Next Threat; Data Manipulation

[xoxoxoBruce]

We've long heard about the danger to the US power grid, so many times I've wondered why don't they fix it if they know the danger exists?(answer, money) We also heard how Iran's centrifuges were sabotaged. But mostly, what we've heard about so far, is stolen data apparently for profit, and rumors of military secrets being pilfered. Next up, not stealing data, but changing it, like student grades in the school data base has been done.

Quote:

US intelligence chiefs are warning Congress that the next phase of escalating online data theft is likely to involve the manipulation of digital information.

A “cyber armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee on Wednesday. Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise. Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.

“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel. Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier.

link

[tw]

Quote:

Originally Posted by xoxoxoBruce

We've long heard about the danger to the US power grid, so many times I've wondered why don't they fix it if they know the danger exists?

The grid has never been obsolete despite emotional claims to the contrary. The grid is quite robust and secure. And constantly being upgraded. Worry more about institutions driven by profit and costs rather than by their products - such as financial institutions.

The problem and solution was well defined by William Edward Deming long ago. Cost of averting future problems or damage is irrelevant. The cost of not averting that damage is relevant.

Security of the grid is robust. Security in the credit card industry has been a joke. Credit card industry still does not use a 25 year old technology called smart cards that would have made most data breaches and monetary thefts impossible. That industry fears spending on innovation rather than understand the costs of not doing so.

Another joke is our use of Social Security numbers due to no system that works to protect you and that makes possible for you to protect yourself. We discussed this what - a decade plus ago?

Deming clearly defined a seriously flawed management mindset that now applies to protection of digital data in some industries.

Only cost that matters is one incurred if solutions and protection are not implemented. Cost of implementing those solutions and protections are irrelevant - except to bean counter type management that only sees costs today rather than future costs.

BTW, the recent intrusion into the networks of the Office of Personnel Management may have compromised every US spy in the world. The damage might have been that massive because that office did not have minimal security systems.

[mbpark]

TW/Bruce,

If you don't budget for actually designing and maintaining a system properly, failures happen.

The problem isn't management. It's management being ignorant of these issues and thinking they can cut corners to increase margins.

The most dangerous thing to good security in private industry has been quarterly results and the dangerous desire to cut all costs not directly related to costs of goods sold.

The most dangerous thing to good security in the public sector has been that expenditures over a certain amount have to go to Congress, where many of the organizations' budgets get cut to the bone due to politics and the ignorance of Congress to issues not packaged with lobbyists or not giving money to their districts.

Security will not change unless there is incentive to do so. Unless there is a guaranteed focus from multiple agencies on implementing business processes the right way, there will be multiple levels of fail.

I spend my days working through these issues. I also present on them semi-regularly. I speak with executives and directors from my employer's vendors on a daily basis. They are starting to get it, only because they know it's their wallets if they don't. That's their incentive.

[tw]

Quote:

Originally Posted by mbpark

The problem isn't management. It's management being ignorant of these issues and thinking they can cut corners to increase margins.

Those were the exact same reason why American cars earned bad quality recommendations. Again, they were only concerned with immediate costs; could not see the massive cost increases when you don't ask, "If we don't do this, then what will it eventually cost us." Unfortunately those massive cost increases from bad quality or insufficient security do not appear on spread sheets for maybe a decade later - when the executive has long left with massive bonuses and severance pay.

Just another example of why the spread sheets can never measure what current exists and what future costs will really be. Just another example of why management must come from where the work gets done; not from business schools.

[glatt]

Quote:

Originally Posted by tw

Just another example of why the spread sheets can never measure what current exists and what future costs will really be. Just another example of why management must come from where the work gets done; not from business schools.

What's your take on the VW emissions cheating scandal, tw?

I'm not sure if the cheating was done at the direction of management or if an engineer piped up in some meeting that they can beat the test with a little code.

[tw]

Quote:

Originally Posted by glatt

What's your take on the VW emissions cheating scandal, tw?

GM did things similar to cover up their bad gas mileage numbers. For example, a Corvette would detect less acceleration, then assume this was an EPA mileage test. Computer would change engine parameters and bypass second gear to make their mileage appear higher.

I routinely exceed Honda's EPA highway mileage numbers in local driving. But I could never obtain GM's highway mileage in their cars. All consumers could see this. But most consumers ignore facts and numbers (observe so many who pay the highest prices for gasoline in Wawa, Sheets, Costco, Hess, US Gas, Giant, Turkey Hill, Valero, etc).

This particular VW event is not observable by consumers. However, how many spend massively on a surge protector for their computers ... that does not even claim to protect from destructive surges. How many buy probiotics that have no proven benefits. Or supplements in health food store when most do not even have what they claim on the label (that lie is legal). How many buy something because it creates a healthy heart? That only means it does not kill you; never says it improves health.

Scams are easy. Consumers would not know about VWs fraud. But then consumers even ignore scams that should be obvious to them - if for no other reason because they demand numbers.

