About a year ago a Polish rail equipment supplier brought a lawsuit over a locomotive because it was serviced by a third-party, and the service was enabled by jailbreaking software in the locomotive.

Surveillance tech in products doesn't necessarily imply grey zone warfare. But that doesn't make it a good thing either.

The European champion would still be ten times smaller than the Chinese but would have factual monopoly in Europe. I don’t think blocking the merger was entirely unreasonable.

The west is too lax on some of these officials. People like this should be thoroughly investigated. China is flagrantly breaking the rules of the WTO that the west has set up, having state backed companies, and these people are either purposefully or unintentionally undermining the west's efforts to fight back.

Why do we even have 'private' train companies again?

Logistics in war is essential so it’s not a stretch. You can easily extend that line of thought to anything from drones to cars.

China is not a free market and shouldn’t be allowed to compete as if it were.

Did anyone investigate this person to see if she’s being bought by any “Foreign” Gov’t?

> Two major non-Chinese train companies attempted to merge

Siemens (Germany) and Alstom (France)

> It fell down to an anti-monopoly decision by a single person in the EU ministry, who killed the proposal

Margrethe Vestager, the European Commissioner for Competition at the time (2019). At the time of the decision, she said "No Chinese supplier has ever participated in a signaling tender in Europe or delivered a single very high speed train outside China. There is no prospect of Chinese entry in the European market in the foreseeable future." This has since been proven to be a bad prognostication, as China Railway Signal & Communication (CRSC) is actively deploying its ETCS Level 2 signaling system on the Budapest–Beograd railway line in Hungary[1]; and China has delivered trains to Serbia, leased trains to Austria's Westbahn, acquired German locomotive manufacturer Vossloh Locomotives, and participated in a public tender in Bulgaria for electric trains.

She is no longer in that position. She has as of 2024 become "tough on China,"[2] acknowledging mistakes made in the past and touting how "China came to dominate the solar panel industry... and is running the same game now, across strategic industries including electric vehicles, wind turbines and microchips."

She now says Biden's IRA was a mistake, that Europe has been de-industrializing and that is not a good thing, and that Europe has been too afraid to impose tariffs on China out of fear of retaliation from China.

It sounds remarkably similar to the MAGA playbook on trade and re-industrialization.

[1]https://www.railwaygazette.com/infrastructure/china-railway-...

[2]https://www.politico.eu/newsletter/brussels-playbook/vestage...

The problem with "oh, but wait, this merger actually improves competition" is that mergers are a contagion. A large competitor's mere existence creates an economic imperative for more mergers. This happens both horizontally (across multiple firms) and vertically (up and down the supply chain). When you get big, you can start stripping your vendors' and customers' of their profit margin, which means they need to get big to compensate. Even if a merger might have positive competitive effects, it still spreads the contagion. Which is a problem, because anyone who doesn't or can't get big will get fucked. That includes individual consumers and workers.

If the problem is that Chinese companies are shipping train firmware with backdoors, then you need to ban those companies. Problem is, given the Newag situation[0], I don't think they can actually do this at the level of individual procurements. So they need specific EU directives banning this behavior and explicitly adding a process by which procurement can ban suppliers for prior noncompliance. What facilitating an illegal merger will do is reduce the EU's bargaining power with industry, ensuring that we get more backdoored trains and more risk.

[0] Short version: they got caught shipping firmware that bricks the train if you take it to a third-party repair shop, even though the contract specifically mandated Newag provide repair manuals. EU agencies and member states do not have the power to disqualify Newag from future tenders for failing to adhere to prior ones, so they keep winning contracts

Is there really not enough room in the global market for two smaller companies to compete (and win) against CRCC?

I think this is especially not that big a deal considering the national security implications. I expect Norway would contract with a non-Chinese company for bus, rail, everything from now on due to that, regardless of whether or not they are smaller than the CRCC.

Is there a strategy where China could remain a supplier of "lobotomized" hardware? Example: China supplies the trains, but all the silicon must be added after import.

If you are a capitalist, you should be pro-acquisition (i.e. of smaller firms) and anti-merger (for larger firms), because mergers are a form of crony capitalism that leads to reduced product quality and market dysfunction.

    First, merging firms reduce the number of products they sell, with the effects materializing one year after the M&A and accelerating over the next several years.
   
    Second, merging firms tend to  drop and add products at the periphery of their joint product portfolio.
   
    Third, the net effect is an increase in the similarity among the products that firms offer following a merger or acquisition.

This finding has been consistently true since people have started measuring merger outcomes, "we find that each merger is associated with a quality decrease (increase) in markets where the merging firms had (had no) pre-merger competition with each other, and the quality change can have a U-shaped relationship with pre-merger competition intensity. Consumer gains/losses associated with quality changes, which we monetize, are substantial " – https://www.sciencedirect.com/science/article/abs/pii/S01677...

