Professor Christopher Miller testifies at the US–China Economic and Security Review Commission
At the US–China Economic and Security Review Commission, Professor Christopher Miller testified at the hearing on Beijing's Data Strategy on the growing espionage and sabotage risks of connected cars. He suggests that modern automobiles should be seen not just as forms of transportation but as sensor platforms that are gathering, storing, and transmitting a wide variety of data in ways that create espionage and sabotage risks. He also recommends efforts to be taken by the government and automakers to mitigate the risks.
View the full testimony starting at 2:03:00.
View Miller’s full testimony below.
Most people think of cars as the device that gets them to and from their places of work or places they are going, but modern automobiles can’t function without dozens of different types of sensors. Traditionally, most sensors inside of a car were analyzing the car’s own operation, monitoring the engine for example. Over the last decade we’ve seen a proliferation of sensors across cars both to monitor the drivers themselves and to also map the external world. This has brought to the forefront a series of data governance concerns that the automotive industry is not on its own to properly grapple with and requires government action to monitor and address potential risks.
First, I will lay out the types of sensors that we ought to be worried about. We all know that cars have GPS sensors that track location and this alone could be a valuable asset for a foreign adversary. But more interesting are sensors that look inside and outside of cars. Many cars, for example, have camera sensors and audio sensors that monitor the driver, listen to a driver giving voice commands, or notify the driver when it looks like they are no longer paying attention to the road. But, of course, cameras and audio sensors inside of cars could also be valuable sources of intelligence for foreign adversary.
In addition to this there are an increasing number of sensors outside of cars—lidars, cameras, radars, and other sensors that are mapping the external world. This is a very important development. It’s driving the increase in autonomous capabilities in the automotive sector, but it raises questions about where this data is going and who has access to it. I certainly wouldn’t support any limitations on the gathering of this data by companies, but we must ask who has access to the data once it is gathered. It could be useful to a foreign intelligence if they had almost real-time visibility into who was driving by certain type of critical infrastructure, for example.
It’s been reported by some cybersecurity researchers that certain types of automotive cameras not only see the world, but they can identify license plate numbers or have facial recognition; the intelligence capabilities of this data is, I think, increasingly significant as more and more cars are deployed with a larger number of sensors. And just reading the news we see many examples of this type of data being used by different governments around the world for intelligence purposes.
It’s been reported recently that Israel hacked into Iranian traffic cameras to track the movement of senior Iranian leaders. Both Russia and Ukraine are alleged in media reports to have undertaken similar types of cyber attacks against each other. If these countries are doing it, we should assume that China is doing it as well. This raises the question of what are the steps we could take to mitigate against these risks.
It is also worth noting that our European allies as well as Israel have been increasingly taking steps to examine the cybersecurity implications of connected cars and to mitigate against them. They are imposing data protection rules or not allowing certain types of critical components to be sourced from foreign adversaries. It’s been reported, for example, that multiple European governments have advised military personnel not to drive Chinese made cars onto military bases or near military sensitive facilities. China itself over the last several years has restricted where certain American-made cars can drive within China. It’s evidence that Beijing takes seriously this type of risk.
I think it is time we take seriously the espionage implications as well. If the first risk is espionage, the second risk is sabotage. Cars today are increasing software defined, which raises questions on who can update the software. This is important for the operating systems of cars but also for the software that manages the battery—the battery management system.
When I read news headlines about automakers considering joint ventures and partnerships with Chinese battery manufacturers, I think we should be asking questions on who controls the software that dictates how the battery operates. It’s been widely discussed that a compromised battery management system could cause a battery to set on fire. While it sounds extreme to worry about sabotage, it is not difficult to imagine scenarios of which thousands or even millions of cars halting on our streets could be an obvious tool for a foreign adversary and China is certainly considering these capabilities.
Espionage and sabotage risks I think are real and they deserve to be addressed and there are several capabilities we have to begin to address them. The first is an authority called ICTS at the Commerce Department, which has been used in the past couple of years to restrict sourcing of certain components as well as software from Chinese firms for deployment in American automobiles. The “connected car rule,” as this is referred to, is a very targeted measure that only focuses on connectivity equipment relevant for automobiles as well as software written by Chinese providers, and it limits their use in automobiles sold in the United States. This is an important effort and it should be strengthened and expanded in particular by being provided codification for ICTS, which currently has as its legal authority an executive order; I think should be codified by Congress.
Second, we need to think more carefully about encouraging our allies to take similar measures. Just as we face risks, so too do our allies and many of our allies have more Chinese cars on their roads than we do. That’s true in Europe. That’s true in Australia. It could soon be true in Canada. These countries are becoming increasingly reliant on Chinese cars.
In sum, I think we must take the risk of the data collected by automotive components seriously. We must also take seriously the risk that if we are sourcing key components and key software from China that this presents both a significant risk of both espionage and sabotage.