Smart-vehicle manufacturers are grappling with a new hurdle in their supply chains as the US Department of Commerce gears up to implement fresh regulations that would bar the import of connected-vehicle technology from China and Russia due to cybersecurity apprehensions. The proposed restrictions are aimed at addressing the national security concerns raised by President Biden, who has expressed worries about the overdependence of the United States on China for information and communications technology and services.
According to the new rules set forth by the Commerce Department, companies and their suppliers are required to remove any hardware or software imported from China or Russia in their vehicle connectivity system (VCS) or automated driving system (ADS). This move has been triggered by two primary concerns: the potential vulnerabilities that could allow malicious actors to implant a backdoor in automotive technology, and the issue of data collection on American drivers through diagnostic features and other mechanisms. Yoav Levy, CEO and co-founder of Upstream, a leading automotive cybersecurity provider, highlighted the importance of addressing these concerns, emphasizing the possibility of cars being hacked and data being compromised.
As the automotive industry embraces software-defined vehicles (SDVs), there is growing apprehension about the increased cyberattack surface of automobiles. Traditionally, vehicle manufacturers utilized multiple platforms for their different models, leading to a surge in the number of electronic control units (ECUs). However, the recent chip shortage caused by the pandemic has slowed down the transition to new platforms. Nonetheless, companies like Rivian are already streamlining their ECUs, reducing the count significantly in their second-generation vehicles.
The decision to ban technology imports from China and impose sanctions on Russia is not unprecedented, as the US government has previously raised concerns about various Chinese-made products such as telecommunications equipment, cargo equipment at US seaports, home routers, and popular social media apps. With the final rule explicitly prohibiting transactions involving VCS hardware and covered software linked to China or Russia, concerns linger about the enforcement of these regulations and the coordination between different government agencies.
Experts foresee a significant impact on the automotive supply chain, particularly for Tier 1 OEMs who source components from suppliers that, in turn, rely on Chinese companies for their offerings. This regulatory shift is expected to prompt carmakers to reconsider their supplier relationships as they pivot towards software-defined vehicles. While the transition to alternative supply sources will take time, the Biden administration has allowed a grace period for compliance to ensure a smooth transition.
Replacing suppliers and adhering to the new regulations will pose challenges for automotive manufacturers, as Levy pointed out the financial implications and technical adjustments that may be required. As the industry navigates through these changes, stakeholders are urged to prioritize cybersecurity and compliance to safeguard connected vehicles and data privacy.