[SystemSafety] Fwd: Hackers take over *control* of a car wirelessly

From: Matthew Squair < >
Date: Thu, 23 Jul 2015 10:02:21 +1000

Actually I disagree with your assessment of his space operations. Have a look at whose running the operation and their back history. Similarly if you look at how Space X does design and manufacturing you can see that the system of production has been intelligently designed from ground up. Finally if you look at the design of the Falcon launch vehicles they've done a number of specific things to increase the launcher reliability by designing out risk (not futzing around with QA/QC paperwork).

I was going to respond the previous comment on car hacking by pointing out that cyber-security is a difficult (maybe a wicked) problem to address across any industry because people are often extremely reluctant to openly share information or god forbid collaborate. Not to mention the criminal/legal aspects. Or that often industry regulators are often like the blind leading the blind. As a result you get islands of ignorance and the recurrence of the same mistakes. In security it seems we are dealing with 'unknown known' types of risk e.g. the problem is known or has even been solved but the news hasn't got here yet (to misquote Nietzsche).

In contrast look at the Space X operations, a new start-up but with a kernel of experienced managers ensures that corporate industry experience is transplanted into the organisation and a small in-house design and development team can actually address the classic problems of launcher vehicle reliability in the design, because fundamentally reliability sells launches. Much less chance of 'unknown knowns' in this sort of environment. Compare that again to the design/development organisation of a major defence/aerospace contractor, a hierarchical or (shudder) matrix organisation with large chunks of work being outsourced, and required by the customer to make allocations of work based on political considerations rather than performance. Who was it that said that systems often reflect the project's organisational structure?

Bottom line is look at the launch reliability Space X actually achieves and then compare to the price they're charging for payload. So yes Les, despite their recent loss, I would have no qualms about taking a ride on a Falcon. And they use Linux.

