Pump the brakes: National security concerns surround connected cars

Citing national security concerns, the U.S. Department of Commerce has launched an inquiry into the risks of importing connected vehicles from foreign adversaries. “It doesn’t take a lot of imagination to think of how foreign government with access to connected vehicles could pose a serious risk to both our national security and the personal privacy of U.S. citizens,” said U.S. Secretary of Commerce Gina Raimondo.  

These risks extend beyond data privacy concerns. “While we benefit greatly from the shift to a more digital and connected world, those connections create new avenues for espionage and sabotage. We must remain vigilant in identifying and securing those vulnerabilities, including potential vulnerabilities present in connected vehicles,” said Undersecretary for Industry and Security Alan Estevez. 

In the future, connected vehicles may be able to communicate with smart cities to optimize traffic management or with other connected vehicles to enhance road safety. However, that means that connected vehicles represent a vulnerable endpoint that could be leveraged as an attack vector.

Hackers could target the vehicle’s control systems themselves, creating serious safety issues for the American public. Furthermore, these vehicles are essentially giant sensors capturing data from everywhere they travel, including military bases and other critical infrastructure locations. If Americans were alarmed by the Chinese spy balloon freely traveling across the country, they should be very concerned about the quality and quantity of the data that millions of Chinese-made connected vehicles could collect.

These risks are neither a paper tiger of alarmism nor a stalking horse of protectionism. There is an established pattern of abuse that demonstrates the Chinese Communist Party is willing and able to conduct espionage by exerting its influence on technology.

Blurred lines: data privacy vs. surveillance

As a baseline, there are numerous examples of CCP interference that raise data privacy concerns. For example, Huawei, a leading global provider of telecommunications equipment and consumer electronics, has been at the center of numerous controversies, with the U.S. government expressing concern that Huawei’s involvement in 5G networks could pose a security risk.

With vehicles increasingly becoming data collection points, there is a legitimate concern that sensitive personal information could be transmitted to servers under the jurisdiction of the CCP, raising national security red flags. With the increasing prevalence of machine learning and AI-powered data mining, the potential value and impact of access to such datasets is huge.

Connected cars "collect large amounts of sensitive data on their drivers and passengers (and) regularly use their cameras and sensors to record detailed information on U.S. infrastructure," the White House said. 

"China's policies could flood our market with its vehicles, posing risks to our national security," said President Joe Biden.

However, there seems to be some misunderstanding in the marketplace of ideas that concerns about the CCP’s influence on technology is limited to data privacy concerns. Data privacy is just the tip of the iceberg. The reality is much more nefarious as malware, backdoors and vulnerabilities could make their way into connected cars.

Cybersecurity risks: backdoors, malware, and vulnerabilities

Cybersecurity risks associated with Chinese-manufactured technology is a topic of concern globally, including allegations of backdoors, vulnerabilities, and pre-installed malware. These critical issues can lead to unauthorized access, data breaches, espionage, and other security threats. 

Huawei has faced allegations of installing backdoors in its equipment that could allow unauthorized access to sensitive information or networks. The U.S. and several other countries have banned or restricted Huawei equipment in critical infrastructure over national security concerns.

“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” FBI Director Christopher Wray told the House Select Committee on the CCP.

The bigger picture: supply chain risks

The Department of Commerce’s investigation into connected vehicles is emblematic of a larger issue concerning supply chain risks associated with Chinese manufacturers. The global dependency on Chinese manufacturing, coupled with China’s opaque regulatory environment and the CCP’s control over private and state-owned enterprises, exacerbates the risk of intellectual capital theft, espionage, and sabotage. 

This extends to the realm of critical infrastructure protection, where the proliferation of connected technologies introduces new vectors for attacks that could cripple vital national systems. Integrating connected vehicles into the broader ecosystem of the Internet of Things presents a unique set of challenges for safeguarding critical infrastructure. 

Breaking the cycle 

There is a pattern emerging as Congress moves to consider forcing a sale of TikTok, the popular social media app owned by the Chinese company ByteDance. The protection of consumer data is just one tactic of a larger national security strategy. It is important not to lose sight of the bigger picture, in which the CCP is keen to “reshape an international system it sees as unfairly stacked in favor or the United States and its allies.”

Consider the American Security Drone Act of 2023, which prohibits federal agencies and federally funded programs from purchasing or using drones manufactured in countries that are viewed as threats to U.S. national security. This regulation was introduced after Chinese-manufactured drones already swarmed the U.S. market. Perhaps the Biden administration can avoid this situation from happening again with connected vehicles by acting proactively.