Electric buses have become a key part of modern public transport. They are quieter, cleaner, and more environmentally friendly than traditional diesel buses. To meet climate targets and reduce pollution, many countries have turned to electric buses made in China, which are widely available and cost-effective. However, a recent security review in Norway involving Ruter, a major public transport operator, has raised concerns about how safe the digital systems inside these buses really are.
The concern is not about how the buses drive or how safe they are on the road. Instead, it focuses on software, remote access, and data protection. Modern electric buses rely on digital systems to control batteries, power supply, and performance. These systems are often connected to mobile networks so manufacturers can perform software updates and diagnostics. While this is common in today’s technology, it has also raised questions about control and security.
Ruter, a Norwegian public transport operator, decided to examine its electric bus fleet as part of a broader effort to protect data and reduce security risks. The operator runs more than 100 electric buses made by China’s Yutong Group. To better understand potential issues, it carried out tests comparing a China-made bus with a Dutch bus.
How the Testing Was Done
To ensure reliable results, the tests were conducted in an underground location. This setting helped block outside signals and prevented external interference. Engineers focused on one main question: how much digital access does the manufacturer still have after the bus has been sold and put into daily service?
The findings showed a clear difference between the two buses. The Dutch bus did not allow the manufacturer to send remote software updates. Once delivered, control of its systems stayed entirely with Ruter. The China-made bus supplied by China’s Yutong Group, however, allowed remote access through a mobile network.
Norwegian dam targeted in cyber sabotage, 2 million gallons of water released
The access allowed software updates and diagnostics, and Ruter said China’s Yutong Group retained digital control even after the buses were sold, raising concerns about system oversight.
China’s Yutong Group stated that access to their systems is limited to maintenance purposes, complies with local laws, and utilizes encrypted data stored in Europe. However, Ruter expressed concerns that any remote access could be exploited if security is compromised, leading to caution regarding potential risks.
What the Findings Reveal About Security
The tests confirmed that the buses cannot be driven remotely. This helped ease fears about direct control of vehicles on public roads. Ruter also confirmed that cameras on the buses are not connected to the internet, meaning there is no risk of live video or image transmission.
According to Ruter, a bus could potentially be stopped or rendered unusable through digital commands. While no such action has occurred, the possibility itself was considered a security concern.
News of the findings quickly spread across Europe. Media reports highlighted the issue, and transport authorities in countries such as Denmark and Great Britain began examining their own electric bus fleets, including those supplied by China’s Yutong Group, to see if similar access exists.
Telecom Under Siege: Denmark Raises Cyber Threat Level Over China Espionage Risks
The situation has drawn attention to the wider issue of how foreign-made technology is used in essential public services. It has also raised questions about transparency and responsibility when advanced systems are built and managed across borders.
Actions Taken After the Review
After completing the review, Ruter said it had identified a potential security risk early. Instead of removing the buses from service, Ruter chose to tighten cybersecurity rules. New measures are being prepared to better monitor and control digital access. One possible approach involves delaying incoming digital signals so software updates from China’s Yutong Group can be reviewed before reaching the bus systems.
These steps are designed to prevent unwanted activity and reduce the risk of hacking. They also allow transport operators to better understand what data is being sent and received. This approach reflects a cautious response that balances innovation with security.
China’s Yutong Group has stated that remote diagnostics and updates are standard in the vehicle industry. Similar systems are used in modern cars, trucks, and other forms of transport. However, public transport is treated with extra care because of its importance to daily life and national infrastructure.
The findings have added to an ongoing discussion in Europe about digital safety in public transport. As vehicles become more connected, questions about data access and system control are becoming more important.
This case shows that electric buses are not just about clean energy and lower emissions. They are also part of a larger digital system, where understanding access, control, and security has become a key issue for transport authorities and governments.
