Diesel cheat scandal affects almost 12 million vehicles – an industrial strength cyber event

Sept. 16, 2020
Stuxnet is viewed as a nation-state cyberattack. Stuxnet changed the control logic, which then changed the process, and then changed the logic back so the operator would be unaware. The Volkswagen, Fiat-Chrysler, and Daimler-Mercedes cheat scandals were essentially the same. These attacks demonstrate the magnitude of a “supply chain attack” that can affect almost 12 million vehicles. This supply chain compromise of the controller logic with alternative logic would be relevant to any industry or manufacturing process especially with the participation of control system domain experts. The cheat scandal also changed the meaning of the terms “insider attack” and “rogue employee”. It can mean a rogue insider individual, an unwitting accomplice of an outsider, or corporate misconduct. In any case, the insider threat should draw attention to the importance of monitoring processes, process sensors, and process controllers inside an industrial or manufacturing organization. Once an attacker (person or logic) is in place, the attacker can function as a trusted insider.

The Stuxnet attack against Iran’s nuclear program is universally viewed as a nation-state cyberattack. The Stuxnet malware changed the target system’s control logic to damage the target, in this case uranium centrifuges, and then changed the logic back so the operator would be unaware the damage to the target was caused by the control logic. 

Despite the substantial differences in applications, there are direct similarities between Stuxnet and the emission cheating scandals in the automotive industry involving Volkswagen, Fiat-Chrysler, and Daimler-Mercedes. Because the auto manufacturers could not meet the modified emissions requirements, these major international corporations (not quite nation-state), utilized alternate control logic (“cheat devices”) to change the control system logic in fuel and emission controls in their diesel cars and trucks to “pass” the emissions testing.  Robert Bosch GmbH is alleged to have provided the technology that facilitated VW’s cheating on U.S. government diesel emissions tests.  The parts supplier agreed not to contest the fine. In a statement released by prosecutors in Stuttgart, Bosch "delivered around 17 million motor control and mixture control devices to various domestic and foreign manufacturers, some of whose software contained illegal strategies.” https://www.forbes.com/sites/doronlevin/2019/05/23/german-parts-maker-bosch-gets-off-with-relatively-light-100-million-fine-from-vw-dieselgate/#7b64d3f321f2. The cheat devices allowed vehicles to emit more nitrogen oxides than allowed under regulations. Following the “successful” emissions testing, the control system logic was changed back, so the cars and trucks could get the advertised mileage while damaging the “target” – the environment. Because the alternate control logic (malware) was in the individual vehicle controllers, Internet Protocol (IP) network anomaly detection and threat detection would not be capable of detecting the malware. The cheat scandal also changed the meaning of the terms “insider attack” and “rogue employee”. These cases demonstrate the magnitude of a “supply chain attack” could affect almost 12 million vehicles. This supply chain compromise of the controller logic with alternative logic would be relevant to any industry or manufacturing process especially with the participation of control system domain experts.

Thinking about the cheating scandals is timely. On September 14, 2020, the US DOJ released information regarding a settlement reached with Daimler over the emissions cheating scandal https://www.inquirer.com/wires/ap/daimler-ag-pay-15b-settle-emissions-cheating-probes-20200914.html. The agreement between the two entities resulted in Daimler agreeing to pay $1.5 billion in reparations that affected 250,000 cars and trucks. The deal was proposed between the DOJ, the Environmental Protection Agency, the California Air Resources Board, and Daimler. This will clear Daimler of all accusations of violating the US Clean Air Act. Daimler also faced a regulatory probe in Germany. Around 60,000 vehicles of the Mercedes-Benz GLK 220 CDI models produced between 2012 and 2015 were affected. The KBA had previously ordered Daimler to recall 700,000 vehicles worldwide, including 280,000 in Germany, over the illegal software. 

Diesel investigations have been running in Germany and elsewhere since 2015, when automobile giant Volkswagen admitted to building cheat devices into 11 million cars worldwide.

In January 2017, the EPA accused Fiat Chrysler of illegally installing software on about 104,000 pickups and sport-utility vehicles that spewed harmful pollutants while failing to disclose the technology. The allegations involve the 2014, 2015, and 2016 Jeep Grand Cherokee and light-duty Ram 1500 pickup trucks with 3-liter diesel engines. The EPA said the automaker installed eight different undisclosed software programs on the vehicles. Fiat Chrysler paid $945 million in penalties, including civil and otherwise. The automaker was also required to recall and repair all affected Fiat Chrysler diesel vehicles sold with a defective device. 

My database counted the Volkswagen, Fiat-Chrysler, and Daimler-Mercedes cases as one incident each, not the almost 12 million cars and trucks that were involved. This is why my database has less than 1,300 actual control system cyber incidents rather than millions if I would have counted each individual case.

A key point is the definition of “insider threat.” It can mean a rogue insider individual, an unwitting accomplice of an outsider, or corporate misconduct. In any case, the insider threat should draw attention to the importance of monitoring processes, process sensors, and process controllers inside an industrial or manufacturing organization. Once an attacker (person or logic) is in place, the attacker can function as a trusted insider.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.