The Department of Commerce’s new rule banning Chinese and Russian components from connected vehicles is already live—and OEMs have until model year 2027 to comply.
That includes signing a Declaration of Conformity stating that your vehicle’s VCS and ADS systems are clean of covered software. The CEO (or their designee) has to sign it. And they’re not just signing a form—they’re taking responsibility.
But what happens when the firmware you get from a supplier is basically a black box?
We built a feature to help with that.
How it Works
The process is simple:
- Upload the firmware binary to the asset in VicOne’s xZeta tool.
- VicOne’s xZeta tool scans the binary and extracts an SBOM—even when the supplier didn’t provide one.
- The system correlates each package with the organization that manages it, including country of origin.
- Based on this data, risks are automatically generated and assigned to your supply chain team for investigation.
- Each risk is mapped to a recommended mitigation pulled directly from our threats and controls database.
It gives you real data—at the software package level—to back up your compliance claims.
Why This Matters
Your suppliers might not know where their code comes from. Or they might not tell you. Either way, this tool gives you a second opinion based on what’s actually in the firmware—not just what someone wrote in a spreadsheet.
It also means your cybersecurity and procurement teams can move faster. Instead of reading a 300-row SBOM and guessing what’s a problem, they can review pre-generated risks with vetted recommendations.
See It in Action
We’ve made two videos to walk through what we built:
- 👉 Feature Walkthrough – shows exactly how the feature works, step-by-step
- 📣 Promo Video – short overview of the problem and how we’re solving it
If you haven’t already read our breakdown of the new rule—including key deadlines and what’s required—you can read that article here.
Stay Connected with Block Harbor
Keep up with the latest in vehicle cybersecurity through our specialized newsletters. Choose the option that best fits your interests and role.
Thank you for your submission!
Read More
Explore more automotive cybersecurity insights from our experts. Discover best practices, case studies, and emerging trends to strengthen your organization's security posture.
The Department of Commerce rule banning Chinese and Russian software and hardware in connected vehicles is live and in effect. Automakers and their supply chains have until model year 2027 to comply.
Discover strategies to protect automotive supply chains from cybersecurity threats. Learn how to identify vulnerabilities and implement effective security measures across the vehicle ecosystem.
Understand how security assurance levels guide protection efforts throughout vehicle development. Learn to determine appropriate security controls based on risk assessment.
Understand the differences between fuzz testing and penetration testing for vehicles. Learn when to use each approach and how they complement your security strategy.
Try Block Harbor Today
Start protecting your vehicles with the same platform the world’s best hackers and defenders use.
%201.svg){kind=logo}
