Published Date: 2015-03-09
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident date is unknown. |
| System | The software failure incident discussed in the articles did not mention a specific system failure. The focus was on the potential vulnerabilities and security risks associated with driverless vehicles and the challenges in ensuring their cybersecurity. Therefore, the specific system(s) that failed in a software failure incident are unknown. |
| Responsible Organization | 1. Hackers [34512] 2. Malicious individuals [34512] |
| Impacted Organization | 1. Driverless vehicle systems, including those involved in trials like the GATEway trial in Greenwich, were impacted by the software failure incident [34512]. |
| Software Causes | 1. The software causes of the failure incident were related to the vulnerability of driverless vehicles to hacking and security breaches due to the increasing complexity and connectivity of the software systems [34512, 34512, 34512]. 2. The software systems in driverless vehicles were highlighted as having considerable attack surfaces, with the potential for someone to find a way to hack into critical systems such as steering, brakes, lights, horn, and transmission [34512]. 3. Concerns were raised about the security of connecting driverless vehicles remotely over phone networks like GSM, 3G, and 4G, as the fundamental network protocols were deemed inadequate, making it easy to break communication and compromise the software systems [34512]. 4. The software in cars, especially in driverless vehicles, was described as only accidentally secure, with many systems being loosely connected and air-gapped, but the trend towards turning cars into computers on wheels was seen as eliminating these air gaps and increasing the attack surface for potential hackers [34512]. |
| Non-software Causes | 1. Lack of proper investment in protecting the system against hacking attempts [Article 34512] 2. Vulnerabilities in fundamental network protocols used for communication over GSM, 3G, and 4G networks [Article 34512] 3. Potential lack of failsafes in place for autonomous vehicles to prevent hacking [Article 34512] 4. Transition of cars into computerized systems with increased connectivity, reducing air gaps and increasing attack surface [Article 34512] |
| Impacts | 1. The impacts of the software failure incident discussed in the articles include the potential risk of hacking into driverless vehicles, which could compromise the control systems like brakes and steering, leading to safety concerns for passengers and pedestrians [34512]. 2. The incident highlights the challenge of maintaining software security throughout the life of a system, especially as vehicles become more connected and reliant on software [34512]. 3. The software failure incident raises concerns about the vulnerability of driverless vehicles to hacking and the need for robust security measures to prevent malicious activities that could endanger individuals [34512]. 4. The incident underscores the importance of investing in protecting software systems and implementing failsafes to mitigate the risks associated with potential hacking attempts on autonomous vehicles [34512]. |
| Preventions | 1. Implementing strong cybersecurity measures and protocols to protect against hacking attempts [34512, 34512]. 2. Keeping critical systems air-gapped and limiting unnecessary connections to reduce the attack surface [34512]. 3. Conducting thorough safety analysis and implementing failsafes in autonomous vehicles to mitigate potential vulnerabilities [34512]. 4. Continuously reviewing and updating security measures as technology evolves and new threats emerge [34512]. |
| Fixes | 1. Implementing strong cybersecurity measures and protocols to protect against hacking attempts [34512, 34512]. 2. Conducting thorough safety analysis and incorporating failsafes in autonomous vehicles to prevent potential hacks [34512]. 3. Enhancing network protocols and communication security to ensure secure remote connections in vehicles [34512]. 4. Increasing attention and focus on security within the expert community to address potential vulnerabilities in connected systems [34512]. 5. Collaborating with major players like Google, known for having a strong security team, to improve the security of driverless cars [34512]. | References | 1. Hugh Boyes, Cyber security lead at the Institution of Engineering and Technology [Article 34512] 2. Councillor Denise Hyland, Leader of the Royal Borough of Greenwich [Article 34512] 3. Andrew Martin, Professor of Systems Security, Oxford University [Article 34512] 4. Jonathan Brossard, "White Hat" hacker and director of Toucan Systems [Article 34512] 5. Jeff Williams, CTO and founder of Contrast Security [Article 34512] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | unknown | (a) The articles do not provide information about a specific software failure incident happening again within the same organization or with its products and services. Hence, the information about a software failure incident happening again at one_organization is unknown. (b) The articles discuss the potential risks and vulnerabilities related to software security in driverless vehicles, emphasizing the challenges of ensuring cybersecurity in autonomous systems. Various experts highlight the concerns about hacking and security vulnerabilities in connected vehicles, indicating that the issue is not specific to a single organization but rather a broader industry concern. Therefore, the information about a software failure incident happening again at multiple_organization is not directly addressed in the articles. |
