Originally published in The Age

The US government has moved to ban Chinese software and hardware from its roads, with the Albanese government now under pressure from Nationals MP Barnaby Joyce to follow suit as questions remain over the degree to which Australia’s electric vehicles are susceptible to cyberattacks.

We’re used to our databases being hacked, along with our personal devices such as our smartphones, computers and tablets, but can our EVs be hacked in the same way?

EVs have surged in popularity over the past 12 months in particular, with Chinese manufacturers, including the likes of BYD, XPeng, GAC Motor and Aion, producing vehicles that are often more affordable and just as technically impressive as those from Western companies such as Tesla or Volkswagen.

The advent of EVs, spurred on by these Chinese companies, has brought some concerns, chiefly around charging infrastructure, range anxiety (a vehicle’s ability to reach its destination) and durability. But the Biden government’s move to ban Chinese car technology has thrown up murkier, more vexed questions around cybersecurity and geopolitics.

Electric vehicles are essentially computers on wheels, and hackers could theoretically take over critical functions such as steering or disable a car entirely. Smart cars have dozens, or in some cases hundreds, of sensors that can collect data on the occupants of the car and the surrounding environment, including key infrastructure.

The Biden administration said last week its ban followed a lengthy investigation into the issue, centred on concerns about data collected by connected Chinese vehicles and the potential for foreign manipulation of connected vehicles.

“With potentially millions of vehicles on the road, each with 10- to 15-year lifespans the risk of disruption and sabotage increases dramatically,” White House national security adviser Jake Sullivan told journalists.

On Sunday, Joyce, a former party leader and opposition frontbencher, also warned about the potential for “complete and utter chaos” that could be caused if it were possible for a state such as China to remotely control or shut down electric vehicles. He questioned why Climate Change Minister Chris Bowen had ruled out a ban on Chinese EVs, despite the United States recently introducing one.

Following Israel’s use of exploding pagers to attack Hezbollah operatives in Lebanon, Joyce said “the penny dropped for so many people that there is a capacity remotely to create massive pain, massive hurt”.

“People have got to start asking the questions like, if you can update the software, if you can track these vehicles, if they’re made in China, if there was a malevolent purpose behind it from a totalitarian state, what might be the consequences of that?” he said on Sky News on Sunday morning.

“God forbid there was ever a war, but if there was, it would start basically online and in space. Within those two things, you could create complete and utter chaos,” he said.

However, opposition transport spokeswoman Bridget McKenzie said “we won’t be banning EVs”.

The US proposal would ban Chinese software in 2027 and then hardware in 2029. Beijing has responded by urging the US to “stop overstretching the concept of national security, stop its discriminatory suppression of Chinese companies and uphold an open, fair and non-discriminatory business environment”.

This is an issue that may affect nearly all new Chinese car models sold in Australia: most released now are considered “connected” with onboard network hardware for internet access, which shares data with devices inside and outside the vehicle.

The Albanese government is watching closely, and Alastair MacGibbon, co-founder of Australia’s largest cybersecurity firm CyberCX, is urging our government to quickly follow suit.

“When you strip back the concerns of the US government this is not about whether something is manufactured in China, but whether it requires a constant connection with China to function,” MacGibbon says.

“China is a surveillance state that conducts information gathering on people and organisations outside of China to advance its own interests. China has form in this area – last year the UK government discovered a tracking device in a Chinese-made component of a government vehicle.”

Such a move to ban an entire country’s technological infrastructure wouldn’t be unprecedented in Australia. The Gillard government banned Huawei from building infrastructure underpinning the National Broadband Network in 2012, and the Turnbull government in 2018 barred the company from constructing Australia’s 5G network.

MacGibbon served as Turnbull’s cybersecurity adviser at the time. He says the decision to ban Huawei from Australia’s 5G hinged on whether a government in a place such as China could direct information to be gathered – or could shut down devices remotely – in a time of conflict.

“Any form of continuous connectivity would notionally allow this,” he says.

“The Australian government has been more forward-leaning on technology in critical infrastructure and used by government, but we haven’t had a mature conversation about threats in consumer devices.

“China’s dominance in connected consumer technology like electric vehicles will only grow, and we will be on the wrong side of history as a country if we don’t act now.”

Tilla Hoja, a China analyst with defence think tank the Australian Strategic Policy Institute (ASPI), agrees, and says the Australian government should never relinquish control of its governing power to foreign actors on something as important as roads.

“The Chinese government rapidly accelerated their sensor manufacturing business in recent years to decouple from Western supply chains. Such technologies often have dual-use capabilities, and have been reported to be feeding Chinese surveillance capabilities,” Hoja says.

“By allowing Chinese-made smart vehicles, you effectively would be allowing Chinese cross-border surveillance capabilities into your country, which might pose a serious national security issue. It would be an extension of the Chinese authoritarian state into Australia, which would threaten our democracy.

“Imagine the situation if the Chinese government could identify a cohort of people based on personal information collected, and then disable them strategically and remotely to cause a national crisis.”

Not everyone is as convinced that a fast blanket ban would be the right option, however.

The Albanese government is right to be concerned about such threats but what to do with them is more complicated when talking about one of Australia’s most important trading partners, according to Gabby Fredkin, head of data and insights at Australian research firm ADAPT.

“While banning certain technology sounds convenient, it’s a blunt instrument with huge economic and political consequences,” Fredkin says.

“The worst-case scenario [cars being disabled remotely] is an extremely remote possibility, though threats to the security of Australian drivers’ data deserve our full attention.”

David Smitherman, chief executive of Australian BYD distributor EVDirect, said in a statement that data was not collected from Australian BYD owners on how they drove or used their vehicle.

“You can drive your BYD independently without the use of the app,” he said. “We want to be really clear about this: BYD does not have the ability to take control of any vehicles sold in Australia, remotely.

“In light of the US viewpoint on Chinese hardware and software in connected vehicles, we echo the general manager’s view insofar that we respect local regulations in every region, but does not detract from our other market growth plans.”

For Fredkin, there are no perfect answers, and our government is in a tough spot.

“A ban is an option, but there’s likely a lot that could be achieved through boosting our own local cyber defences which are still not up to scratch, consultation with businesses about minimising the security implications of this technology locally, and some careful diplomacy.”

Whatever happens next may have an impact on both Australia-China relations, and for which vehicle you pick as your next car.