President Donald Trump marked the first 100 days of his second term with a speech touting the accomplishments of his administration. Delivering the address from Michigan, the heart of the American auto industry, the president drew special attention to the challenge of foreign competition and its place in his trade agenda.
Implicitly invoking Ronald Reagan’s successful efforts to induce Japanese automakers to build cars in the U.S., Trump told the crowd at Macomb Community College that he wants foreign automakers to invest in U.S. production again. While the friendly audience mostly applauded this message, one line surely left them confused: Trump’s statement that not only Japanese but Chinese automakers should build cars here.
Finally, a reason to check your email.
Sign up for our free newsletter today.
This was no gaffe. Trump said the same thing last year in more detail on the campaign trail. “I’ll tell [Chinese automakers] if they want to build a plant in Michigan, in Ohio, in South Carolina, they can, using American workers, they can,” he told supporters in March 2024 in Dayton, Ohio.
While the notion of Chinese companies like BYD and Geely Auto setting up shop stateside arguably fits with the president’s goal of balancing trade, the sensitive technological nature of modern vehicles should place it squarely out of bounds. On purely national security grounds, Chinese cars and auto-tech need to stay off American roads.
Cars today are composites of numerous technical systems assembled and structured into a familiar form, but wholly different from the cars of yore. Though Tesla in the U.S. and BYD and Xiaomi in China are most closely associated with the “smartphone on wheels” concept, the operation of virtually all new cars, whether electric or internal combustion, is inextricable from computing elements, which govern everything from ignitions to anti-lock braking systems.
Moreover, much of the software in today’s vehicles comes not from the automakers themselves but from their suppliers, like Germany’s Bosch (which makes engine-control units and driver-assistance systems) and Continental (which makes braking systems and telematics modules). Given the global nature of the automotive supply chain, it’s likely that even American-made Ford F-150s and Chevy Suburbans have at least some Chinese-authored code embedded within them. While that code is probably benign for now, its presence underscores the need for more transparency.
This connectedness makes vehicles vulnerable to hacking, malware, backdoors, and other forms of infiltration. While Trump seems content with the idea of Chinese cars on American roads, he should think twice about giving the green light to Chinese code. China’s state-backed hacking, including of critical systems like utility networks, could be used to target U.S. auto infrastructure given the right motive and opportunity.
People’s Liberation Army planners are known to be fond of shashoujian—“assassin’s mace” weapons—tools designed not to match an adversary’s strength but to bypass it through surprise and asymmetry. A compromised automotive software stack, quietly embedded in a mass-market fleet, could serve as just such a weapon.
Imagine a scenario in which cars on American roads were suddenly bricked like old smartphones or, more subtly, had their navigation systems scrambled. As self-driving features and vehicle-to-infrastructure connectivity proliferate, the tail-risks of attacks like these can only grow.
If this sounds unlikely, consider the technical acumen and reach put on display by Israeli intelligence last year, when it managed remotely to detonate explosives planted within thousands of Hezbollah terrorists’ pagers simultaneously. While different in method, Israel showed how devastating a highly capable and motivated state-actor can be when it finds an entry point into a supply chain. China, indeed, has already proven its capabilities. In February 2024, the FBI revealed that state-backed Chinese hackers had quietly infiltrated critical American energy, water, and transportation infrastructure.
Recognizing that these risks apply to transportation as well, the Bureau of Industry and Security, an agency within the Department of Commerce, issued guidance in October 2024 to keep auto-tech originating from hostile foreign countries off U.S. roads. In January 2025, days before Trump’s inauguration, Commerce issued its final rule on vehicle connectivity and automated driving systems developed in adversarial countries. This rule imposes new obligations on auto-manufacturing and -importing companies.
This is an important step, but the rule fails to address the supply chains of key suppliers like Bosch and Continental. To shore up auto-tech vulnerabilities, Commerce should fully exclude Chinese software from cars sold in America by requiring automakers to divulge what is known as a Software Bill of Materials. SBOMs are audits of a good’s entire software stack, meant to ensure that all components are clean.
SBOMs are standard cybersecurity practice in U.S. government software procurement and in industries like energy and other critical infrastructure. The increasingly technical nature of vehicles demands the same treatment.
By framing China’s new auto-export prowess as a trade issue, President Trump is overlooking more consequential risks. China’s auto industry is not just a competitor in global markets; it is a vector of national security vulnerability. We need to keep Chinese cars off American roads—not because of Chinese subsidies or the threats to American manufacturing jobs, but because technology embedded therein could provide the “assassin’s mace” of PLA dreams.
Photo by Costfoto/NurPhoto via Getty Images
