New US Regulations Heighten Cybersecurity Concerns for Smart Vehicles

The US Department of Commerce is introducing new regulations aimed at strengthening cybersecurity in the automotive industry by banning the import of connected-vehicle technology from China and Russia. This move is part of a broader effort to safeguard U.S. national security and protect sensitive data from potential foreign adversaries.

At the heart of the regulations is the growing concern over cybersecurity vulnerabilities in modern vehicles. As cars become more connected and automated, they are increasingly at risk of cyberattacks. The new rules require that vehicle connectivity systems (VCS) and automated driving systems (ADS) be free of hardware or software sourced from China or Russia. This is in response to fears that foreign adversaries could exploit these technologies to gain unauthorized access to sensitive data or even manipulate vehicle functions remotely.

Cybersecurity experts have long warned that the growing complexity of connected vehicles increases the potential attack surface. With more vehicles becoming software-defined, relying on centralized systems rather than traditional hardware, the number of entry points for malicious actors also rises. Vehicles today often include hundreds of electronic control units (ECUs) that manage various aspects of the vehicle’s functionality, from engine performance to safety features. The risk is compounded by the use of components from countries with strained geopolitical relations, such as China.