Officials not concerned about Chinese Yutong buses despite international security fears
Concerns over potential security vulnerabilities in electric buses manufactured by Chinese firm Yutong are escalating internationally, prompting investigations in multiple countries. The scrutiny stems from reports that the company may possess the capability to remotely disable the vehicles, raising questions about potential control and security risks.
International Scrutiny
The issue surfaced following an investigation in Norway last year, which found that Yutong buses could, in theory, be disabled mid-transit via a remote “kill switch,” according to Norway’s public transport authority, Ruter. This finding quickly triggered similar reviews in Denmark and the United Kingdom, with the UK’s Department for Transport working alongside the National Cyber Security Centre to assess the situation, as reported by the Times of London.
Investigations Expand
Most recently, Transport Canberra launched a renewed investigation into its fleet of Yutong electric buses. While the agency previously examined the issue last year and found no immediate vulnerabilities, the recent developments overseas prompted a second look. The UK’s National Cyber Security Centre has stated This proves “technically possible” for the buses to be remotely disabled by Beijing, though there is currently no evidence this has occurred.
Impact on New Zealand
Yutong buses are also in operation in New Zealand, with fleets in Auckland, Christchurch, and Wellington. Public transport operators in these cities have acknowledged the international concerns but have expressed confidence in the safety of their vehicles. Metlink in Wellington operates 14 Yutong buses, including those on its Airport Express service, which are equipped with Yutong sim cards as part of the company’s onboard telematics system, Yutong Vehicle Plus. This system allows Yutong to remotely retrieve data and perform actions like software updates or adjusting air conditioning, though Metlink maintains Yutong lacks the ability to completely disable the buses.
Auckland Transport operates 22 Yutong buses and reports no current security issues. Environment Canterbury, responsible for Christchurch’s Metro bus network, operates 25 older-generation Yutong buses with limited connectivity. Yutong itself has denied the allegations, stating it cannot remotely control its vehicles and operates independently of the Chinese government, adhering to all applicable laws and regulations.
Looking Ahead
If further investigations confirm the potential for remote control, governments and transport authorities could implement stricter regulations regarding vendor access and cybersecurity protocols for public transportation infrastructure. It is also possible that operators may seek to modify existing buses to limit remote access capabilities. However, without conclusive evidence of malicious activity, a complete overhaul of existing fleets seems unlikely. A continued focus on monitoring developments overseas and collaborating with cybersecurity experts is a likely next step for New Zealand authorities.
Frequently Asked Questions
What is the nature of the concern regarding Yutong buses?
The concern centers around a potential “kill switch” capability that could allow remote disabling of the buses, as identified in a Norwegian investigation.
Have any vulnerabilities been found in Yutong buses operating in New Zealand?
Currently, no vulnerabilities have been identified in Yutong buses operating in New Zealand, according to local transport operators. However, investigations are ongoing.
What is Yutong’s response to the allegations?
Yutong denies the allegations, stating it cannot remotely control its vehicles and operates independently, complying with all applicable laws and regulations.
As concerns about cybersecurity and infrastructure vulnerabilities continue to grow, how might public transportation agencies balance the benefits of cost-effective solutions with the need for robust security measures?