On Thu, Jul 23, 2015 at 7:51 AM, Les Chambers <les_at_xxxxxx

> Mike
>
> I agree, it was a sweeping statement ... or more an impression gained from
> reading Ashlee Vance's biography of Elon Musk. I found Vance's account
> credible for the following reasons:
>
> 1. Vance researched it thoroughly. He interviewed many people from Musk's
> personal and professional life. Halfway through its writing Musk caved in
> and agreed to cooperate even though his requests to "write footnotes" and
> edit content were refused.
>
> 2. Vance bent over backwards to give a balanced account of Musk's
> adventures. There's a lot of good, some bad and much ugly in this story.
>
>
>
> Given it was published for general consumption there is no detail on
> engineering process in Musk's companies, Space X and Tesla, but from a
> safety engineering point of view you can't help but gain the following
> impressions.
>
> 1. All Musk companies operated (and may still be operating) under the
> constant threat of bankruptcy (situation normal for a start-up). The
> temptation to take shortcuts would have been huge (at least in the early
> days – and possibly still today).
>
> 2. Eighty to one hundred hour work weeks are normal. New hires are warned
> that, "this is special forces territory". I tried this once for a year and
> discovered that you make dangerous design decisions late at night. After a
> year of this I turned into a gibbering idiot and took six months to
> recover. This leads me to my next point:
>
> 3. Musk burns out his people. His turnover is high. The only people with
> the stamina to sustain this workload are probably 20 and 30 somethings who
> are learning on-the-job. You wonder what kind of design decisions they are
> making at midnight.
>
> 4. Disagreeing with musk is career limiting, proving him wrong is fatal.
> He is not what you'd call a well adjusted kind of guy. Try establishing and
> running a consistent safety engineering regime in this kind of environment.
> Musk reacts very badly to being told he can't do something. That's pretty
> much what a safety authorities's job is. Any professional safety engineer
> would last microseconds in that kind of environment.
>
> 5. Musk has achieved order of magnitude reductions in cost by bringing
> much of the design in-house. This means he is probably using designers with
> little background in what they are designing (there are some examples of
> this in the book), including what constitutes an unsafe design. The
> zeitgeist is, the establishment is bloated with too much cash, old, uncool
> and don't know what they're doing. In contrast we are younger, we are
> smarter, we are cooler, we can do it better. There's probably an element of
> truth in this but when it comes to safety engineering which, let's face it,
> can be boring as bat shit, you have to wonder if they're missing or
> ignoring something.
>
>
>
> I'd recommend the book. It's a rattling good tale but it leaves you
> conflicted. On the one hand you can't help admiring Musk and what he has
> achieved in such a short time. He's probably a one in 100 year kind of guy.
> He's given the technology industry a good kick in the pants, created
> thousands of new jobs and moved space and road vehicle technology a few big
> steps into the future. Any capital invested in his companies has been very
> productive. It's also true that if you're going to make advances like this
> you've got a take risks. That is, drop your risk tolerance and be prepared
> to take casualties.
>
>
>
> That said I challenge you to read the book and ask yourself this question:
>
> Would I want to be an astronaut sitting on top of one of Musk's rockets?
>
> Right now MY answer would be NO! Taking casualties is fine as long as I'm
> not one of them. I'm content to be old and uncool. I'll leave that to the
> young and the fearless.
>
>
>
> Cheers
>
> Les
>
>
>
> *From:* Mike Ellims [mailto:michael.ellims_at_xxxxxx > *Sent:* Wednesday, July 22, 2015 7:07 PM
> *To:* 'Les Chambers'; 'Matthew Squair'; 'Heath Raftery'
> *Cc:* systemsafety_at_xxxxxx > *Subject:* RE: [SystemSafety] Hackers take over *control* of a car
> wirelessly
>
>
>
> Wow.
>
>
>
> > Tesla motors employs mostly twenty somethings, if Elon Musk's biography
> is any indication, I suspect they don't have much adult supervision.
>
>
>
> That’s a pretty sweeping statement and given the number of employees
> (10,000+) probably isn’t completely correct. Tesla has actually been around
> for a while so the 20 and 30 something’s that started are now 30 and 40
> something’s. In addition it may not be that relevant as age is only an
> indication of experience not of ability. I suspect that what they actually
> have is la bunch of 30 and 40 something’s heading up department with lots
> of 20 and 30 something doing the work. I don’t know about you but I suspect
> I was at my best somewhere between 30 and 50, most of the drive of a twenty
> something and just enough mistakes to make me careful.
>
>
>
> Tesla had its big security scare a few years back when the app interface
> got hacked and lead to a number of incidents with flashing lights and horns