Why did so many GM owners just assume EPA highway mileage could not be obtained - and call that acceptable? Most all but set themselves up to be scammed. Need we cite Listerine?

Apparently the VW scam was identified by researchers in the University of West Virginia by doing testing on platforms different from what the EPA uses. Later it was exposed that the computer intentionally changed engine parameters to 'fake' emission tests. This is apparently different from the Toyota brake problem that was created by bad engineering – in the tenure of Wantanabe who wanted to increase sales rather than make better products.

[glatt]

Quote:

Originally Posted by tw

This particular VW event is not observable by consumers.

Not yet. The recall of these cars and the "fix" for the problem will almost certainly be observable. Either by poor vehicle performance as the software patch dials down engine performance and improves engine emissions, or by the addition of hardware in the car in the form of a new adblue tank taking up space in the trunk. And don't forget the decrease in resale value.

[Lamplighter]

Quote:

Originally Posted by xoxoxoBruce

...Next up, not stealing data, but changing it, like student grades in the school data base has been done.

Quote:

The whole idea of data manipulation is a logical extension in thinking about hacking.
So why is Clapper making an issue of it now ?

The man is a known (shown to be) liar - to Congress.
He's almost like J Edgar at the FBI - there's no firing him

[tw]

Quote:

Originally Posted by glatt

The recall of these cars and the "fix" for the problem will almost certainly be observable.

Quite likely. Because an intentional software fraud would have been done for good reason - ie they could not make the engine work properly. Or, like in GM, because cars designed by business school graduates (without innovation) would have crappy gas mileage numbers.

That is speculation. But based in what seems reasonable. VW will install new software (without doubt) and may also need additional hardware. Estimated cost $7 billion.

A recent and new trend exists. Top executives were previously exempt from prosecution if they admitted to the crime - and got stockholders to pay for it. A recent Federal court jury verdict against a Georgia Peanut processor puts that chief executive in jail for 28 years for murder. Because 85% of all problems are directly traceable to top management. The reason should be held criminally responsible - not just for Enron executives.

Its about time we made chief executives responsible. Including their bonus is not paid for ten years - when spread sheets finally report whether those executives did anything productive.

VW top management had plenty of time to come clean. They stalled. He clearly knew about the problem when he was negotiating for not fixing the problem - to deny it existed. That should be criminal.

Opposite was Toyoda who testified before Congress on a Camry computer problem. He had already started a program to undo the major disasters created by Wantanabe. But as we know, that can take 4 to 10 years. Toyoda was only there for 1 year when he said bankruptcy is a 5 step process - and Toyota was already at step 3. He knew and was actively trying to undo many disasters. Toyoda was trying to undo damage when the Camry problem and Wantanabe's coverups were exposed - apparently even surprised him.

We have no reason to believe top management in VW was doing anything but a coverup. They were negotiating this problem at least a year ago when even 2015 cars were sold with the problem. Expect this solution to have consequences because the software fraud was intentionally done to mask some sort of problem. Toyota's problem and VWs problem existed for two completely different reasons.

Obviously we are discussing two different concepts - data manipulated by the powers that be and data manipulated by outside 'enemies'. The former is why companies need Inspector Generals. Latter is why companies need executive who empower the little people to make decisions - as William Edward Deming made obvious even 50 years ago.

[fargon]

We own one of the affected VWs, and we have all ready taken steps to join the class action lawsuit. I'm not losing performance and economy, and not be compensated.

[Lamplighter]

Hackers Took Fingerprints of 5.6 Million U.S. Workers, Government Says
NY Times - DAVID E. SANGER - SEPT. 23, 2015

Quote:

...the Office of Personnel Management said Wednesday that the hackers who stole
security dossiers from the agency also got the fingerprints of 5.6 million federal employees.
...

Although the article speaks mainly to damage to Federal systems ,
and then says there's no evidence of tampering with financial or credit cards...

I would add: Yet.

And I wonder how Apple feels regarding
it's use of fingerprints for access to iPhones, etc.

[xoxoxoBruce]

Quote:

Originally Posted by tw

GM did things similar to cover up their bad gas mileage numbers. For example, a Corvette would detect less acceleration, then assume this was an EPA mileage test. Computer would change engine parameters and bypass second gear to make their mileage appear higher.

No, no, no, you and your sinister plots.
There was no deception involved. Detect an EPA test? Even you aren't that dumb. Yes, it was to improve the gas mileage on the high performance models, and it worked, because it kept city drivers from running higher revs in a lower gear when they didn't need it. But if they seriously made an effort to do so, they could. There's also a bunch of aftermarket companies who sell a disabling tool for a few bucks. You see there's a lot of childish, unpatriotic, Americans who don't want to drive the crap you do.

From the Corvette manual, hardly a secret...

Quote:

One-to-Four Shift Light (Manual Transmission)
When this light comes on, you can only shift from FIRST (1) to FOURTH (4)instead of FIRST (1) to SECOND (2).
You must complete the shift into FOURTH (4) to turn off this feature. This helps you get the best possible fuel economy.
After shifting to FOURTH (4), you may downshift to a lower gear if you prefer.