| Phase (Design/Operation) | design, operation | (a) The articles discuss the potential risks and challenges related to software security in driverless vehicles, highlighting the importance of design considerations to mitigate vulnerabilities introduced during system development and updates. For example, the article by Hugh Boyes mentions the need to maintain software in a secure state throughout its life, emphasizing the challenge of ensuring security in systems with a large amount of code [34512]. Similarly, Andrew Martin points out that autonomous vehicles will require careful safety analysis to obtain certification, indicating the importance of design choices in building failsafes against potential hacks [34512]. (b) Regarding software failures related to operation or misuse, the articles touch upon the risks associated with connecting vehicles to external networks for communication. Jonathan Brossard raises concerns about the security of communication over phone networks and the vulnerabilities in fundamental network protocols, which could lead to potential breaches during operation [34512]. Jeff Williams also discusses the transformation of cars into "computers on wheels" and the increased attack surface in driverless vehicles due to the direct connection of software to critical systems like steering and brakes, highlighting the operational risks as these systems become more interconnected [34512]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The articles discuss the potential for software failures within the system due to factors such as inadequate security measures, vulnerabilities in network protocols, and the increasing complexity of software in driverless vehicles. For example, the software in cars is described as "only accidentally secure" and the air gaps between systems are expected to disappear as cars become more connected [34512]. Additionally, the challenge of maintaining software security throughout its life is highlighted, indicating the importance of addressing internal vulnerabilities [34512]. (b) outside_system: The articles also touch upon the risks posed by external factors such as hacking and malicious attacks on software systems. While the number of individuals seeking to cause malicious damage to cars is considered low, the potential for hackers to exploit vulnerabilities in connected systems is acknowledged [34512]. The discussion on the security of driverless vehicles emphasizes the need to be resilient to hacking and other security vulnerabilities from external sources [34512]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The articles discuss the potential for software failure incidents related to non-human actions, particularly in the context of autonomous vehicles. Jonathan Brossard, a "White Hat" hacker, highlights the vulnerabilities in fundamental network protocols used for remote connectivity in cars, stating that the protocols are so bad that any software built on top of them is likely to be insecure [Article 34512]. Additionally, Andrew Martin, a Professor of Systems Security, emphasizes that while autonomous vehicles may not be hack-proof, there will be failsafes in place to mitigate risks associated with potential malicious activities [Article 34512]. (b) On the other hand, the articles also touch upon the risks of software failure incidents stemming from human actions. Hugh Boyes, a cyber security lead, raises concerns about the challenge of maintaining software security throughout the lifecycle of autonomous vehicles, given the increasing complexity of the software involved [Article 34512]. Jeff Williams, the CTO of Contrast Security, points out that as cars become more connected and turn into "computers on wheels," the attack surface for potential hackers increases significantly, especially since driverless vehicles have considerably more software directly connected to critical systems like steering and brakes [Article 34512]. |
| Dimension (Hardware/Software) | hardware, software | (a) The articles discuss the potential for software failure incidents related to hardware. Andrew Martin, a Professor of Systems Security at Oxford University, mentions that autonomous vehicles will need very careful safety analysis to get an MoT certificate, indicating the importance of hardware-related safety measures [34512]. Jeff Williams, the CTO and founder of Contrast Security, highlights that as cars become more connected and turn into computers on wheels, the air gaps between systems will disappear, leading to potential hardware-related vulnerabilities [34512]. (b) The articles also address software-related factors contributing to software failure incidents. Hugh Boyes, a cyber security lead at the Institution of Engineering and Technology, emphasizes the challenge of maintaining software security throughout its life, especially as the amount of code in driverless vehicles increases significantly [34512]. Jonathan Brossard, a "White Hat" hacker and director of Toucan Systems, points out the vulnerabilities in fundamental network protocols used for remote connections in cars, indicating potential software weaknesses that can be exploited [34512]. |
