Cybersecurity concerns are on the rise as Chinese-made electric buses hit Australian roads. But here's where it gets controversial: these buses, manufactured by Yutong Group, have sparked debates over potential vulnerabilities and control by the Chinese Communist Party (CCP).
The issue came to light after Norwegian transport operator Ruter published test results, revealing that Yutong had access to control systems for software updates and diagnostics. This raised alarms, as it theoretically allows for remote manipulation, including turning off the bus.
Yutong's presence in Australia is significant, with over 1,500 vehicles delivered since 2012. However, only a fraction of these are battery-electric, and the company assures that software updates are done physically at service centers, not remotely.
And this is the part most people miss: it's not just about the model of the bus. Cybersecurity expert Alastair MacGibbon highlights that all 'connected' vehicles, especially electric ones, require constant connectivity with manufacturers, granting them access to various devices. This raises questions about control and the potential for degradation or shutdown.
MacGibbon urges the government to consider banning Chinese-made electric vehicles from government use or property, emphasizing the complex relationship with China as our largest trading partner and potential threat.
The Defence Department takes a 'layered approach' to security, involving various personnel and authorities to secure bases. Yutong, for its part, claims to strictly comply with Australian data protection laws and only collects operational data, transmitted directly to an AWS data center in Sydney.
But here's the catch: cybersecurity expert Dennis Desmond remains concerned about the risk these vehicles pose, especially within a national security context. He emphasizes the need for clarity on data collection, transmission, and access before considering their use.
Desmond's concerns extend beyond Chinese-made vehicles, advocating for the full assessment of all imported smart devices in Australia. He believes Australians are often unaware of data collection processes and the potential risks.
So, the question remains: should we be concerned about the cybersecurity implications of these electric buses? And what steps should be taken to ensure national security and personal privacy? Let's discuss in the comments!
