban in place "before suppliers, automakers and car components linked to China or Russia become commonplace and widespread ... We're not going to wait until our roads are filled with cars and the risk is extremely significant."

Software Bans Already In Place
Such a national security ban on software origin has already been used by the Biden Administration. This summer, the US banned the sale of Moscow-based Kaspersky Antivirus products and any future updates to its existing customers, citing national security concerns. The US Department of Commerce said that Kaspersky's software could be used to identify sensitive data and make it available to Russian government officials. The company has denied such allegations but has agreed to leave the US market.

Both China and Russia have implemented their own bans mandating that all enterprises in their countries use only domestically produced software, including operating systems. This move effectively eliminates competition from Google, Adobe, and Microsoft in those markets.

This new vehicle software and hardware ban, if enacted, would prohibit importing or selling systems designed, developed, manufactured, or supplied by vendors with close connection to China or Russia. The vehicle software and hardware ban would also apply to imports and sales of vehicles using those countries' connectivity features such as Bluetooth, cellular, satellite, and Wi-Fi.

It’s uncertain how the proposed regulations would affect certain automakers like Volvo, which is primarily owned by the Chinese conglomerate Geely Holding. Volvo has an assembly plant for its worldwide distribution in Chengdu province, China. Also, as noted, European automakers may also be affected, and may also need to apply for exemptions.

One way for U.S. vehicle manufacturers to know the pedigree of its software supply chain is to use Software Bills of Materials (SBOMs). SBOMs are used to show individual components and version numbers within a software binary. Additionally, the software used in hardware (firmware) would also need its own SBOM. By knowing the components of a binary, an OEM can be assured that it is not incorporating prohibited software.

About the Author

Joseph M. Saunders is Founder & CEO, RunSafe Security.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.