Next Threat; Data Manipulation

[xoxoxoBruce]

We've long heard about the danger to the US power grid, so many times I've wondered why don't they fix it if they know the danger exists?(answer, money) We also heard how Iran's centrifuges were sabotaged. But mostly, what we've heard about so far, is stolen data apparently for profit, and rumors of military secrets being pilfered. Next up, not stealing data, but changing it, like student grades in the school data base has been done.

Quote:

US intelligence chiefs are warning Congress that the next phase of escalating online data theft is likely to involve the manipulation of digital information.

A “cyber armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee on Wednesday. Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise. Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.

“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel. Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier.

link

[tw]

Quote:

Originally Posted by xoxoxoBruce

We've long heard about the danger to the US power grid, so many times I've wondered why don't they fix it if they know the danger exists?

The grid has never been obsolete despite emotional claims to the contrary. The grid is quite robust and secure. And constantly being upgraded. Worry more about institutions driven by profit and costs rather than by their products - such as financial institutions.

The problem and solution was well defined by William Edward Deming long ago. Cost of averting future problems or damage is irrelevant. The cost of not averting that damage is relevant.

Security of the grid is robust. Security in the credit card industry has been a joke. Credit card industry still does not use a 25 year old technology called smart cards that would have made most data breaches and monetary thefts impossible. That industry fears spending on innovation rather than understand the costs of not doing so.

Another joke is our use of Social Security numbers due to no system that works to protect you and that makes possible for you to protect yourself. We discussed this what - a decade plus ago?

Deming clearly defined a seriously flawed management mindset that now applies to protection of digital data in some industries.

Only cost that matters is one incurred if solutions and protection are not implemented. Cost of implementing those solutions and protections are irrelevant - except to bean counter type management that only sees costs today rather than future costs.

BTW, the recent intrusion into the networks of the Office of Personnel Management may have compromised every US spy in the world. The damage might have been that massive because that office did not have minimal security systems.

[mbpark]

TW/Bruce,

If you don't budget for actually designing and maintaining a system properly, failures happen.

The problem isn't management. It's management being ignorant of these issues and thinking they can cut corners to increase margins.

The most dangerous thing to good security in private industry has been quarterly results and the dangerous desire to cut all costs not directly related to costs of goods sold.

The most dangerous thing to good security in the public sector has been that expenditures over a certain amount have to go to Congress, where many of the organizations' budgets get cut to the bone due to politics and the ignorance of Congress to issues not packaged with lobbyists or not giving money to their districts.

Security will not change unless there is incentive to do so. Unless there is a guaranteed focus from multiple agencies on implementing business processes the right way, there will be multiple levels of fail.

I spend my days working through these issues. I also present on them semi-regularly. I speak with executives and directors from my employer's vendors on a daily basis. They are starting to get it, only because they know it's their wallets if they don't. That's their incentive.

[tw]

Quote:

Originally Posted by mbpark

The problem isn't management. It's management being ignorant of these issues and thinking they can cut corners to increase margins.

Those were the exact same reason why American cars earned bad quality recommendations. Again, they were only concerned with immediate costs; could not see the massive cost increases when you don't ask, "If we don't do this, then what will it eventually cost us." Unfortunately those massive cost increases from bad quality or insufficient security do not appear on spread sheets for maybe a decade later - when the executive has long left with massive bonuses and severance pay.

Just another example of why the spread sheets can never measure what current exists and what future costs will really be. Just another example of why management must come from where the work gets done; not from business schools.

[glatt]

Quote:

Originally Posted by tw

Just another example of why the spread sheets can never measure what current exists and what future costs will really be. Just another example of why management must come from where the work gets done; not from business schools.

What's your take on the VW emissions cheating scandal, tw?

I'm not sure if the cheating was done at the direction of management or if an engineer piped up in some meeting that they can beat the test with a little code.

[tw]

Quote:

Originally Posted by glatt

What's your take on the VW emissions cheating scandal, tw?

GM did things similar to cover up their bad gas mileage numbers. For example, a Corvette would detect less acceleration, then assume this was an EPA mileage test. Computer would change engine parameters and bypass second gear to make their mileage appear higher.

I routinely exceed Honda's EPA highway mileage numbers in local driving. But I could never obtain GM's highway mileage in their cars. All consumers could see this. But most consumers ignore facts and numbers (observe so many who pay the highest prices for gasoline in Wawa, Sheets, Costco, Hess, US Gas, Giant, Turkey Hill, Valero, etc).

