Tag Archives: vehicles

Uncategorized

Experts warn that vehicles are vulnerable to cyberattacks

By Kim Smiley 

By now, you have probably heard of the “internet of things” and the growing concern about the number of things potentially vulnerable to cyberattacks as more and more everyday objects are designed to connect to the internet.  According to a new report by the Government Accountability Office (GAO), cyberattacks on vehicles should be added to the list of potential cybersecurity concerns.  It’s easy to see how bad a situation could quickly become if a hacker was able to gain control of a vehicle, especially while it was being driven.

A Cause Map, a visual root cause analysis, can be built to analyze the issue of the potential for cyberattacks on vehicles.  The first step in the Cause Mapping process is to define the problem by filling out an Outline with basic background information as well as how the problem impacts the overall goals.  The Cause Map is then built by starting at one of the goals and asking “why” questions to visually lay out the cause-and-effect relationships. 

In this example, the safety goal would be impacted because of the potential for injuries and fatalities. Why is there this potential? There is the possibility of car crashes caused by cyberattack on cars. Continuing down this path, cyberattacks on cars could happen because most modern car designs include advanced electronics that connect to outside networks and these electronics could be hacked.  Additionally, most of the computer systems in a car are somehow connected so gaining access to one electronic system can give hackers a doorway to access other systems in the car.

Hackers can gain access to systems in the car via direct access to the vehicle (by plugging into the on-board diagnostic port or the CD player) or, a scenario that may be even more frightening, they may be able to gain access remotely through a wireless network.  Researchers have shown that it is possible to gain remote access to cars because many modern car designs connect to outside networks and cars in general have limited cybersecurity built into them. Why cars don’t have better cybersecurity built into them is a more difficult question to answer, but it appears that the potential need for better security hadn’t been identified.

As of right now, the concern over potential cyberattacks on cars is mostly a theoretical one.  There have been no reports about injuries caused by a car being attacked.  There have been cases of cars being hacked, such as at Texas Auto Center in 2010 when a disgruntled ex-employee caused cars to honk their horns at odd hours and disabled starters, but there are few (if any) reports of cyberattacks on moving vehicles.  However, the threat is concerning enough that government agencies are determining the best way to respond to it. The National Highway Traffic Safety Administration established a new division in 2012 to focus on vehicle electronics, which includes cybersecurity. Ideally, possible cyberattacks should be considered and appropriate cybersecurity should be included into designs as more and more complexity is added to the electronics in vehicles, and objects ranging from pace-makers to refrigerators are designed to connect to wireless networks.

Root Cause Analysis - Incident Investigation

Over 60,000 Vehicles Recalled Due to Steering Column Defects

By Kim Smiley

General Motors Co has announced a recall of over 69,000 full-size trucks and vans because of steering column defects that may allow a parked car to roll away.  Only about 1 in 1,000 of the recalled vehicles is expected to have the defect.

This issue can be analyzed by building a Cause Map, or visual root cause analysis.    A Cause Map is an intuitive way to visually show the cause-and-effect relationships between the many causes that contribute to an issue.  In this example, the recall was announced because there are a large number of vehicles that need to be inspected.  The inspections are necessary because some vehicle need to have the steering columns replaced.  The replacements are necessary because a small percentage of vehicles have defective steering columns that may allow a parked car to roll.

Investigation into the steering column defects found that there were two separate issues causing similar problems.  There is a possibility that the column lock module assembly might malfunction because of a manufacturing issue with a component.  Investigators also found that some shift cables had been fractured because of mishandling.  Both issues resulted in the same potential safety issues.  If the steering column defects are present a parked car could roll away because it may be possible to shift from park when the key is removed or in “off” position, shift from park with application of brake pedal with key in “off” position, or to turn the key to the “off” position and remove while not in park.  To view a high level Cause Map of this issue which includes all these causes, click on “Download PDF” above.

Once the Cause Map is built, the final step in the process is to determine a solution to prevent recurrence.  Once the problems were identified the solution was fairly straightforward.  The recall was initiated to inspect all vehicles potentially affected by these issues and replace the steering column if a defect is found.

A recall is never a good thing for a company, but one silver lining in this incident is that the company identified the problem during an audit before receiving any reports of issues.  There have been no reports of accidents or injuries caused by these steering column defects.  The majority of the vehicles are also believed to be either in transit to dealers or sitting on dealer lots so a limited number of customers should be impacted by the recall.