| Objective (Malicious/Non-malicious) | malicious, non-malicious | (a) The articles discuss the potential for malicious software failures in the context of driverless vehicles. Jonathan Brossard, a "White Hat" hacker, mentions the vulnerabilities in connecting cars remotely over phone networks and the challenges in securing such communications, highlighting the risk of malicious attacks [Article 34512]. Andrew Martin, a Professor of Systems Security, also acknowledges the possibility of malicious actors attempting to hack autonomous vehicles for profit, emphasizing the need for careful safety analysis and failsafes to mitigate such risks [Article 34512]. (b) On the non-malicious side, the articles mention the challenges of ensuring the security and resilience of driverless vehicles against hacking and security vulnerabilities. Councillor Denise Hyland emphasizes the importance of examining how driverless vehicles can be used safely in everyday environments and the ongoing review of security measures to address potential vulnerabilities [Article 34512]. Andrew Martin also notes that while nothing is hack-proof, there will likely be failsafes in place to enhance security against non-malicious software failures [Article 34512]. |
| Intent (Poor/Accidental Decisions) | accidental_decisions | (a) The articles do not provide information about a software failure incident related to poor decisions. (b) Article [34512] mentions that the software in cars is mostly "accidentally secure" and that as cars become more connected, the attack surface increases, making it more likely for someone to find a way to hack into the systems. This indicates that the potential for a software failure incident in driverless vehicles could be due to accidental decisions or unintended consequences rather than poor decisions. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) The articles discuss the potential for software failure incidents due to development incompetence, particularly in the context of cybersecurity and the increasing complexity of software systems. For example, Andrew Martin, a Professor of Systems Security at Oxford University, highlights the trade-off between investing in protecting software systems and the potential for adversaries to exploit vulnerabilities [Article 34512]. Similarly, Jeff Williams, the CTO and founder of Contrast Security, points out that the software in cars is currently only accidentally secure, and as more systems become connected, the attack surface for potential hacks increases significantly [Article 34512]. (b) The articles also touch upon the possibility of accidental software failures. Jeff Williams mentions that most automobile systems are currently not connected together and are "air-gapped" from each other, but as cars become more like computers on wheels, the air gaps will disappear, potentially leading to accidental vulnerabilities [Article 34512]. |
| Duration | unknown | The articles do not provide specific information about a software failure incident being either permanent or temporary. Therefore, the duration of the software failure incident in the context of being permanent or temporary is unknown. |
| Behaviour | byzantine, unknown | (a) crash: - Article 34512 mentions the potential for software failures in autonomous vehicles, stating, "Unless hackers can find a way to hack your car and turn a profit, they won’t be interested... That doesn’t mean they won’t be hackable, but it does mean there will be lots of failsafes in place" [34512]. - The article also discusses the increasing complexity of software in driverless vehicles, highlighting that "Driverless vehicles have considerably more software than regular old cars" [34512]. (b) omission: - The article discusses the security vulnerabilities in driverless vehicles, mentioning the need to ensure they are resilient to hacking and other security vulnerabilities [34512]. - It also mentions the importance of reviewing security against hacking as technology evolves [34512]. (c) timing: - The articles do not specifically mention any software failure incidents related to timing issues. (d) value: - The articles do not specifically mention any software failure incidents related to the system performing its intended functions incorrectly. (e) byzantine: - The article discusses the challenges of securing communication in cars over phone networks, stating, "Fundamental network protocols are so bad that, whatever software you write on top of it, is going to be garbage" [34512]. - It also mentions the difficulty in ensuring secure communication in cars on the move and highlights the vulnerabilities in network protocols [34512]. (f) other: - The articles do not provide information on any other specific behavior of software failure incidents. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | unknown | (a) sensor: The articles discuss the vulnerability of driverless vehicles to hacking and the importance of securing the systems. Sensor errors could potentially lead to failures in the perception layer of the cyber physical system. (b) actuator: The articles mention the critical systems in driverless vehicles that are directly connected to software, including steering and brakes. Failures in actuators due to errors introduced by software could lead to system failures. (c) processing_unit: The articles highlight the significant amount of software involved in driverless vehicles and the importance of securing these systems. Errors in the processing unit could lead to failures in the cyber physical system. (d) network_communication: There is a discussion about the challenges of securing network communication in vehicles, especially when connected remotely over phone networks. Weak network protocols could introduce vulnerabilities leading to failures in the communication layer of the cyber physical system. (e) embedded_software: The articles emphasize the increasing complexity of software in driverless vehicles and the potential for vulnerabilities. Failures in embedded software could directly impact the functioning of the cyber physical system. |