This particular VW event is not observable by consumers. However, how many spend massively on a surge protector for their computers ... that does not even claim to protect from destructive surges. How many buy probiotics that have no proven benefits. Or supplements in health food store when most do not even have what they claim on the label (that lie is legal). How many buy something because it creates a healthy heart? That only means it does not kill you; never says it improves health.

Scams are easy. Consumers would not know about VWs fraud. But then consumers even ignore scams that should be obvious to them - if for no other reason because they demand numbers.

Why did so many GM owners just assume EPA highway mileage could not be obtained - and call that acceptable? Most all but set themselves up to be scammed. Need we cite Listerine?

Apparently the VW scam was identified by researchers in the University of West Virginia by doing testing on platforms different from what the EPA uses. Later it was exposed that the computer intentionally changed engine parameters to 'fake' emission tests. This is apparently different from the Toyota brake problem that was created by bad engineering – in the tenure of Wantanabe who wanted to increase sales rather than make better products.

[Lamplighter]

Quote:

Originally Posted by xoxoxoBruce

...Next up, not stealing data, but changing it, like student grades in the school data base has been done.

Quote:

The whole idea of data manipulation is a logical extension in thinking about hacking.
So why is Clapper making an issue of it now ?

The man is a known (shown to be) liar - to Congress.
He's almost like J Edgar at the FBI - there's no firing him

[fargon]

We own one of the affected VWs, and we have all ready taken steps to join the class action lawsuit. I'm not losing performance and economy, and not be compensated.

[Lamplighter]

Hackers Took Fingerprints of 5.6 Million U.S. Workers, Government Says
NY Times - DAVID E. SANGER - SEPT. 23, 2015

Quote:

...the Office of Personnel Management said Wednesday that the hackers who stole
security dossiers from the agency also got the fingerprints of 5.6 million federal employees.
...

Although the article speaks mainly to damage to Federal systems ,
and then says there's no evidence of tampering with financial or credit cards...

I would add: Yet.

And I wonder how Apple feels regarding
it's use of fingerprints for access to iPhones, etc.

[tw]

From the NY Times of 26 Sept 2015

Quote:

As Volkswagen Pushed to Be No. 1, Ambitions Fueled a Scandal

Martin Winterkorn, Volkswagen's chief executive, took the stage four years ago at the automaker's new plant in Chattanooga, Tenn., and outlined a bold strategy. The company, he said, was in the midst of a plan to more than triple its sales in the United States in just a decade — setting it on a course to sweep by Toyota to become the world's largest automaker.

"By 2018, we want to take our group to the very top of the global car industry," he told the two United States senators, the governor of Tennessee and the other dignitaries gathered for the opening of Volkswagen’s first American factory in decades.

So he wanted to make profits rather than earn the number one spot by making better products. He was doing to VW exactly what Wantanbe had done to so harm Toyota and what Carly Fiorina did to do so much damage to HP in only four years. I was in the meeting where she also made similar statements.

How long did it take for business school philosophies to corrupt the product line? Ten years? Business school graduates see short term gain and ignore the long term consequences. Consequences do not appear on the spread sheets.

Quote:

Volkswagen's current crisis has its roots in decisions made almost a decade ago. In 2007, it abandoned a pollution-control technology developed by Mercedes-Benz and Bosch and instead used internal technology.

Hubris.

Quote:

While Volkswagen cheated behind the scenes, it publicly espoused virtue. This, after all, is the company that used one of the largest advertising arenas in the world, the Super Bowl, to run a commercial showing its engineers sprouting angel's wings.

Finally in April 2014, VW offered a software change to fix emissions on 2010 through 2014 VWs. It did not work. Their aggressive denials and accusations only made government investigators curious.

Quote:

California regulators changed tack, examining the company's software. Modern automobiles operate using millions of lines of computer code. One day last summer, the regulators made a startling discovery: A subroutine, or parallel set of instructions, was secretly being sent by the computer to what seemed to be the emissions controls.

Regulators were floored. Could Volkswagen be trying something similar to what the heavy-truck industry did to manipulate emissions tests in the 1990s?

Regulators set out to cheat the cheat, tweaking lab test parameters to trick the car into thinking it was on the road. The Volkswagens began spewing nitrogen oxide far above the legal limit.

Government officials then increased the pressure on the company, threatening to withhold approval for its 2016 Volkswagen and Audi diesel models. According to the E.P.A., that is what forced Volkswagen's hand. On Sept. 3, a group of senior engineers admitted what the regulators had suspected: The company had installed defeat devices on nearly 500,000 diesel vehicles sold in the United States. In a presentation, they admitted that the software subroutine had been added to vehicles going back to the 2009 model year, when Volkswagen's "clean diesel" arrived in America with promises of an environmentally friendly future.

