These technologies, which are meant to promote safety, now pose “new and growing threats,” according to the White House.
The White House announced on Sept. 23 a proposed ban on connected vehicle technologies in the United States from “countries of concern,” particularly communist China, citing a national security threat.
Connected vehicle technology refers to short-range communications that enable cars to “sense” nearby objects and exchange information with other nearby vehicles. This includes Bluetooth, cellular, satellite, Wi-Fi modules, and automated driving systems.
These technologies, which are meant to promote safety, now pose “new and growing threats,” according to the White House.
“These technologies include computer systems that control vehicle movement and collect sensitive driver and passenger data as well as cameras and sensors that enable automated driving systems and record detailed information about American infrastructure,” the White House announcement reads.
The concern is that a foreign adversary could remotely control these vehicles or use them for surveillance and data collection purposes. The Commerce Department has concluded that location technologies could be used to capture information about or disrupt critical infrastructure.
“When foreign adversaries build software to make a vehicle, that means it can be used for surveillance, can be remotely controlled, which threatens the privacy and safety of Americans on the road,” Commerce Secretary Gina Raimondo said at a press briefing on Sept. 23
“In an extreme situation, a foreign adversary could shut down or take control of all their vehicles operating in the United States all at the same time, causing crashes, blocking roads.”
White House national security adviser Jake Sullivan highlighted the scale of the risk.
“With potentially millions of vehicles on the road, each with 10- to 15-year lifespans, the risk of disruption and sabotage increases dramatically,” Sullivan told the same briefing.
The United States now considers the Chinese Communist Party (CCP) to be its top cybersecurity threat, and the intelligence community has revealed in public hearings in recent years the extent to which the CCP has conducted ongoing cyberattacks on the United States.
The Commerce Department has identified certain Chinese and Russian technologies used in connected vehicles that pose “particularly acute threats” and is currently working on a rule to ban the import or sale of cars with “systems designed, developed, manufactured, or supplied by entities with a sufficient nexus to the PRC [People’s Republic of China] or Russia.”
The department began collecting public comments on the issue on March 1 as part of its assessment of the risk level of these technologies. If the rule is finalized, the software ban would take effect beginning with model year 2027 cars, and the hardware prohibitions would take effect for model year 2030 cars, or on Jan. 1, 2029 for units without a model year, according to the White House. Car manufacturers told the bureau that they often do not know the source of specific component suppliers, and the delayed implementation schedule is meant to give manufacturers time to do due diligence.
The Alliance for Automotive Innovation—a group representing major automakers such as GM, Toyota, Hyundai, and Volkswagen—warned that changing software and hardware could take time. The Commerce Department is considering exemptions for the final rule to minimize supply chain disruptions.
Under this new rule, Ford would have to halt imports of the Lincoln Nautilus and GM the Buick Envision, both produced in China.
“We anticipate at this point that any vehicle that is manufactured in China and sold in the U.S. would fall within the prohibitions,” said Liz Cannon, who heads the Commerce Department’s information and communications technology office. GM and Ford are aware, she added, that, going forward, production in China for the United States market “would need to be shut down in China and moved elsewhere.”
This proposed ban follows the Biden administration’s recent tariff hike for Chinese electric vehicles (EVs) from 25 percent to 100 percent. Initially proposed in May, the new tariff rate will take effect at the end of this week and is seen as preemptive as the United States currently imports few Chinese EVs.
While China exports few cars to the United States, it exports many car parts.
The Coalition for Reimagined Mobility, which includes industry executives and private and public sector leaders in technology, wrote in a letter addressed to the Commerce Department that Chinese suppliers “dominate the production of many essential components” for connected vehicles.
“In 2023, Mexico was the largest auto parts supplier to the United States, with China ranking third, but China was also the second-largest auto parts supplier for Mexico,” the letter reads. “Most Chinese companies are Tier-2 and Tier-3 suppliers but are steadily expanding their market share as Chinese car exports increase globally and progress towards manufacturing more technologically advanced components.”
The European Union recently completed an investigation that concluded that the CCP had subsidized the Chinese EV industry to the point of oversupply, resulting in cars being dumped at below-market prices, unbalancing the global market.
These state-influenced lower prices, part of the CCP’s Made in China 2025 initiative, have helped Chinese manufacturers gain a foothold in the global supply chain, affecting the connected vehicle market as well.
Ouster, an American LiDAR (light detection and ranging) company, pointed out that the leading LiDAR suppliers are U.S. and Chinese companies and that the products made by Chinese firms sell at an average price of $600 to $800 versus an average price of $800 to $1,000 for non-Chinese suppliers. Leading Chinese LiDAR suppliers include Hesai, Seyond, Livox, and RoboSense, according to stock exchange information.
Yole Group, a technology market analyst, reported that Chinese LiDAR manufacturers controlled 73 percent of the market in 2022.
LiDAR technology is both aiding and replacing traditional sensing technologies such as cameras and radar, is able to precisely map the environment in three dimensions, and is accurate to within millimeters in all lighting conditions, according to Ouster.
LiDAR sensors are inherently networked devices, capturing and transmitting a continuous stream of data, typically ranging from 100 to 1,000 megabytes per second, according to Ouster. The LiDAR data is transmitted via an ethernet port to a system or device that is often connected to the internet.
Cepton elaborated on the risks of LiDAR technologies in the wrong hands, such as the interception of LiDAR-collected data during transmission, which might be used for surveillance, tracking, sabotage, or violating privacy.
If data is manipulated during transmission, it could also result in “unsafe driving conditions or even accidents,” as “attacks would attempt to spoof sensor data or jam sensor signals,” according to the Cepton brief.
In the final rule, the Department of Commerce Bureau of Industry and Security is targeting vehicle connectivity systems and automated driving systems, which control the LiDAR technology.
Cybersecurity firm Upstream in its annual report for 2024 found that high-scale cyberattacks doubled in the past year, with 295 attacks on connected vehicles or associated platforms affecting millions of users.