‘Picking on’ Volkswagen: Why Follow Dieselgate?

[photo: macwagen via Flickr]

[photo: macwagen via Flickr]

One of our commenters described my attention to Dieselgate as ‘picking on’ Volkswagen. It’s not as if there haven’t been scandalous problems with other automotive industry manufacturers, like General Motors’ ignition switches or Takata’s airbag failures, right?

But Volkswagen earns greater attention here at this site because:

1) A critical mass of emptywheel readers are not familiar with the automotive industry, let alone manufacturing; they do not regularly follow automotive news. Quite a number are familiar with enterprise information security, but not car manufacturing or with passenger vehicle security. Many of the readers here are also in policy making, law enforcement, judiciary — persons who may influence outcomes at the very beginning or very end of the product manufacturing life cycle.

2) This is the first identified* multi-year incidence in which an automotive industry manufacturer using computer programming of a street-ready vehicle to defraud consumers and willfully violate multiple U.S. laws. This willfulness wholly separates the nature of this risk from other passenger vehicle vulnerabilities, ex: Fiat Chrysler’s hackable Uconnect dashboard computers or Nissan’s unprotected APIs for keyless remotes. (These latter events arose from inadequate info security awareness though responsiveness of vehicle manufacturers after notification may be in question.)

3) Volkswagen Group is the single largest passenger vehicle manufacturer in Europe. This isn’t a little deal considering half of all passenger vehicles in Europe are diesel-powered. Health and environmental damage in the U.S. from 600,000 passenger diesels has been bad enough; it’s taking lives in the tens of thousands across Europe. 75,000 premature deaths in 2012 alone were attributed to urban NO2 exposures, the source of which is diesel engines. It was testing in the U.S. against U.S. emissions standards which brought VW’s ‘cheating’ to light making it impossible for the EU to ignore any longer. The environmental damage from all Volkswagen passenger diesels combined isn’t localized; these additional non-compliant emissions exacerbate global climate change.

These are the reasons why Dieselgate deserved heightened scrutiny here to date — but the reasons why this scandal merits continued awareness have everything to do with an as-yet unrealized future.

We are on the cusp of a dramatic paradigm shift in transportation, driven in no small part by the need for reduced emissions. Development and implementation of battery-powered powertrains are tightly entwined with artificial intelligence development for self-driving cars. Pittsburgh PA is already a testing ground for a fleet of self-driving Uber vehicles; Michigan’s state senate seeks changes to the state’s vehicle code to permit self-driving cars to operate without a human driver to intervene.

All of this represents a paradigm shift in threats to the public on U.S. highways. Self-driving car makers and their AI partners claim self-driving vehicles will be safer than human-driven cars. We won’t know what the truth is for some time, whether AI will make better decisions than humans.

But new risks arise:

  • An entire line of vehicles can pose a threat if they are programmed to evade laws, ex: VW’s electronic control unit using proprietary code which could be manipulated before installation. (Intentional ‘defect’.)
  • An entire line of vehicles can be compromised if they have inherent vulnerabilities built into them, ex: Fiat Chrysler’s Uconnect dashboard computers. (Unintentional ‘defect’.)

Let’s ‘pick on’ another manufacturer for a moment: imagine every single Fiat Chrysler/Dodge/Jeep vehicle on the road in 5-10 years programmed to evade state and federal laws on emissions and diagnostic tests for road-worthiness. Imagine that same programming exploit used by criminals for other means. We’re no longer looking at a mere hundred thousand vehicles a year but millions, and the number of people at risk even greater.

The fear of robots is all hype, until one realizes some robots are on the road now, and in the very near future all vehicles will be robots. Robots are only as perfect as their makers.

An additional challenge posed by Volkswagen is its corporate culture and the deliberate use of a language barrier to frustrate fact-finding and obscure responsibility. Imagine now foreign transportation manufacturers not only using cultural barriers to hide their deliberate violation of laws, but masking the problems in their programming using the same techniques. Because of GM’s labyrinthine corporate bureaucracy, identifying the problems which contributed to the ignition switch scandal was difficult. Imagine how much more cumbersome it would be to tease out the roots if the entire corporate culture deliberately hid the source using culture, even into the coding language itself? Don’t take my word for how culture is used to this end — listen to a former VW employee who explains how VW’s management prevaricates on its ‘involvement’ in Dieselgate (video at 14:15-19:46).

