
The Department of Commerce’s new rule banning Chinese and Russian components from connected vehicles is already live—and OEMs have until model year 2027 to comply.
That includes signing a Declaration of Conformity stating that your vehicle’s VCS and ADS systems are clean of covered software. The CEO (or their designee) has to sign it. And they’re not just signing a form—they’re taking responsibility.
But what happens when the firmware you get from a supplier is basically a black box?
We built a feature to help with that.
How it Works
The process is simple:
- Upload the firmware binary to the asset in VicOne’s xZeta tool.
- VicOne’s xZeta tool scans the binary and extracts an SBOM—even when the supplier didn’t provide one.
- The system correlates each package with the organization that manages it, including country of origin.
- Based on this data, risks are automatically generated and assigned to your supply chain team for investigation.
- Each risk is mapped to a recommended mitigation pulled directly from our threats and controls database.
It gives you real data—at the software package level—to back up your compliance claims.
Why This Matters
Your suppliers might not know where their code comes from. Or they might not tell you. Either way, this tool gives you a second opinion based on what’s actually in the firmware—not just what someone wrote in a spreadsheet.
It also means your cybersecurity and procurement teams can move faster. Instead of reading a 300-row SBOM and guessing what’s a problem, they can review pre-generated risks with vetted recommendations.
See It in Action
We’ve made two videos to walk through what we built:
- 👉 Feature Walkthrough – shows exactly how the feature works, step-by-step
- 📣 Promo Video – short overview of the problem and how we’re solving it
If you haven’t already read our breakdown of the new rule—including key deadlines and what’s required—you can read that article here.
Stay Connected with Block Harbor
Keep up with the latest in vehicle cybersecurity through our specialized newsletters. Choose the option that best fits your interests and role.
Thank you for your submission!
Read More
Explore more automotive cybersecurity insights from our experts. Discover best practices, case studies, and emerging trends to strengthen your organization's security posture.

Explore how VSOC and PSIRT work together to enhance cybersecurity in connected vehicles—balancing real-time monitoring with long-term vulnerability management.
.png)
As medical devices become more connected, the need for structured cybersecurity grows. This post compares how automotive and healthcare industries handle risk—and how TARA can help medical device makers move from reactive compliance to proactive protection.
.png)
Industrial IoT boosts factory performance but widens the cyber-attack surface. This post shows how a structured Threat Analysis and Risk Assessment (TARA) process, aligned with IEC 62443 security levels, helps asset owners, integrators, and suppliers spot vulnerabilities, set the right protections, and keep production safe and resilient.
Try Block Harbor Today
Start protecting your vehicles with the same platform the world’s best hackers and defenders use.