Stuxnet
Stuxnet
(OP)
Lets talk hypothetically for a second, and lets strip out the religion and politics, since that won't really address the business ethics issue. Heck, I personally wouldn't work for a company that made weapons in the first place, unless my customers were responsible private citizens.
Lets say you work for a manufacturing company that produces hardware often used by government entities in expensive, sensitive work relating to national security. Another government entity or small group of government entities approaches you to provide expertise in a complicated plot to sabotage your own hardware for one of your other customers, whom they oppose politically.
Do you do it at all? If you felt justified in aiding the sabotage of your other customer, for political or other reasons, why did you sell that customer the hardware in the first place? And here's the one I really can't get my head around - Do you ask to be paid for your help in sabotaging your other customer?
I welcome opinions of all flavors on this, but I especially welcome informed opinions from people who have worked for international government agencies and had to deal with this sort of conflict of interest before.
Lets say you work for a manufacturing company that produces hardware often used by government entities in expensive, sensitive work relating to national security. Another government entity or small group of government entities approaches you to provide expertise in a complicated plot to sabotage your own hardware for one of your other customers, whom they oppose politically.
Do you do it at all? If you felt justified in aiding the sabotage of your other customer, for political or other reasons, why did you sell that customer the hardware in the first place? And here's the one I really can't get my head around - Do you ask to be paid for your help in sabotaging your other customer?
I welcome opinions of all flavors on this, but I especially welcome informed opinions from people who have worked for international government agencies and had to deal with this sort of conflict of interest before.
Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com





RE: Stuxnet
John R. Baker, P.E.
Product 'Evangelist'
Product Engineering Software
Siemens PLM Software Inc.
Industry Sector
Cypress, CA
Siemens PLM:
UG/NX Museum:
To an Engineer, the glass is twice as big as it needs to be.
RE: Stuxnet
You will have to be more specific for me to understand this.
You design a system of tank armour and sell it to the Upper Slobovians. You design new armour piercing weapons and sell them to the Lower Slobovians. You design upgraded tank armour and sell it to the Upper Slobovians...
I would say that this was unethical, but I would also note my belief that violence causes weapons, not the other way around. The Slobs should be pickier about who they deal with.
I would be concerned about agencies of my government sabotaging each other's work.
--
JHG
RE: Stuxnet
You work for a defense (or similar) company in 'Western country A'.
Your employer sell weapons to the Upper Slobovians, since their enemy the Lower Slobovians are also Western country A's enemy. This is approved by the govt of Western country A and complies with international sanctions yada yada yada.
Over time there is a change in the regime/political climate in some or all of the 3 countries. Details not overly important but fundamentally now relations between the Upper Slobovians & Western country A have soured while relations with the Lower Slobovians have improved.
The Lower Slobovians, with the approval of the govt of Western country A approach your company about countering the weapons you sold to the Uppper Slobovians.
Do you do it?
Having worked for a defense company, with no real qualms over it, I'd say yeah I'd probably do it.
I mean, if you sold cars and then saw one of your customers using their car to escape the scene of a crime would it be unethical for you throw thumb tacks in their path or some such?
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?
RE: Stuxnet
Stuxnet originated in Israel, where the line of separation between state and industry is quite blurry. Stuxnet attacked German-made components. Germany is a strong ally of Israel (anyone who doesn't know this knows next to nothing of modern Israel). Germany is also a place where the line between state and industry is fuzzy.
RE: Stuxnet
If for no other reason the government oversight of arms exports limits the ability of defense companies to sell to anyone they like.
Additionally many governments have some kind of State brokerage or similar to actively promote selling defense articles as part of their foreign & economic policy. Foreign Military Sales, Rosboronexport etc. are examples of government involvement in the actual selling of defense articles. Heck for big deals high ranking government officials (sometimes even head of state) will travel to other countries to press their arms companies case.
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?
RE: Stuxnet
Lets also presume the act of sabotage itself is not simply creating an upgrade that obsoletes your previous product (commonplace and not unethical, ask Apple) but specifically sabotaging the product you sold to your customer, at the request of another competing customer.
So back to the Slobivians. Your company is from Germinostan. You sell highly sensitive national security widgits to the Upper and Lower Slobivians. Germinostan has a pretty good relationship with the Upper Slobivians, and is indifferent to the lower Slobivians. No relationships change. Upper Slobivia approaches you to join their covert operation to sabotage all of your widgets in Lower Slobivia.
Generally, do you do it?
If so, do you ask to be paid for doing it?
Do you only do it if there are strong external motivations for doing it?
If there are strong external motivations for doing it, should you have not sold them the widgits in the first place?
Now I realize there's a lot more to the "real life" question of Stuxnet. Particularly, there's personal ethics and religious conflict, and I acknowledge that sometimes those can trump business ethics, depending on the scenario. I'm asking specifically about the business ethics element, though, and it's cleanest to discuss that element with a hypothetical.
Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com
RE: Stuxnet
To try and ignore that and focus on just business ethics seems silly.
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?
RE: Stuxnet
Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com
RE: Stuxnet
Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com
RE: Stuxnet
Of course there are situations where the super secret spy agency doesn't let the board of trade know you were helping them out and you get screwed etc. but that's just one reason why it's difficult to give simple answers or even pose meaningful simple questions.