"It was the repeated answers that did not add up that really led to the discovery of the problem in the first place," Mr. Young said. "They were kind of hoisted on their own petard."

The revelations were so stunning that some executives at Volkswagen Group of America were kept in the dark about the pending E.P.A. violation until just before it was announced, according to two people familiar with the situation who spoke on condition of anonymity.

This month, Volkswagen and Audi executives in Herndon, Va., began pressing executives in Germany for information about the delay in certifying the 2016 models for sale. The absence of details was already hampering plans for product introductions at United States dealerships.

But there was no explanation from Germany - until just before the E.P.A. announced the violation of the Clean Air Act.

[tw]

VW scandel again opens a fundamental question. Once schematics were available for every appliance. Consumers could know what they purchased. Over the decades, that has changed. For example, EPA once agreed with automakers that computer code should be kept secret. Otherwise scammers would harm the emission and other safety standards by changing their code.

The VW scandel puts that argument on its head. IOW access to code means defects such as Toyota's Camry computer or VWs intentional fraud can be identified by the little people who work for mankind rather than for profits.

I doubt things will change. But the underlying problem of no longer letting the consumer know what he has purchased is an ongoing and open discussion.

[Undertoad]

Bruce you don't understand. None of this could possibly have happened.

Audi/VW CEO Martin Winterkorn has no business education at all. He is a world class representative of the management approach where "product people" and engineers become leaders. Of a car company!

PhD in Metallurgy. Lead engineer. Came up through -- of all things! -- Quality Assurance! Where he was elected to the board as a QA representative. Eventually he would come to represent Technical Development on the board, and eventually R&D, and then he became CEO.

He has ZERO time in accounting, marketing, HR or finance.

This extremely ideal CEO has been making the top decisions at VW for over a decade. So all of this is entirely impossible.




http://www.volkswagenag.com/content/...interkorn.html

Quote:

Winterkorn was born on May 24, 1947, in Leonberg (Germany). He studied Metallurgy and Metal Physics at the University of Stuttgart from 1966 to 1973. From 1973 to 1977 Winterkorn was a PhD student at the Max-Planck-Institute for Metal Research, where he received his doctorate in 1977.

Winterkorn’s professional career began in 1977 as a specialist assistant in the research division "Process Engineering" at Robert Bosch GmbH. From 1978 to 1981 he headed the refrigerant compressor development group "Substances and Processes" at Robert Bosch GmbH and Bosch-Siemens-Hausgeräte GmbH.

In 1981 Winterkorn joined AUDI AG as assistant to the Member of the Board for Quality Assurance. Two years later, he assumed responsibility for "Measuring Technology/Sampling and Test Laboratory" at Audi. At the beginning of 1988, he was made departmental head of "Central Quality Assurance", and in 1990 Head of Audi Quality Assurance.

In 1993 Winterkorn became Head of "Group Quality Assurance" at Volkswagen AG and was appointed General Representative of Volkswagen AG in March 1994. He was additionally responsible for Volkswagen Group Product Management from June 1995. In January 1996 Winterkorn took over as Member of the Board of Management for "Technical Development" at the Volkswagen brand. From July 2000 he was Member of the Board of Management of Volkswagen AG responsible for Research and Development.

Winterkorn became Chairman of the Board of Management of AUDI AG on March 1, 2002. In addition to this, Winterkorn assumed responsibility for Technical Development at AUDI AG on January 1, 2003. In his capacity as Chairman of the Board of Management of AUDI AG, Winterkorn was also a Member of the Board of Management of Volkswagen AG.

[tw]

Quote:

Originally Posted by Undertoad

Bruce you don't understand. None of this could possibly have happened.

Lee Iacocca also was a car guy. Developed the Mustang. Went to Chrysler to save the company and then develop the miin-van (that Henry Ford kept stifling). However living in the ethersphere can corrupt. After ten years, Iacocca told Robert Lutz that he could have the Neon or the Presidency of Chrysler. IOW he was now acting as a bean counter. Robert Lutz, one of Chryslers better car guys, took the Neon and then left Chrysler - having been told he had no future under the 'converted to MBA thnking' Iacocca.

It remains a major problem in industry. Living in the ethersphere can corrupt product people. Same happened to Ken Olson of DEC resulting in a company that ignored the internet resulting in a major corporate downfall.

We know Winterkorn was also corrupted. He was saying things similar to what Fiorina and Wantanabe said. Their objective changed from making better products to increasing profits and sales so as to be #1. That lies only comes from people brainwashed in the business schools (ie Fiorina) or from people corrupted by business school concepts found in the ethersphere (Iacocca).

[classicman]

snicker ... ... ...