The US Commerce Department on Monday will propose a ban on the sale or import of smart vehicles that use specific Chinese or Russian technology because of national security concerns, according to US officials.

A US government investigation that began in February found a range of national security risks from embedded software and hardware from China and Russia in US vehicles, including the possibility of remote sabotage by hacking and the collection of personal data on drivers, Secretary of Commerce Gina Raimondo told reporters Sunday in a conference call.

“In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads,” she said.

  • tal
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    3 months ago

    My guess is that Russia just got stuffed in there due to the whole invading Ukraine thing getting them generally attached to China on “bad guys” lists, but the thing doesn’t just restrict vehicles where final assembly was done in Russia, but also where components or software came from Russia. And that is probably a more-realistic concern.

    In past years:

    • One incident had the German navy, including their submarines, using navigation software out of Russia.

      https://ukdefencejournal.org.uk/german-sub-navigation-system-russian-controlled/

      German media has reported that the Russian controlled ‘Navi-Sailor 4100’ has been installed on at least 100 vessels operated by Germany’s military, including the submarine fleet

      I looked at that. Navi-Sailor also links directly to radar (so touches external radios directly), provides remote management and diagnostic and security services. It also deals with military map formats that can store classified information. And, obviously, it’s driving ships. I don’t know precisely how it was installed in Germany’s case, and maybe it was very carefully set up such that that isn’t a concern, but at least for me, that’d be something that I’d be extremely cautious about.

    • Another had British submarine work being done using software subcontracted out to companies in Belarus and Russia.

      https://kyivindependent.com/telegraph-uk-nuclear-submarine-it-system-belarus/

      The Telegraph first reported on Aug. 2 that part of the IT software used by British nuclear submarine engineers had been outsourced to Belarusian developers, one of whom was working from Russia.

      The software was supposed to have been developed solely by U.K.-based IT workers with security clearance. The incident took place before Russia’s full-scale invasion of Ukraine.

    And those were both dealing with military hardware, where you’d think that the manufacturers would be a lot more careful than with civilian stuff.

    I think that stuff like that has maybe started governments taking a closer look at what supply chains look like and what might be vulnerable.

    • AbidanYre@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      That’s fair. I wasn’t really thinking about how many times you can add “sub” in front of “contractor”. Though it seems like the defense industry should really have a better handle on who’s building their stuff.