These types of situations have existed as long as there has been international trade. Certainly even in the run up to WWI & WWII there were sales of arms & arms related technology between various countries that eventually ended up on opposite sides.
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?
RE: Stuxnet
"nd here's the one I really can't get my head around - Do you ask to be paid for your help in sabotaging your other customer? "
Sure, why not? If you are truly asking about an unnatural, apolitical, areligious, scenario, then it's purely a business decision. The only real question is whether it's ECONOMICALLY rational to do the job, i.e., do you care about repeat business or retaliation. Can it be traced back to your company? Once those questions can be answered to your benefit, then the job is just a job, for which you should be paid for. In fact, the bill should be particularly high to cover the downside risks.
Take the converse scenario; your product has known weaknesses, for which one customer will pay you to develop a defense against. Would you take the job strictly as a business decision? Would you warn your prior customer that such a defense has been developed and you could be paid to do the same for that customer?
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: Stuxnet
If you're upset you are designing a giant blender for babies, you shouldn't have taken the contract or you can politely resign from your position and move on. Our ethics are bound by scope, contract, budget, and engineering principal.
Leave the gooshy stuff to the salesmen.
RE: Stuxnet
Regards
Pat
See FAQ731-376: Eng-Tips.com Forum Policies for tips on use of eng-tips by professional engineers &
http://eng-tips.com/market.cfm
for site rules
RE: Stuxnet
One story from when I worked there. Marketing had arranged to bring in foreiegn miltary advisors to look at the equipment their countries were buying. Little did the aircraft radar group know that the jamming radar group had sceduled a visit the same day. We had the Egyptians touring one area of the plant and being carefully guided around so they would not see the Israeli officers in another part of the plant. Luckily the buildings were almost 2 million sq. ft. of space, so it was easy to plan the tour routes to miss each other.
"Wildfires are dangerous, hard to control, and economically catastrophic."
Ben Loosli
RE: Stuxnet
RE: Stuxnet
Like I mentioned though that kind of thing dates back to antiquity.
I suspect at some point some cave man was killed with flint head spear his tribe had traded with another tribe or some such.
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?
RE: Stuxnet
Do you guys think this opinion/position varies by industry?
To take a civil engineering slant on the scenario - I cannot do a project for Developer A and a project for Developer B, then be the expert witness in Developer A suing Developer B to tie his development up in court long enough for Developer A's to open first. Doing so would be a conflict of interest, and would also pretty well wreck my reputation in the industry among other developers. Violates professional ethics, at least as I understand it.
Hell, when I used to do a lot of work for (Big Box Hardware Store A), it was company policy that I was required to never do any projects for (Big Box Hardware Store B). Not only that, if I had another unrelated project I was in the middle of designing, and my client chased (BBHS B) to fill his anchor retail spot, we had to recuse the job and pass it off to another engineer to complete.
Hydrology, Drainage Analysis, Flood Studies, and Complex Stormwater Litigation for Atlanta and the South East - http://www.campbellcivil.com
RE: Stuxnet
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: Stuxnet
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: Stuxnet
"Wildfires are dangerous, hard to control, and economically catastrophic."
Ben Loosli
RE: Stuxnet
RE: Stuxnet
I used to work at a place that made pharmaceutical equipment. Mentioned Stuxnet to a couple of the automation people there, 'do you have any protection or security against viruses or exploits?' . Blank stares.
RE: Stuxnet
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: Stuxnet
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?
RE: Stuxnet
To me, it's not much different than manufacturers somehow obtaining the competition's equipment for study, copy, etc. to gain market share. Of course, I will fully acknowledge I probably don't understand the full scope of all matters.
Efforts have been underway to develop standards to strengthen security on control systems. Stuxnet helped bring that issue to the forefront yet some companies are very proactive thus have well developed security standards on systems, which are well over a decade old.
I see it a bit differently. I see how they've made life much simpler and in some ways more enjoyable. After all, we enjoy eng-tips quite a bit.
Pamela K. Quillin, P.E.
Quillin Engineering, LLC
RE: Stuxnet
As for knowledge about things like Stuxnet, that's endemic pretty much everywhere; machine operators must defer to their IT guys that deal with that, just like us with our PCs. I remember a time when we would get a virus update and we would look to see what new things were added; they're now just something that happens, completely in the background. And, of course, there are TONS of people who still don't seem to understand or care about the fact that they computers or websites have been compromised because they didn't use prophylactics.
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: Stuxnet
Pamela K. Quillin, P.E.
Quillin Engineering, LLC
RE: Stuxnet
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: Stuxnet
RE: Stuxnet
I work for a company, on equipment related to national security for some government entity X. Another government entity Y (even the same government) approaches me. I tell them that I'm not at liberty to discuss entity X's business with them. That's how security clearances work. Its all a matter of compartmentalization, to keep the 'need to know' under control.
If entity Y needs some information on X's project, they can work through X, who will in turn modify the scope of their contract with us to include Y. Otherwise, no deal.
There are established procedures for doing classified work under security clearances. Even if I'm NOT working on a classified project, anyone asking me to do what sounds like it should be covered by a clearance (like they ask me not to discuss their business with others), I'd decline until they go through the DIA (Defense Intelligence Agency) to get me the proper clearances.
RE: Stuxnet
RE: Stuxnet
What is Engineering anyway: FAQ1088-1484: In layman terms, what is "engineering"?