×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Stuxnet
2

Stuxnet

Stuxnet

(OP)
Lets talk hypothetically for a second, and lets strip out the religion and politics, since that won't really address the business ethics issue. Heck, I personally wouldn't work for a company that made weapons in the first place, unless my customers were responsible private citizens.

Lets say you work for a manufacturing company that produces hardware often used by government entities in expensive, sensitive work relating to national security. Another government entity or small group of government entities approaches you to provide expertise in a complicated plot to sabotage your own hardware for one of your other customers, whom they oppose politically.

Do you do it at all? If you felt justified in aiding the sabotage of your other customer, for political or other reasons, why did you sell that customer the hardware in the first place? And here's the one I really can't get my head around - Do you ask to be paid for your help in sabotaging your other customer?

I welcome opinions of all flavors on this, but I especially welcome informed opinions from people who have worked for international government agencies and had to deal with this sort of conflict of interest before.

Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com

RE: Stuxnet

Are we talking about "Another government entity or small group of government entities" which are ostensibly part of the SAME government as was the "government entities" which purchased the hardware originally? Or are you talking about a situation where your company has sold some military hardware to a foreign government (one for which at the time of the sale is was legal to do business with) but subsequently, for whatever reason, our own government, or some other nation's government, has come to you (your company) and asked for this so-called "expertise" which would in essence sabotage what was sold to that original customer?

John R. Baker, P.E.
Product 'Evangelist'
Product Engineering Software
Siemens PLM Software Inc.
Industry Sector
Cypress, CA
Siemens PLM:
UG/NX Museum:

To an Engineer, the glass is twice as big as it needs to be.

RE: Stuxnet

beej67,

You will have to be more specific for me to understand this.

You design a system of tank armour and sell it to the Upper Slobovians. You design new armour piercing weapons and sell them to the Lower Slobovians. You design upgraded tank armour and sell it to the Upper Slobovians...

I would say that this was unethical, but I would also note my belief that violence causes weapons, not the other way around. The Slobs should be pickier about who they deal with.

I would be concerned about agencies of my government sabotaging each other's work.

--
JHG

RE: Stuxnet

Sadly these situations are rarely that simple, the below while still simple is maybe a bit more typical.

You work for a defense (or similar) company in 'Western country A'.

Your employer sell weapons to the Upper Slobovians, since their enemy the Lower Slobovians are also Western country A's enemy. This is approved by the govt of Western country A and complies with international sanctions yada yada yada.

Over time there is a change in the regime/political climate in some or all of the 3 countries. Details not overly important but fundamentally now relations between the Upper Slobovians & Western country A have soured while relations with the Lower Slobovians have improved.

The Lower Slobovians, with the approval of the govt of Western country A approach your company about countering the weapons you sold to the Uppper Slobovians.

Do you do it?

Having worked for a defense company, with no real qualms over it, I'd say yeah I'd probably do it.

I mean, if you sold cars and then saw one of your customers using their car to escape the scene of a crime would it be unethical for you throw thumb tacks in their path or some such?

Posting guidelines FAQ731-376: Eng-Tips.com Forum Policies http://eng-tips.com/market.cfm? (probably not aimed specifically at you)
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?

RE: Stuxnet

You are applying American ethics to a situation that is only American by association.

Stuxnet originated in Israel, where the line of separation between state and industry is quite blurry. Stuxnet attacked German-made components. Germany is a strong ally of Israel (anyone who doesn't know this knows next to nothing of modern Israel). Germany is also a place where the line between state and industry is fuzzy.

RE: Stuxnet

TheTick you make a good point but, I'm tempted to say that when it comes to defense matters (or vaguely related fields like nuke energy etc.) that in most countries the line of separation between defense companies and state is blurry.

If for no other reason the government oversight of arms exports limits the ability of defense companies to sell to anyone they like.

Additionally many governments have some kind of State brokerage or similar to actively promote selling defense articles as part of their foreign & economic policy. Foreign Military Sales, Rosboronexport etc. are examples of government involvement in the actual selling of defense articles. Heck for big deals high ranking government officials (sometimes even head of state) will travel to other countries to press their arms companies case.

Posting guidelines FAQ731-376: Eng-Tips.com Forum Policies http://eng-tips.com/market.cfm? (probably not aimed specifically at you)
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?

RE: Stuxnet

(OP)
Each of the hypothetical scenarios in responses above posits a change of political position. Lets presume for the sake of argument there is no such shift - things are as they were before you were born. Lets also presume your company is headquartered in a third/fourth country, on a separate continent from any of the previously mentioned companies, with historically positive relations with the saboteurs but no historically negative relations with the customer you're being asked to sabotage.

Lets also presume the act of sabotage itself is not simply creating an upgrade that obsoletes your previous product (commonplace and not unethical, ask Apple) but specifically sabotaging the product you sold to your customer, at the request of another competing customer.

So back to the Slobivians. Your company is from Germinostan. You sell highly sensitive national security widgits to the Upper and Lower Slobivians. Germinostan has a pretty good relationship with the Upper Slobivians, and is indifferent to the lower Slobivians. No relationships change. Upper Slobivia approaches you to join their covert operation to sabotage all of your widgets in Lower Slobivia.