It is doubtful that merging two companies would have improved the EU's capability to compete with Chinese state operators. On the other hand, lowering the capital threshold to create a new entrant would definitely improve the EU's competitive position and capabilities, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=cele...

Can you elaborate on the IP theft stuffs by winning contracts? Just curious how it is done.

So put 70% anti dumping duties (tariffs) on CRCC trains like they did with ebikes?

This will probably get fixed with software audits necessary for compliance under the NIS2 directive. The EU fixed the problem with more regulation and bureaucracy, ensuring that only the big boys can comply. Protect us from China by becoming China?

Honestly I couldn't care less considering how scummy our train making companies are, I'm fine with Chinese selling trains on a loss for pieces of paper. It's their problem if they want to build them and ship them for pennies, their loss.

Our companies meanwhile are all turning in John Deere, and I'm glad the merger was blocked.

The security part, obviously I do care but this article says very little about it.

I mean one way to handle that is to just outright exclude Chinese companies from such bids.

Not sure why there are no specifics, but for anyone interested this seems to the merger that was denied, along with the reasons why it was denied.

https://ec.europa.eu/commission/presscorner/detail/es/ip_19_...

You are, of course, referring to Alstom and Siemens.

"A slap in the face is more effective than ten lectures. It makes you understand very quickly." —Leopold van Sacher-Masoch

Siemens received the slap in the form of Stuxnet. Industrial controls and transport are not the same business unit, but enough of the message got around internally.

I firmly believe Alstom would not be making such garbage today, at least not from a cybersecurity perspective, had this merger gone ahead. And, let's say, I know quite well exactly what type of hot garbage they unfortunately continue to make.

It's a shame.

The fleet management features that lead to the review are documented and were easily disabled.

To me this smells of rather basic economic/political propaganda to scare people. The collective west is clearly getting orders from high above to apply pressure on China and it may just be that this is part of it, spreading an air of concern and fear to dissuade other people who pay attention to this kind of thing in municipalities to avoid Chinese manufacturers. It's rather basic social engineering that has the ham fist of "intelligence" all over it.

Good questions!

If the Chinese wanted to hide anything they'd put SIM chips without markings or eSIMs inside, as opposed to marked SIM cards. What they did is probably obtain a good quote on Romanian SIM subscriptions that work across the EEA. This is clearly FUD, but yes, they should have been more careful as to equip half of their fleet with Chinese buses that call home.

What is even more sad is that not even Swedish regions buy Scania or Volvo busses. Where I live the region just replaced all local busses with BYD.

China is a decade ahead of Scania/Volvo in electric busses. Likely neither had a suitable product on the market when the busses were purchased.

Surprised to learn that Volvo manufactures buses in Sweden considering they're 78% owned by a Chinese conglomerate..

I know for a fact that at least one of those companies also installs SIM cards in all their busses.

The only difference is who could potentially use the backdoor, and yes Sweden seems slightly less poised to attack Norway than China. At least these days. Because, let's face it, the Swedes owned Norway back in the day and them wanting their oil-rich lucky cousin back at home is deranged but not as much as the Chinese wanting the fjords....

No news. They're stuck in courts.

See: https://cyberdefence24.pl/cyberbezpieczenstwo/blokady-w-poci...

Ah, but you see, domestic enshittification and anti-consumer actions are different from the foreign influence boogeyman. \s

It doesn't matter, the point was to get the scare story out.

Maybe not so surprising as Norway summer temp averages get into mid 60s F (18C) at the warmest.

Forget bricking them. How about driving their batteries to overheat? An entire fleet across a city enflamed...

> If these were esims they would be much harder to detect or remove?

It's not clear in the article how exactly they discovered it, but by the text that mentions it, I do get the impression they just came across the SIM ports/cards themselves:

> internal tests at a secure facility found Romanian SIM cards inside the buses

But it could also have been that they put the entire bus in a giant Faraday cage (or similar) and tried to see if it emits anything. If they did that, then eSIM or SIM wouldn't have matter, nor where on the bus it was, they'd eventually see it. But if they just physically came across it, then maybe eSIMs would allow them to place them in less accessible areas. But then maybe that wouldn't matter anyways, if the SIM cards are permanently attached anyways.

Bottom line, hopefully wouldn't have made a difference.

The biggest concern I have is with cheap PC accessories, wireless routers and smarthome equipment. Also solar power inverters with their online tracking apps. In case of war, all of these would be remotely weaponized, IMHO.

Very much on topic:

- https://www.theregister.com/2021/02/12/supermicro_bloomberg_... - https://www.wired.com/story/gigabyte-motherboard-firmware-ba...

Soooo, yeah.

Do you seriously think Apple wouldn’t notice? They’re probably one of the most hated companies in the world, millions are itching to see them fail.

And that other place, with the Cloud act.