Should we really wait for another five to 10 years to ‘pick on’ manufacturers of artificially intelligent vehicles — cars with the ability lie to us as much as their makers will? Or should we look very closely now at the nexus of transportation and programming where problems already occur, and create effective policy and enforcement for the road ahead?
* A recent additional study suggests that Volkswagen Group is not the only passenger diesel manufacturer using emissions controls defeats.

Wednesday Morning: Ashes to Ashes

It’s your second morning-after this week, this one launching the countdown on Christian calendars to Easter. I’m a lapsed Catholic, but we do observe Lent in my household. My agnostic son resists, but I’ve explained this is an opportunity to be mindful about others’ experience of going without. We are privileged to choose to give up, and we consciously recognize it by Lenten observation. Some choices we make, like giving up meat and sugar, are beneficial for us, but it’s still the luxury of choice when others are forced to simply suffer without recourse.

This year we will be mindful of water. We take it for granted every time we turn on the faucet. Yet our brethren go without in nearby Flint, in spite of water’s essential nature to life. I’ll donate the money I would have spent on 46 days of meat-based meals to Flint’s United Way Water Fund and the Food Bank of Eastern Michigan, as both organizations are helping distribute water and filters to Flint residents. Last night’s Boil Water order issued because of a water main break only underlines the difficulties Flint’s residents will face until the entire water system is replaced.

Dept of Duh: Director of National Intelligence says Internet of Things can be used to spy
NO! Say it isn’t so! Like it never occurred to us that any device attached to the internet, including the growing number of WiFi-enabled household appliances, might be used to spy on us.

Volkswagen recalls cars — and not because of emissions
VW didn’t need more trouble; this time, it’s not the German car makers’ fault. 680,000 VW-branded vehicles are being recalled because of Takata-made airbags which may be defective. TAKE NOTE: Mercedes-Benz models were also recalled yesterday.

Toyota, Honda, Acura, BMW, Nissan, Subaru, GM, Ford, Chrysler, and Daimler also issued recalls over the last two years for the very same reason — defective Takata-made airbags. See this article for a running timeline of events related to the recalls as well as a list of affected vehicles (to date).

Attacking the grid? Try a squirrel first – hacking is much harder
A honeypot mimicking an energy management system demonstrated the challenge to hackers trying to crash a power grid. Dewan Chowdhury, MalCrawler’s founder, spoke at Kaspersky Lab security Analyst Summit about the knowledge set needed to attack energy systems:

“It’s extremely difficult. You’ can’t just be a NSA or FSB hacker; you need an electrical engineer on board to weaponize attacks and figure out what’s going on … When it comes to weaponization, you need a power substation engineering who knows what needs to be done and tested.”

After reading about Chowdhury’s presentation, I have two caveats. The first is the notion that an “electrical engineer” or a “power substation engineer” is required. Many non-degreed workers like electricians and technicians are familiar with computers, networks, and SCADA equipment. The second is this bit:

The groups had access to the HMI, which would allow them to manipulate the grid, but Chinese, U.S., and Russian groups, he said, stick to a gentlemen’s agreement and leave the grid alone. Middle Eastern actors, however, will try to perform control actions to sabotage the grid.

A “gentlemen’s agreement”? When do the gloves come off? When one of these actors align with a Middle Eastern actor?

Global disaster — how would you respond?
In case a mess of squirrels are deployed to take down the world’s power grids, one might need to know how to deal with the inevitable meltdown of services. Johns Hopkins Center for Civilian Biodefense Strategies modeled a global disaster in 2013 by way of a simulation game. The results were predictable:

What they discovered was that the country was ill prepared to cope. Within two weeks there would be enormous civilian casualties, a catastrophic breakdown in essential institutions, and mass civil unrest. Food supplies, electricity and transport infrastructures would all collapse.

International security scholar Dr. Nafeez Ahmed was asked how people should respond; he offered a nifty guide, outlined in six points.

But disaster isn’t always global, and current cases show our gross inability to respond to limited disasters. Flint, for example, already struggles with running water, item number three on Dr. Ahmed’s list. Conveniently, Flint doesn’t necessarily rely on government or law enforcement (item number four) because neither responded appropriately to the ongoing water crisis. What remains to be seen is whether Flint will muster long-term self-sufficiency (item number six) as government and law enforcement continue to let them down.

Speaking of Flint, I wonder how today’s Democratic Steering and Policy Committee hearing on Flint’s water crisis will go, as Michigan’s Governor Rick Snyder declined to appear.

“Don’t necessarily trust the government or law enforcement” in global disaster, indeed.