Generally, do you do it?
If so, do you ask to be paid for doing it?
Do you only do it if there are strong external motivations for doing it?
If there are strong external motivations for doing it, should you have not sold them the widgits in the first place?

Now I realize there's a lot more to the "real life" question of Stuxnet. Particularly, there's personal ethics and religious conflict, and I acknowledge that sometimes those can trump business ethics, depending on the scenario. I'm asking specifically about the business ethics element, though, and it's cleanest to discuss that element with a hypothetical.

Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com

RE: Stuxnet

(OP)
Also, to be very clear, I think Siemens ducks the question anyway. As I understand it, all Iran's stuff was illegally procured in the first place, so Siemens has no client relationship with them. But the hypothetical could apply to a lot of stuff, particularly as the geopolitical situation evolves over the next couple of decades.

Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com

RE: Stuxnet

(OP)
KENAT: In your opinion, does national policy always trump business ethics, sometimes trump it, or never trump it? Does your answer vary depending on the nature of the national policy?

Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com

RE: Stuxnet

I would say that generally national policy trumps business ethics (not personal morality though - I want to be clear on that) especially given that any enforcement of business ethics is typically by some branch of government it's difficult to argue otherwise. Sure you can claim that 'ethics' is separate from legality or enforcement of legality but there is generally some correlation - at least to the 'spirit' of the law.

Of course there are situations where the super secret spy agency doesn't let the board of trade know you were helping them out and you get screwed etc. but that's just one reason why it's difficult to give simple answers or even pose meaningful simple questions.

These types of situations have existed as long as there has been international trade. Certainly even in the run up to WWI & WWII there were sales of arms & arms related technology between various countries that eventually ended up on opposite sides.

Posting guidelines FAQ731-376: Eng-Tips.com Forum Policies http://eng-tips.com/market.cfm? (probably not aimed specifically at you)
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?

RE: Stuxnet

Seems to me that your question is deliberately loaded; since you claim to no want to discuss politics, yet your scenario is rife with political overtones.

"nd here's the one I really can't get my head around - Do you ask to be paid for your help in sabotaging your other customer? "

Sure, why not? If you are truly asking about an unnatural, apolitical, areligious, scenario, then it's purely a business decision. The only real question is whether it's ECONOMICALLY rational to do the job, i.e., do you care about repeat business or retaliation. Can it be traced back to your company? Once those questions can be answered to your benefit, then the job is just a job, for which you should be paid for. In fact, the bill should be particularly high to cover the downside risks.

Take the converse scenario; your product has known weaknesses, for which one customer will pay you to develop a defense against. Would you take the job strictly as a business decision? Would you warn your prior customer that such a defense has been developed and you could be paid to do the same for that customer?

TTFN
FAQ731-376: Eng-Tips.com Forum Policies

RE: Stuxnet

Since when does engineering have anything to do with social, political, or spiritual preference?

If you're upset you are designing a giant blender for babies, you shouldn't have taken the contract or you can politely resign from your position and move on. Our ethics are bound by scope, contract, budget, and engineering principal.

Leave the gooshy stuff to the salesmen.

RE: Stuxnet

In the early '80's i worked for a defense contractor who did just what you can imagine. They built radar and anti-radar systems for planes like the F15 and F16. They also built ground-based portable radar units. Our actual customer was the US government in most cases who then resold the complete aircraft to lots of countries. I don't think we designed specific software to overcome other systems that we built.

One story from when I worked there. Marketing had arranged to bring in foreiegn miltary advisors to look at the equipment their countries were buying. Little did the aircraft radar group know that the jamming radar group had sceduled a visit the same day. We had the Egyptians touring one area of the plant and being carefully guided around so they would not see the Israeli officers in another part of the plant. Luckily the buildings were almost 2 million sq. ft. of space, so it was easy to plan the tour routes to miss each other.

"Wildfires are dangerous, hard to control, and economically catastrophic."

Ben Loosli

RE: Stuxnet

Then there was the Falkland conflict. Much of Argentina's air force was US built, then used against one of our allies.

RE: Stuxnet

Tick, they also had a bunch of British and French kit.

Like I mentioned though that kind of thing dates back to antiquity.

I suspect at some point some cave man was killed with flint head spear his tribe had traded with another tribe or some such.

Posting guidelines FAQ731-376: Eng-Tips.com Forum Policies http://eng-tips.com/market.cfm? (probably not aimed specifically at you)
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?

RE: Stuxnet

(OP)

Quote:

Sure, why not? If you are truly asking about an unnatural, apolitical, areligious, scenario, then it's purely a business decision. The only real question is whether it's ECONOMICALLY rational to do the job, i.e., do you care about repeat business or retaliation. Can it be traced back to your company? Once those questions can be answered to your benefit, then the job is just a job, for which you should be paid for. In fact, the bill should be particularly high to cover the downside risks.

Do you guys think this opinion/position varies by industry?

