• 1 NW OOIDA Drive, Grain Valley, MO 64029 | Subscribe to the Print Magazine for Free

  • Contact Land Line

  • In This Issue:

    • ‘Urgent national security risk’

    March 01, 2025 |

    Citing an “urgent national security risk,” the U.S. Department of Commerce published a final rule on Jan. 16 addressing the import of connected vehicles or components from Russia or the People’s Republic of China.

    The Bureau of Industry and Security said that certain technologies originating from China or Russia present an undue or unacceptable risk to U.S. national security. As of press time, the final rule for passenger vehicles was set to take effect on March 17.

    “Cars today aren’t just steel on wheels – they’re computers,” then-Secretary of Commerce Gina Raimondo said in a news release. “They have cameras, microphones, GPS tracking and other technologies that are connected to the internet. Through this rule, the Commerce Department is taking a necessary step to safeguard U.S. national security and protect Americans’ privacy by keeping foreign adversaries from manipulating these technologies to access sensitive or personal information. This is a targeted approach to ensure we keep People’s Republic of China- and Russian-manufactured technologies off American roads and protect our nation’s connected vehicle supply chains.”

    The final rule prohibits the import of connected vehicle hardware and software from China or Russia. Connected vehicle technology includes such items as telematics control units, Bluetooth, cellular, satellite, Wi-Fi modules and autonomous vehicles. The rule also prohibits manufacturers with a strong connection to China or Russia from selling new connected vehicles in the United States, even if the vehicle was made in the U.S.

    The software-related prohibitions are set to take effect for Model Year 2027. Hardware-related prohibitions are set for Model Year 2030.

    “Mounting evidence of threats … to U.S. critical infrastructure, data security and broader national security necessitates this urgent action by the U.S. government to address the risk of foreign adversary supply chains in the connected vehicles sector,” the Department of Commerce wrote in the final rule.

    The concerns prompted the government to move at a faster pace. The agency first issued an advance notice of proposed rulemaking regarding connected vehicles in March 2024. That was quickly followed by a formal proposal in September. The agency issued a final rule only two-and-a-half months after a comment period ended.

    “It doesn’t take a lot of imagination to think of how foreign government with access to connected vehicles could pose a serious risk to both our national security and the personal privacy of U.S. citizens,” Raimondo said.

    What about commercial motor vehicles?

    The original proposal aimed to address concerns regarding cars, as well as large trucks. However, the final rule applies only to vehicles weighing less than 10,001 pounds.

    The agency determined that “the substantial compliance concerns associated with the complex commercial vehicle sector” require a separate rulemaking.

    That, however, does not mean that the Department of Commerce believes the commercial sector is immune to cybersecurity attacks.

    Rather, the Bureau of Industry and Security said that the security risks associated with commercial vehicles “are grave” and that the agency’s decision to exclude them from this rulemaking “in no way implies that these risks are lesser than in the passenger vehicle market.”

    The agency believes it must propose a separate regulation tailored to the commercial sector. According to the notice, that regulation will arrive “in the coming months.”

    The Owner-Operator Independent Drivers Association, which was supportive of the proposal, criticized the decision to wait before addressing security risks involving heavy-duty trucks and other commercial vehicles.

    “A ‘grave’ national security threat from China and Russia should not be put on the back burner,” OOIDA President Todd Spencer said in a statement. “OOIDA is disappointed with the department’s decision to remove heavy trucks from the scope of its rulemaking on connected vehicles. A separate rule for trucks could delay addressing unacceptable and obvious national security risks posed by foreign-controlled technologies active on some U.S. commercial trucks today. We question the choice to remove heavy trucks when the department, itself, emphasizes the ‘grave’ national security risks associated with Chinese or Russian technology components in these vehicles. We will work with the Bureau of Industry and Security to ensure the future rule thoroughly responds to the public safety challenges of driverless 80,000-pound trucks.”

    Concerns about autonomous trucks, ELDs

    In its comments filed in October 2024, OOIDA told the agency that there needs to be more oversight of autonomous vehicles.

    “OOIDA has raised safety and cybersecurity concerns regarding the development of autonomous vehicles as the technology has been deployed in recent years,” the Association wrote. “We believe this Department of Commerce proposal can help implement necessary federal oversight for autonomous vehicle safety and protect private personal and vehicle information.”

    In addition, OOIDA asked whether electronic logging devices would be covered under the rule.

    “The ELD synchronizes with a vehicle’s engine to automatically record a driver’s off-duty and on-duty time and transfers hours-of-service data to a safety or law enforcement official,” OOIDA wrote. “There was never sufficient research indicating the ELD mandate would improve highway safety, and FMCSA still lacks data demonstrating any positive safety results since its full implementation. In the meantime, the ELD self-certification process has been a major disservice to motor carriers, as faulty and ultimately non-compliant devices have been listed on the agency’s device registry. The ELD mandate, in conjunction with the self-certification process, creates a critical cybersecurity risk, which is notable under the scope of this proposed rulemaking.”

    Research from Colorado State University showed that ELDs are vulnerable to cyberattacks. Researchers were able to hack a truck’s ELD to gain access to the truck’s accelerator and to infect it with malicious malware.

    “The Bureau of Industry and Security should specify whether the rulemaking will apply to ELDs given the intent of the notice of proposed rulemaking to address undue or unacceptable risks to national security and U.S. persons,” OOIDA wrote. LL

    « Previous Page: ‘Restore fairness’ Next Page: Autonomous truck rules under review in six statehouses »

    Get today's trucking headlines delivered straight to your inbox!

    Subscribe
    X