These, and other types of “subtle” control system cyber issues that do not involve Internet Protocol networks demonstrate that identifying control system incidents as being cyber-related often is not obvious.
NHTSA recalled 144,500 Ford Mavericks over concerns that the rearview camera display could show frozen images while backing up. November 14, 2024, NHTSA announced that Ford will have to pay up to $165 million for failing to comply with federal recall requirements. Ford said a frozen rearview camera display image could lead to a “false representation of where the vehicle is relative to its surroundings, increasing the risk of a crash.” The backup camera systems are control and monitoring systems used for driver needs. The automaker linked the potential issue to “improper memory handling” within the Connected Touch Radio software resulting in delayed images being displayed. Consequently, the frozen back-up camera incidents were control system cyber incidents as memory issues caused the loss of availability and integrity of the camera systems to provide correct displays of the current conditions. However, NHTSA did not identify these as being cyber incidents. Even though these incidents were unintentional somewhat akin to the CrowdStrike unintentional cyber incidents, the impact was similar to the Stuxnet man-in-the middle attack used to mislead the operators by replaying “good” rather than actual real time conditions of the centrifuges in Iran. These, and other types of “subtle” control system cyber issues that do not involve Internet Protocol networks demonstrate that identifying control system incidents as being cyber-related often is not obvious.