> being beeps and unlocking of doors. Since then it seems to have upped its
> efforts on security. e.g.
>
>
>
> http://cleantechnica.com/2014/02/18/tesla-motors-snags-kristin-paget-apple/
>
>
>
>
> http://www.computerworld.com/article/2597937/security0/tesla-recruits-hackers-to-boost-vehicle-security.html
>
>
>
>
>
> *From:* systemsafety-bounces_at_xxxxxx > systemsafety-bounces_at_xxxxxx > Chambers
> *Sent:* 22 July 2015 04:06
> *To:* 'Matthew Squair'; 'Heath Raftery'
> *Cc:* systemsafety_at_xxxxxx > *Subject:* Re: [SystemSafety] Hackers take over *control* of a car
> wirelessly
>
>
>
> Dynamic updates to motor-vehicle functionality are a fact of life now.
> Tesla Motors is a "world leader" with this. Here is the release note list
> for the Tesla model S:
>
>
> http://www.teslamotorsclub.com/showwiki.php?title=Model+S+software+firmware+changelog
>
> All you need is a wireless net to get the job done in around 45 minutes.
> Theoretically you could probably do it with a mobile phone hotspot. I don't
> know if the model S as to be stationary for the upgrade to occur. Hope so.
>
> Ethical discussions on whether or not this is a good thing are probably
> irrelevant. It's just happening all around us. Tesla motors employs mostly
> twentysomethings, if Elon Musk's biography is any indication, I suspect
> they don't have much adult supervision. It reminds me of the Battle of the
> Bulge where Hitler put kids in tanks who had never seen a tank battle. They
> had little concept of what was coming and no fear.
>
> So if you don't like this trend you're probably old and uncool. Why
> shouldn't an auto be just like a mobile phone or your Windows laptop? What
> could go wrong???
>
>
>
>
>
> *From:* systemsafety-bounces_at_xxxxxx > mailto:systemsafety-bounces_at_xxxxxx > <systemsafety-bounces_at_xxxxxx > Squair
> *Sent:* Wednesday, July 22, 2015 11:14 AM
> *To:* Heath Raftery
> *Cc:* systemsafety_at_xxxxxx >
> *Subject:* Re: [SystemSafety] Hackers take over *control* of a car
> wirelessly
>
>
>
> If someone can seriously think that updating hospital drug pump firmware
> via the interwebz is a 'good idea' I think there's minimal likelihood of a
> good flogging in the town square happening anytime soon.
>
>
>
>
> http://criticaluncertainties.com/2015/06/23/all-your-drug-pumps-are-belong-to-us/
>
> Matthew Squair
>
>
>
> MSysEng, MIEAust, CPEng
>
> Mob: +61 488770655
>
> Email; Mattsquair_at_xxxxxx >
> Web: http://criticaluncertainties.com
>
>
> On 22 Jul 2015, at 10:45 am, Heath Raftery <heath.raftery_at_xxxxxx > wrote:
>
> On 22/07/2015 3:44 AM, Martyn Thomas wrote:
>
> On 21/07/2015 18:27, Tom Ferrell wrote:
>
> Stating the obvious, but isn’t there an aspect of this that goes
>
> something like, “Just because we can doesn’t mean we should.” To me,
>
> there is a fundamental engineering ethics question that comes into
>
> play when people start talking about the ‘Internet of Everything.’
>
> When someone postulates hooking two systems together that always
>
> before have been physically separated, engineers have a moral
>
> responsibility IMHO to inject themselves firmly and fully into the
>
> benefits vs. risks discussion with a strong bias of when in doubt,
> don’t.
>
>
>
> That sounds like excellent advice, but if I'm happy to connect A to B
>
> and B to C, and you are happy to connect X to Y and Y to Z, whose fault
>
> is it when Peter connects one of (A,B,C) to one of (X,Y,Z) and something
>
> bad happens?
>
>
> The general philosophical arguments are worth having, but doesn't this
> particular case offer a more direct argument?
>
> If you're the one that connects cellular to CAN (via whatever paths
> already exist), you ought to be shot, stripped and jailed for gross
> negligence, *before* there's even an accident caused.
>
> I'm flabbergasted that Chrysler could have released a vehicle where that
> electronic link even exists. No "great new feature"(TM) warrants such a
> gaping hole that would get every hacker from here to hell tapping away at
> the new door. There is zero evidence that anyone has ever designed a robust
> enough system that you could honestly connect the two and claim it safe.
>
> All the "great new features" that are on the horizon can be achieved
> without making that link - updates over the air, Internet connected
> entertainment, vehicle location, etc. I see no excuse.
>
> Heath
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >
>
> ------------------------------
>
> [image: Image removed by sender. Avast logo]
> <https://www.avast.com/antivirus>
>
> This email has been checked for viruses by Avast antivirus software.
> www.avast.com <https://www.avast.com/antivirus>
>
>
>

-- 
*Matthew Squair*
MIEAust CPEng

Mob: +61 488770655
Email: MattSquair_at_xxxxxx
Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>




-- 
*Matthew Squair*
MIEAust CPEng

Mob: +61 488770655
Email: MattSquair_at_xxxxxx
Website: www.criticaluncertainties.com <http://criticaluncertainties.com/>



_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Thu Jul 23 2015 - 02:02:34 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST