Cyber crime investigators are also involved in seeing whether buses made by Yutong could be vulnerable to interference
UK transport bosses and cyber security teams are to examine whether Chinese-made buses could be ‘controlled’ by their manufacturer. Buses built by Yutong are used in Bristol, Essex, Leicester, Nottingham, South Wales and South Yorkshire, among other locations.
Teams from the National Cyber Security Centre and the Department for Transport are ‘looking into the case’. It comes after an investigation in Norway by Oslo’s public transport service, Ruter, said it found that Yutong buses could theoretically be “stopped or rendered inoperable” by the manufacturer.
After the Norwegian findings, Denmark is also believed to have opened an investigation, reports The Guardian. In its findings, Ruter did not present evidence that Yutong had attempted to control the buses.
It said it would impose “even stricter security requirements in future procurements”, and also stated that, as the buses’ cameras are not connected to the internet, “there is no risk of image or video transmission from the buses”.
A spokesperson for the Department for Transport here in the UK told the Guardian: “We are looking into the case and working closely with the UK’s National Cyber Security Centre to understand the technical basis for the actions taken by the Norwegian and Danish authorities. The department takes security issues extremely seriously and works closely with the intelligence community to understand and mitigate potential risks.”
Yutong began as the Zhengzhou Bus Repair Factory in 1963 in Henan. The company says it has exported nearly 110,000 buses to more than 100 countries, which it says represents more than 10% of the market worldwide.
Ruter ran tests on a brand new Yutong bus from China and a three-year-old VDL from the Netherlands to examine two specific scenarios – surveillance and the Chinese supplier’s digital access to control systems for software updates and diagnostics.
Ruter said: “There is access to the control system for battery and power supply via mobile network through a Romanian sim card. In theory, therefore, this bus can be stopped or rendered inoperable by the manufacturer.”
Ruter’s analysis continued: “The testing revealed risks that we are now taking measures against. National and local authorities have been informed and must assist with additional measures at a national level.”
It said it would now be imposing even stricter security requirements in future procurements., developing firewalls to ensure local control and protect against hacking, collaborating with national and local authorities on clear cybersecurity requirements and exploiting a “technological window of opportunity” before the next generation of buses becomes more integrated and harder to secure.
Ruter said it now “moves from concern to concrete knowledge about how we can implement security systems that protect us against unwanted activity or hacking of the bus’s data systems”.
Yutong has previously told the Sunday Times that it “strictly complies with the applicable laws, regulations and industry standards of the locations where its vehicles operate”.
#Transport #bosses #examine #Chinesemade #buses #controlled #manufacturer
