The US Commerce Department on Monday will propose a ban on the sale or import of smart vehicles that use specific Chinese or Russian technology because of national security concerns, according to US officials.
A US government investigation that began in February found a range of national security risks from embedded software and hardware from China and Russia in US vehicles, including the possibility of remote sabotage by hacking and the collection of personal data on drivers, Secretary of Commerce Gina Raimondo told reporters Sunday in a conference call.
“In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads,” she said.
My guess is that Russia just got stuffed in there due to the whole invading Ukraine thing getting them generally attached to China on “bad guys” lists, but the thing doesn’t just restrict vehicles where final assembly was done in Russia, but also where components or software came from Russia. And that is probably a more-realistic concern.
In past years:
One incident had the German navy, including their submarines, using navigation software out of Russia.
https://ukdefencejournal.org.uk/german-sub-navigation-system-russian-controlled/
I looked at that. Navi-Sailor also links directly to radar (so touches external radios directly), provides remote management and diagnostic and security services. It also deals with military map formats that can store classified information. And, obviously, it’s driving ships. I don’t know precisely how it was installed in Germany’s case, and maybe it was very carefully set up such that that isn’t a concern, but at least for me, that’d be something that I’d be extremely cautious about.
Another had British submarine work being done using software subcontracted out to companies in Belarus and Russia.
https://kyivindependent.com/telegraph-uk-nuclear-submarine-it-system-belarus/
And those were both dealing with military hardware, where you’d think that the manufacturers would be a lot more careful than with civilian stuff.
I think that stuff like that has maybe started governments taking a closer look at what supply chains look like and what might be vulnerable.
That’s fair. I wasn’t really thinking about how many times you can add “sub” in front of “contractor”. Though it seems like the defense industry should really have a better handle on who’s building their stuff.