To take a civil engineering slant on the scenario - I cannot do a project for Developer A and a project for Developer B, then be the expert witness in Developer A suing Developer B to tie his development up in court long enough for Developer A's to open first. Doing so would be a conflict of interest, and would also pretty well wreck my reputation in the industry among other developers. Violates professional ethics, at least as I understand it.

Hell, when I used to do a lot of work for (Big Box Hardware Store A), it was company policy that I was required to never do any projects for (Big Box Hardware Store B). Not only that, if I had another unrelated project I was in the middle of designing, and my client chased (BBHS B) to fill his anchor retail spot, we had to recuse the job and pass it off to another engineer to complete.

Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com

RE: Stuxnet

And, in the vein of altering products, that's done all the time, so that ATT can't sell the exact same handset with the same features that Verizon might sell.

TTFN
FAQ731-376: Eng-Tips.com Forum Policies

RE: Stuxnet

Ever see an ad for store A that says we will not be undersold on item #123456 computer? Try to find item #123456 at another store, it won't be there. Item #123456 even though comparable in all specs to item #987654 sold at store B, is only made for store A. Making unique product items is not new.

"Wildfires are dangerous, hard to control, and economically catastrophic."

Ben Loosli

RE: Stuxnet

Up to 1990s, there was never a war between two nations that had McDonald's restaurants. The Balkan conflict was the first.

RE: Stuxnet

Stuxnet = US government program.

I used to work at a place that made pharmaceutical equipment. Mentioned Stuxnet to a couple of the automation people there, 'do you have any protection or security against viruses or exploits?' . Blank stares.

RE: Stuxnet

Generally, business is business as long as it doesn't violate business or professional ethics. However, many people cannot be separated from their core beliefs, biases, philosophies, etc. so easily; consequently, they're always in play somehow to some degree. This, to me, is what creates the complexities of life. Each situation has to be viewed within context. Providing engineering for BBHS A/B, where economic and market share competition are important, is different than defense/offense between nations, where national sovereignty, life, resources, government entities, physical boundaries, etc. are important. I am not a conspiracy theorist but people do conspire to topple one another all the time and nations are comprised of people. Political elections are the most obvious example of conspiracy to "overthrow" another.

To me, it's not much different than manufacturers somehow obtaining the competition's equipment for study, copy, etc. to gain market share. Of course, I will fully acknowledge I probably don't understand the full scope of all matters.

Quote (moon161)

Mentioned Stuxnet to a couple of the automation people there, 'do you have any protection or security against viruses or exploits?' . Blank stares.

Efforts have been underway to develop standards to strengthen security on control systems. Stuxnet helped bring that issue to the forefront yet some companies are very proactive thus have well developed security standards on systems, which are well over a decade old.

Quote (IRstuff)

Interestingly, the automation and connectivity that's supposed to make our lives and jobs simpler, aren't...

I see it a bit differently. I see how they've made life much simpler and in some ways more enjoyable. After all, we enjoy eng-tips quite a bit.

Pamela K. Quillin, P.E.
Quillin Engineering, LLC

RE: Stuxnet

The simplicity comes at a rather huge cost; where there are armies of people trying to protect us against hacks, worms, Trojan horses, etc. And that's an example of the reversal in simplicity; we've developed an entire lexicon and argot to describe all the bad things that can happen to our computers that didn't exist 30 years ago.

As for knowledge about things like Stuxnet, that's endemic pretty much everywhere; machine operators must defer to their IT guys that deal with that, just like us with our PCs. I remember a time when we would get a virus update and we would look to see what new things were added; they're now just something that happens, completely in the background. And, of course, there are TONS of people who still don't seem to understand or care about the fact that they computers or websites have been compromised because they didn't use prophylactics.

TTFN
FAQ731-376: Eng-Tips.com Forum Policies

RE: Stuxnet

Just means jobs for people laid off in industries that have gone by the wayside, if they want to train for them. There is usually good and bad with new things in life but we must move forward.

Pamela K. Quillin, P.E.
Quillin Engineering, LLC

RE: Stuxnet

The problem is that while the need exists, there's not any money to fund the solution. Some j-random mom&pop e-commerce website doesn't have the expertise or the money to acquire the expertise to protect their website, and they wind up subsidizing someone else's phishing site. Happens on a daily basis.

TTFN
FAQ731-376: Eng-Tips.com Forum Policies

RE: Stuxnet

Call your lawyer!!!!!!!!!!!!!!!!

RE: Stuxnet

No.

I work for a company, on equipment related to national security for some government entity X. Another government entity Y (even the same government) approaches me. I tell them that I'm not at liberty to discuss entity X's business with them. That's how security clearances work. Its all a matter of compartmentalization, to keep the 'need to know' under control.

If entity Y needs some information on X's project, they can work through X, who will in turn modify the scope of their contract with us to include Y. Otherwise, no deal.

There are established procedures for doing classified work under security clearances. Even if I'm NOT working on a classified project, anyone asking me to do what sounds like it should be covered by a clearance (like they ask me not to discuss their business with others), I'd decline until they go through the DIA (Defense Intelligence Agency) to get me the proper clearances.

RE: Stuxnet

Use the boy Scout rule.... and if you get caught - now what??

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members!


Resources