When the Bus Company Can Pull the Plug Norway’s Electric Fleet Faces a Digital Reality Check
News

When the Bus Company Can Pull the Plug: Norway’s Electric Fleet Faces a Digital Reality Check

In the world of electrified public transport, connectivity is king. But as Norway is discovering, the same technology that makes buses smarter, cleaner, and easier to manage can also open the door to a new kind of vulnerability — one that reaches far beyond charging ports and route maps.

Ruter, the largest public transport operator in Norway, recently ran a quiet but revealing test inside a sealed facility. The goal? To probe the cybersecurity of its electric buses. What it found has sparked a nationwide conversation about who really holds the keys — not just to the ignition, but to the entire system.

The Unexpected Passenger: Hidden SIM Cards

Among the buses tested was one built by Yutong, China’s largest bus manufacturer and a major supplier to Norway’s rapidly electrifying fleet. Inside its systems, engineers discovered Romanian SIM cards — components Yutong says are used for remote diagnostics and over-the-air software updates.

Nothing inherently sinister there — Tesla, Volvo, and Mercedes all use similar connectivity tools. But Ruter’s test raised an eyebrow for one crucial reason: those SIM cards give Yutong, at least in theory, the power to remotely access or even disable the buses from thousands of miles away.

So far, Ruter has found no evidence of tampering or misuse. Still, the discovery has rattled nerves in a country where electric buses — roughly 1,300 nationwide, with some 850 built by Yutong — are a cornerstone of the public transit revolution. In Oslo and Akershus alone, around 300 of them carry passengers daily.

From Curiosity to Cybersecurity

We are moving from concern to concrete knowledge,” said Ruter CEO Bernt Reitan Jenssen, describing the shift from speculation to action. The agency has since tightened its cybersecurity protocols, isolating buses from cloud-based systems and removing the SIM cards entirely to ensure full local control.

This isn’t paranoia — it’s prudence. Jenssen made it clear that while the likelihood of an intentional shutdown is low, “that doesn’t mean we shouldn’t take it very seriously.”

Norway’s Minister of Transport, Jon-Ivar Nygård, echoed that sentiment, praising Ruter’s initiative and confirming that the government is now reviewing exposure to suppliers from outside Norway’s security alliances. “Together with players like Ruter, we will ensure that this sector is less exposed to risk,” he told the national broadcaster NRK.

Connected, but at What Cost?

Modern vehicles — whether public buses or personal EVs — are increasingly defined by their software as much as their mechanical parts. Connectivity enables real-time diagnostics, fleet management, and performance updates. But it also creates potential backdoors that can be exploited or misused, intentionally or not.

In this case, Ruter’s test didn’t uncover a smoking gun — only the realization that such a gun exists, and someone else theoretically holds the trigger. It’s a reminder that in the era of connected mobility, “security” doesn’t stop at airbags and ABS. It extends deep into code, networks, and cloud servers halfway across the world.

The Road Ahead

For now, Ruter’s decision to strip the buses of their SIM cards and operate offline is a decisive move toward local control — a kind of digital unplugging in an otherwise hyperconnected age.

But as the transport sector continues to lean on foreign-made electric vehicles, Norway’s test underscores a growing truth across the automotive world: the future of mobility isn’t just electric — it’s geopolitical.

Source: Ruter