The US government might ban Chinese and Russian car tech

The US administration reckons Chinese companies making connected car tech might pose a threat to its national security. In response, it’s planning on banning them.

The proposed rule – due to undergo further scrutiny before becoming law – would “prohibit the import and sale of vehicles with certain VCS or ADS hardware or software with a nexus to the PRC or Russia".

Vault Connectivity Software (VCS) includes stuff like telematics control units, Bluetooth, cellular, satellite, and Wi-Fi modules. The components of Automated Driving Systems, or ADS, are all about making the move to autonomous vehicles happen. Such components "enable the capture of information about geographies and critical infrastructure".

A 'Fact Sheet' issued by the White House, and (very diplomatically) entitled ‘Protecting America from Connected Vehicle Technology from Countries of Concern’ states that "Chinese automakers are seeking to dominate connected vehicle technologies".

The Fact Sheet goes on to cite both China and Russia as posing ‘particularly acute threats’. The proposed redress is to restrict Chinese- and Russian-supplied components, from 2027 for software and 2030 for hardware.

True, these systems ‘present opportunities for malicious actors’ to take control of the car. But here's the thing about internet security: you don't necessarily need to make or own the component to take control of it and exact your nefarious intentions, if you're smart enough.

As plenty of white-hat hackers (the good guys) will testify, suppliers from non-threatening countries inadvertently leave vulnerabilities in their software for naughty folks to exploit quite a lot of the time. So is the US being a little overzealous? Perhaps not.

The Center for Strategic and International Studies (CSIS) – based in the States – has tracked significant global cyber incidents since 2006. Of the 34 incidents recorded from January 2024, Chinese hackers accounted for six episodes, Russian hackers were identified in 13, while the suspects of eight remain unknown. A further five were from five different other countries.

To be clear, these incidents aren’t solely cyber-attacking the US, but it's clear bad actors in both Russia and China have taken their wars to the web. Only two of those 34 events had a domestic American suspect. US Commerce Secretary Gina Raimondo, said in a statement: “It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens. To address these national security concerns, the Commerce Department is taking targeted, proactive steps to keep PRC and Russian-manufactured technologies off American roads.”

Unsurprisingly, the official folks from Beijing aren’t happy about the news. In a statement, a spokesperson for the Chinese ministry of commerce said: “The US practice has no factual basis, violates the principles of market economy and fair competition, and is a typical protectionist act.

"China urges the United States to stop its wrong practice of generalising national security, immediately revoke the relevant restrictions, and stop its unreasonable suppression of Chinese companies.”

"China will take necessary measures to resolutely safeguard the legitimate rights and interests of Chinese companies," it added.

Elsewhere, BYD UK’s boss Michael Shu recently addressed concerns about the use of data and tracking of European individuals. Shu reassured customers that data wouldn’t leave the continent and cited the non-Chinese companies the software is being linked to provide cloud-connected services without infringing on the more restrictive privacy regs here.