Although TSMC might be able to compromise it, Apple's hardware security is good enough that it is very unlikely that any supplier in China can compromise it. All data outside the SOC is encrypted.

It's all the other stuff made in China that is the worry, not the stuff designed by Apple, or Google.

Of course they're compromised, by Apple, to comply with UK law.

Should've been made a thing even since Volkswagen's dieselgate

In China, most of buses in first-tier cities are connected to the internet to report their location and status. This allows you to check the approximate location of the next bus and a relatively accurate arrival time on a map app. It's especially useful in bad weather or traffic congestion , as you don't have to wait in heavy rain or strong winds for a bus with an uncertain arrival time.

Real time position tracking, CCTV streaming/archiving, automatic diagnostics logging, there's many reasons for a modern bus to have wireless data connections and I'd be shocked if most modern buses in the US and Europe don't already have such systems (i know here in Chicago the CCTV feeds can be viewed remotely by staff and most buses have their real time position available via public REST API, though i don't know what tech the buses themselves use to transmit that data)

should US products be banned outside the US because NSA has done all those fancy things and have the capability to do it again?

Glad you asked

1929 – Sino-Soviet Conflict (Chinese Eastern Railway) — ROC authorities moved to seize the CER in Manchuria; the USSR responded militarily. (Initiation: ROC seizure.) 1954–1955 – First Taiwan Strait Crisis — PRC began large-scale shelling of Kinmen/Matsu and amphibious operations (e.g., Yijiangshan). (Initiation: PRC artillery/offensives.) 1958 – Second Taiwan Strait Crisis — PRC opened intense bombardment of Kinmen/Matsu. (Initiation: PRC artillery.) 1962 – Sino-Indian War — PRC launched major offensives in October after a series of frontier incidents. (Initiation: PRC large-scale attack; India calls it unprovoked, PRC says “counter-attack.”) 1967 – Nathu La & Cho La clashes (India border) — Firefights erupted while India was fencing the pass; Chinese forces are generally assessed to have fired first at Nathu La. (Initiation: PRC fire in initial clash.) 1969 – Sino-Soviet Border Conflict — PLA ambushed Soviet troops on Zhenbao/Damansky Island in March; further clashes followed. (Initiation: PRC ambush.) 1974 – Battle of the Paracel Islands (vs South Vietnam) — PLAN/PLA forces expelled RVN units and took full control of the Paracels. (Initiation: PRC naval attack in contested area.) 1979 – Sino-Vietnamese War — PRC invaded northern Vietnam in February. (Initiation: PRC cross-border invasion.) 1984–1989 – Sino-Vietnamese Border War (post-1979 phase) — PRC mounted periodic offensives and artillery duels (e.g., Laoshan/Johnson Mountain). (Initiation: multiple PRC attacks in a protracted conflict.) 1988 – Johnson South Reef Skirmish (Spratlys, vs Vietnam) — PLAN engaged Vietnamese forces and seized the reef. (Initiation: PRC assault during standoff.)

Internal (civil/unification campaigns) 1926–1928 – Northern Expedition — ROC (KMT) launched a national unification war against warlords. (Initiation: ROC campaign.) 1930–1934 – Encirclement Campaigns against the Chinese Soviet — ROC initiated successive large operations against CCP base areas. (Initiation: ROC offensives.) 1949–1950 – Hainan & Zhoushan/Coastal-Islands Campaigns — PRC amphibious operations against ROC-held islands during the civil war endgame. (Initiation: PRC landings.) 1950–1951 – Tibet (Chamdo campaign → occupation) — PLA entered eastern Tibet and compelled the Seventeen-Point Agreement. (Initiation: PRC invasion; PRC frames as “peaceful liberation.”)

This 10 year old article may be of interest if you are into stuff like that: https://illmatics.com/Remote%20Car%20Hacking.pdf

When the next petya-class worm hits, IOT is going to be so very painful.

Personally, I'd like to skip over all of the buildup and go straight to hoverboard mafia pizza delivery.

The life of a repo man is always intense.

100% false.

For obvious reasons, non-CBTC trains are not remotely controllable (CBTC essentially means "remotely driven"). It's all or nothing; either a safety system that inherently accepts the risk, or no way to remotely control the speed, short of fully stopping the train.

If modern cars have been fully remotely controllable for years, why can't police stop often-deadly car chases?

Ditto on air traffic control and small planes; many don't even have in-plane automatic pilots. AFAIK no ultralights ever do.

Most boats are not remotely controllable; even the large container ship that recently damaged a major US bridge didn't.

Can you help me find the mechanism that remotely engages the clutch on my truck?

The issue was the eSIMs identified were not disclosed by Yutong, which clearly falls afoul of procurement and cybersecurity regulations.

I fully agree. If these were buses from any other country, this would not be an issue.

Every road vehicle sold today has a sim card, most for diagnostics, some for remote control.