Notice: Forcing the shift lever into any gear except FOURTH (4) when the 1 TO 4 SHIFT light comes on may damage the transmission.
Shift only from FIRST (1) to FOURTH (4) when the light comes on.
This light will come on when:
• The engine coolant temperature is higher than
169°F (76°C),
• you are going 15 to 19 mph (24 to 31 km/h) and
• you are 21 percent throttle or less.

15 to 19 mph and less than 21% throttle, is noodling along in city traffic.

[tw]

Quote:

Originally Posted by xoxoxoBruce

You see there's a lot of childish, unpatriotic, Americans who don't want to drive the crap you do.

Apparently you are again using the head on your dic for a brain.

You have quoted from the wrong model year citing a completely different transmission. GM only offered automatics when and to subvert EPA mileage tests.

Meanwhile, back to reality and intelligent concepts in the next post. Can you make the transition? It is hard for you. I understand.

[tw]

From the NY Times of 26 Sept 2015

Quote:

As Volkswagen Pushed to Be No. 1, Ambitions Fueled a Scandal

Martin Winterkorn, Volkswagen's chief executive, took the stage four years ago at the automaker's new plant in Chattanooga, Tenn., and outlined a bold strategy. The company, he said, was in the midst of a plan to more than triple its sales in the United States in just a decade — setting it on a course to sweep by Toyota to become the world's largest automaker.

"By 2018, we want to take our group to the very top of the global car industry," he told the two United States senators, the governor of Tennessee and the other dignitaries gathered for the opening of Volkswagen’s first American factory in decades.

So he wanted to make profits rather than earn the number one spot by making better products. He was doing to VW exactly what Wantanbe had done to so harm Toyota and what Carly Fiorina did to do so much damage to HP in only four years. I was in the meeting where she also made similar statements.

How long did it take for business school philosophies to corrupt the product line? Ten years? Business school graduates see short term gain and ignore the long term consequences. Consequences do not appear on the spread sheets.

Quote:

Volkswagen's current crisis has its roots in decisions made almost a decade ago. In 2007, it abandoned a pollution-control technology developed by Mercedes-Benz and Bosch and instead used internal technology.

Hubris.

Quote:

While Volkswagen cheated behind the scenes, it publicly espoused virtue. This, after all, is the company that used one of the largest advertising arenas in the world, the Super Bowl, to run a commercial showing its engineers sprouting angel's wings.

Finally in April 2014, VW offered a software change to fix emissions on 2010 through 2014 VWs. It did not work. Their aggressive denials and accusations only made government investigators curious.

Quote:

California regulators changed tack, examining the company's software. Modern automobiles operate using millions of lines of computer code. One day last summer, the regulators made a startling discovery: A subroutine, or parallel set of instructions, was secretly being sent by the computer to what seemed to be the emissions controls.

Regulators were floored. Could Volkswagen be trying something similar to what the heavy-truck industry did to manipulate emissions tests in the 1990s?

Regulators set out to cheat the cheat, tweaking lab test parameters to trick the car into thinking it was on the road. The Volkswagens began spewing nitrogen oxide far above the legal limit.

Government officials then increased the pressure on the company, threatening to withhold approval for its 2016 Volkswagen and Audi diesel models. According to the E.P.A., that is what forced Volkswagen's hand. On Sept. 3, a group of senior engineers admitted what the regulators had suspected: The company had installed defeat devices on nearly 500,000 diesel vehicles sold in the United States. In a presentation, they admitted that the software subroutine had been added to vehicles going back to the 2009 model year, when Volkswagen's "clean diesel" arrived in America with promises of an environmentally friendly future.

"It was the repeated answers that did not add up that really led to the discovery of the problem in the first place," Mr. Young said. "They were kind of hoisted on their own petard."

The revelations were so stunning that some executives at Volkswagen Group of America were kept in the dark about the pending E.P.A. violation until just before it was announced, according to two people familiar with the situation who spoke on condition of anonymity.

This month, Volkswagen and Audi executives in Herndon, Va., began pressing executives in Germany for information about the delay in certifying the 2016 models for sale. The absence of details was already hampering plans for product introductions at United States dealerships.

But there was no explanation from Germany - until just before the E.P.A. announced the violation of the Clean Air Act.

[tw]

VW scandel again opens a fundamental question. Once schematics were available for every appliance. Consumers could know what they purchased. Over the decades, that has changed. For example, EPA once agreed with automakers that computer code should be kept secret. Otherwise scammers would harm the emission and other safety standards by changing their code.

The VW scandel puts that argument on its head. IOW access to code means defects such as Toyota's Camry computer or VWs intentional fraud can be identified by the little people who work for mankind rather than for profits.

I doubt things will change. But the underlying problem of no longer letting the consumer know what he has purchased is an ongoing and open discussion.