| Communication | connectivity_level | From the provided articles, there is information related to the failure being potentially related to the communication layer of the cyber physical system that failed: 1. Jonathan Brossard, a "White Hat" hacker and director of Toucan Systems, mentioned concerns about the security of connecting cars remotely over GSM, 3G, 4G phone networks. He highlighted the challenges with fundamental network protocols being weak, making it easy to break communication. This indicates a potential vulnerability at the communication layer [Article 34512]. 2. Jeff Williams, CTO and founder of Contrast Security, discussed the evolution of cars into "computers on wheels" and how driverless vehicles have considerably more software directly connected to critical systems like steering and brakes. He mentioned that as cars become more connected, the air gaps between systems are disappearing, increasing the attack surface. This suggests a potential risk at the communication layer as systems get more interconnected [Article 34512]. |
| Application | FALSE | Unknown |
| Category | Option | Rationale |
|---|---|---|
| Consequence | harm, property, non-human, theoretical_consequence | (a) death: There is no mention of any software failure incident leading to death in the provided articles [34512]. (b) harm: The articles discuss the potential harm that could result from a software failure incident in driverless vehicles. It is mentioned that someone could find a way to hack into driverless vehicles, which could lead to physical harm if exploited by a malicious individual [34512]. (c) basic: There is no mention of people's access to food or shelter being impacted by a software failure incident in the provided articles [34512]. (d) property: The articles highlight the potential impact on people's material goods, money, or data due to software failure incidents in driverless vehicles. It is mentioned that driverless vehicles have considerably more software directly connected to important systems like steering, brakes, lights, etc., increasing the attack surface for potential hackers [34512]. (e) delay: There is no mention of people having to postpone an activity due to a software failure incident in the provided articles [34512]. (f) non-human: The articles discuss the potential impact on non-human entities, specifically driverless vehicles, due to software failure incidents. It is mentioned that the attack surface for potential hackers increases as driverless vehicles become more connected and reliant on software systems [34512]. (g) no_consequence: There is no mention of there being no real observed consequences of a software failure incident in the provided articles [34512]. (h) theoretical_consequence: The articles discuss theoretical consequences of software failure incidents in driverless vehicles, such as the potential for harm if someone were to hack into these vehicles and exploit vulnerabilities in the software systems [34512]. (i) other: The articles do not mention any other specific consequences of a software failure incident beyond those discussed in the options (a) to (h) [34512]. |
| Domain | transportation, manufacturing, other | (a) The articles discuss the potential software failure incidents related to the transportation industry, specifically focusing on driverless vehicles and the challenges associated with ensuring their security against hacking and other vulnerabilities [34512]. (b) The software failure incident is directly related to the transportation industry, particularly concerning driverless vehicles and the security risks associated with their increasing connectivity and software complexity [34512]. (c) The software failure incident does not directly relate to the extraction of materials from Earth or natural resources. (d) The articles do not mention any software failure incident related to sales or the exchange of money for products. (e) The software failure incident discussed in the articles is not related to the construction industry. (f) The articles highlight the software failure incident in the context of the manufacturing industry, specifically concerning the increasing software complexity in driverless vehicles and the potential vulnerabilities associated with their systems [34512]. (g) The software failure incident is not directly linked to utilities such as power, gas, steam, water, and sewage services. (h) The articles do not mention any software failure incident related to the finance industry or the manipulation and movement of money for profit. (i) The software failure incident is not specifically related to the knowledge industry encompassing education, research, and space exploration. (j) The articles do not discuss any software failure incident related to the health industry, healthcare, health insurance, or food industries. (k) The software failure incident is not directly associated with the entertainment industry encompassing arts, sports, hospitality, and tourism. (l) The articles do not mention any software failure incident related to the government sector, including politics, defense, justice, taxes, and public services. (m) The software failure incident discussed in the articles is related to the automotive industry and the development of driverless vehicles, which falls under the "other" category as it is not explicitly covered in the provided options [34512]. |
Article ID: 34512