Biden Administration Proposes Ban on Chinese Vehicles and Russian Tech for Autonomous Vehicles on U.S. Roads

  • By Joseph M. Saunders
  • Oct 01, 2024

Citing increasing national security concerns, the U.S. Commerce Department has proposed a ban on new vehicle software originating within China or Russia, and includes software within the supply chain. The ban, if approved, would take effect in 2027 for new internet-connected vehicles sold for use on U.S. public roads, including cars, trucks, and buses. It would exclude vehicles not used on public roads such as those for agriculture.

A second proposed rule would ban imports and sales of vehicles with automated driving hardware created in China or Russia. This ban would go into effect for the 2030 model year or January 2029. Such a delay gives the U.S. vehicle industry time to remove any prohibited software and hardware and also to find suitable replacements.

The two proposals are now in a 30-day review period. A final draft of each will be available at the end of the year, 2024, and, if enacted, in place by January 20, 2025.

According to Reuters, the U.S. Commerce Department said the rule would amount to a ban on all vehicles manufactured in China yet it would allow Chinese automakers to seek "specific authorizations" for exemptions. Also, European manufacturers who use software from China or Russia could also apply for exemptions although the criteria for those exemptions is not currently available.

The Issue
The U.S. concern with software originating from China and Russia consists of two parts.

There is concern about personal data flowing back to either China or Russia regarding vehicle use within the United States. This includes data around geolocation, such as places of employment, childrens’ schools, or medical services, as well as any payments used within the vehicle for third-party services within the vehicle such as Spotify. In certain scenarios, cellular services could also be accessed remotely, as in vehicle-to-vehicle (V2V) or vehicle-to-infrastructure (V2I) 5G communications.

Secondly, there is concern about remote access and/or software backdoors. A scenario might be that with remote access, someone in China or Russia could cripple or otherwise completely disable a fleet of vehicles on roads within the United States. If all the vehicles from a brand suddenly stop on the road at the same time, nationwide, it would pose an immediate threat to the drivers and also to the vehicles around them. This would of course require a certain critical mass of drivers to adopt the vehicles first in order to pose a genuine national threat. Hence the ban was proposed.

In a statement, Commerce Department’s Gina Raimondo said it’s important to have the ban in place "before suppliers, automakers and car components linked to China or Russia become commonplace and widespread ... We're not going to wait until our roads are filled with cars and the risk is extremely significant."

Software Bans Already In Place
Such a national security ban on software origin has already been used by the Biden Administration. This summer, the US banned the sale of Moscow-based Kaspersky Antivirus products and any future updates to its existing customers, citing national security concerns. The US Department of Commerce said that Kaspersky's software could be used to identify sensitive data and make it available to Russian government officials. The company has denied such allegations but has agreed to leave the US market.

Both China and Russia have implemented their own bans mandating that all enterprises in their countries use only domestically produced software, including operating systems. This move effectively eliminates competition from Google, Adobe, and Microsoft in those markets.

This new vehicle software and hardware ban, if enacted, would prohibit importing or selling systems designed, developed, manufactured, or supplied by vendors with close connection to China or Russia. The vehicle software and hardware ban would also apply to imports and sales of vehicles using those countries' connectivity features such as Bluetooth, cellular, satellite, and Wi-Fi.

It’s uncertain how the proposed regulations would affect certain automakers like Volvo, which is primarily owned by the Chinese conglomerate Geely Holding. Volvo has an assembly plant for its worldwide distribution in Chengdu province, China. Also, as noted, European automakers may also be affected, and may also need to apply for exemptions.

One way for U.S. vehicle manufacturers to know the pedigree of its software supply chain is to use Software Bills of Materials (SBOMs). SBOMs are used to show individual components and version numbers within a software binary. Additionally, the software used in hardware (firmware) would also need its own SBOM. By knowing the components of a binary, an OEM can be assured that it is not incorporating prohibited software.

About the Author

Joseph M. Saunders is Founder & CEO, RunSafe Security.

Featured

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events

  • Meeting Modern Demands

    Door hardware and access control continue to be at the forefront of innovation within the security industry, continuously evolving to meet the dynamic needs of commercial spaces. Read Now

  • Leveraging IoT and Open Platform VMS for a Connected Future

    The evolution of urban environments is being reshaped by the convergence of Internet of Things (IoT) technology and open platform VMS. As cities worldwide grapple with growing populations and increasing operational complexities, these integrated technologies are emerging as powerful tools for creating more livable, efficient, and secure urban spaces. Read Now

Most   Popular

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.