Connected Vehicles: Final Rule Made Against Hidden Security Risks
A new U.S. rule addresses security risks in connected vehicles, focusing on vulnerable systems linked to China and Russia in order to safeguard national safety.
Vincent ShakirJanuary 15, 20253 Mins read698
New Rule Protects U.S. Security in Connected Vehicles
What the Connected Vehicles Rule Does
The Department of Commerce has created a new rule aiming to protect U.S. national security. The rule focuses on connected vehicles that use advanced technologies. Some of these technologies come from foreign countries like China and Russia. The government sees these countries as serious risks to safety and infrastructure.
This rule takes effect 60 days after it is published tomorrow, January 16, 2025. It was developed by the Bureau of Industry and Security (BIS).
Technologies Covered by the Connected Vehicles Rule
The rule targets specific vehicle technologies. It bans certain transactions involving Vehicle Connectivity System (VCS) hardware and Automated Driving System (ADS) software. These technologies include telematics units, cellular modems, and advanced automation tools. They make vehicles smarter and more efficient. But they also open doors for hackers and other risks.
The rule focuses on technologies linked to China and Russia. The government worries these countries could use these tools to harm the U.S. For example, they could gather private data or take control of vehicles.
Major Security Risks
The rule addresses three key risks. These are:
- Data Theft: Hackers could steal personal and vehicle information.
- Remote Control: Cybercriminals might take over vehicles. This could harm drivers and disrupt critical infrastructure.
- Malware Spread: Vehicles could spread harmful software to other systems.
These risks are tied to the growing use of technology in vehicles. The rule is part of a larger effort to protect the ICTS supply chain, outlined in Executive Order 13873.
Why Commercial Vehicles Are Not Included in the Final Rule
Focus on Passenger Vehicles
The new rule does not apply to commercial vehicles. BIS chose to focus only on passenger vehicles for now. They believe passenger vehicles present the most immediate risks. Public comments helped shape this decision. Many people pointed out that passenger and commercial vehicles are very different.
Key Differences in Commercial Vehicles
Commercial vehicles are used in different ways. They rely on unique technologies and have separate supply chains. These vehicles also have their own regulatory rules. In many cases, they are less likely to store personal user data. This can mean lower risks for sensitive information being compromised. Including both types of vehicles in the same rule could make it harder to enforce.
Plans for a Future Rule
BIS understands that commercial vehicles still face risks. These vehicles are using more connected technologies than ever. Systems like telematics and fleet management tools could be targeted by hackers. BIS plans to address these risks with a new rule. This future rule will focus only on commercial vehicles.
Benefits of Separate Rules
By separating the rules, BIS can focus on each type of vehicle more effectively. This approach helps them protect the public without creating unnecessary challenges for industries. It also allows time to hear from businesses and experts about their concerns.
Balancing Safety and Industry Needs
BIS believes this is the best way to handle the risks. The decision shows their commitment to balancing safety with industry needs. By taking these steps, they aim to protect both passenger and commercial vehicles.
Exemptions and Business Requirements
Some transactions are exempt under this rule. For example, parts for warranty repairs are allowed if they are for vehicles from before 2030. However, companies must still follow strict guidelines.
Businesses need to submit annual Declarations of Conformity. These reports confirm they are following the rule. Companies must also keep detailed records. This includes lists of the hardware and software used in their vehicles.
Connected Vehicles Rule Changes Based on Industry Feedback
BIS adjusted the rule after listening to public comments. Many in the auto industry said the original plan was too broad. They worried it could create problems and increase costs. In response, BIS narrowed its focus. It now only regulates certain technologies, like VCS and ADS. The agency also added exemptions to reduce the burden on businesses.
Even with these changes, the risks remain high. BIS says the new rule is necessary to protect U.S. security.
Impact on the Auto Industry
This rule will have a big impact on automakers. Companies that rely on global supply chains will need to make changes. They must ensure their technologies comply with the new rules. This might increase costs and require new processes.
The government is also considering new rules for commercial vehicles. These could address similar security issues.
Importance of the Connected Vehicles Rule
Connected vehicles are becoming more common. They offer many benefits but also bring new risks. The Department of Commerce created this rule to address these threats. It aims to protect national security and keep people safe.
