Will ISIS Hack the U. S. Power Grid?

In a meeting of electric-power providers last week, U. S. law enforcement officials revealed that Islamic State operatives have tried to hack into parts of the American power grid, so far without success.  But the mere fact that they're trying has some grim implications.

One of the officials, Caitlin Durkovich, is assistant secretary for infrastructure protection at the U. S. Department of Homeland Security.  She refused to provide specific details of the attacks, but an FBI official said so far that the attacks are characterized by "low capability." 

For some time now, it's been obvious that cyberwarfare may play an increasing role in future conflicts.  Perhaps the most significant successful attack up to now was mounted by a team of U. S. and Israeli experts in what came to be known as Stuxnet.  The attack was aimed at Iran's nuclear-material centrifuges and allegedly disabled many of them in 2010 before operators figured out what was going on. 

That attack was aimed at one specific facility, and the attackers had access to abundant information on the particular equipment involved.  Doing something similar to a significant part of the U. S. power grid would be a harder proposition for several reasons.

A Stuxnet-style attack on one generator, or even an entire plant, might temporarily  damage that plant and take it out of commission.  But the power grid is designed to deal with just such occurrences without major disruptions.  At any given time, a certain number of generators are offline for repairs or maintenance, and every so often a problem will cause one or more generators to trip out unexpectedly.  Unless the loss of capacity is very large or happens at a critical high-demand time (say on the hottest day of summer), the system absorbs the loss and reroutes power from other sources to make up the difference, often with no noticeable interruption to customers. 

So in order to produce a large-scale blackout that would do some good from a terrorism point of view, a different approach would be needed. 

The most vulnerable parts of the power grid from a hacking point of view are the network control systems themselves—the SCADA (supervisory control and data acquisition) devices and communications systems that tell system operators (both human and electronic) what the status of the grid is, and open and close the big high-voltage switches that route the energy.  A simultaneous order to a lot of circuit breakers to open up all across a large grid would throw the whole system into chaos, tripping other automatic breakers everywhere and necessitating a total shutdown and resynchronization, which could take hours or days—even longer if widespread mechanical damage occurred, which is possible. 

But doing that sort of attack would be very hard.  I am no power-grid expert, but I do know that long before the Internet came along, power utilities constructed their own special-purpose communication networks that carried the switch-command instructions, often by means of microwave relays or dedicated cables.  Originally, these specialized networks were entirely independent of the Internet because there was no such thing yet, and so were perfectly secure from Internet-based hacking.  Utilities tend not to throw anything away that still works, so my suspicion is that a good bit of network-control data still gets carried on these physically isolated communications links.  For a set of hackers halfway around the world to get into those specialized communications systems would require either amazing hacking abilities, or inside information, or most likely both. 

This is not to say that it's impossible.  But the job is orders of magnitude harder than disabling one uniform set of machines in one location.  As reports on the power-grid hacking attempts pointed out, the U. S. grid is a hodge-podge of widely different equipment, systems, protocols, hardware, and software.  A hack that might take out a power plant in Hackensack would probably be useless on a plant in Houston.  So to mount a coordinated attack that would create a politically significant amount of trouble would be a monumental undertaking—so hard that evil guys with limited resources may decide that some other type of troublemaking would be a better use of their time.

Does that mean we can just sit back and enjoy the fact that the Islamic State hackers don't know what they're doing?  Not necessarily.  Hackers come in all flavors, and as the Internet has played an increasing role in the day-to-day operation of electric utilities, those same firms have had to deal with the accompanying hazards of malevolent cyberattacks from who knows where.  So the fact that Islamic State hackers are going after the power grid is not exactly a surprise.

While the recent revelations have led to some calls for increased government oversight of cybersecurity for the power grid, the industry so far seems to have done a fairly good job at policing itself.  A report in USA Today back in March of 2015 said that the North American Electrical Reliability Corporation (NERC), which is the non-profit industry-sponsored security-standard enforcer, has slacked off on the number of penalties and fines it has assessed on its members in recent years.  But the president of NERC says this doesn't necessarily mean that his organization is getting lazy—it could just as well be that utilities are following the rules better.

Rules or no rules, the danger that foreign and domestic terrorist organizations could cause massive power blackouts in the U. S. is real.  And constant vigilance on the part of the utility operators is needed to prevent these attacks from getting anywhere.  Fortunately, the present structure of the grid makes it a particularly difficult target.  But that doesn't mean it couldn't ever happen.

Sources:  I referred to reports of the disclosures about cyberattacks on utility infrastructures carried by CNN on Oct. 15, 2015 at http://money.cnn.com/2015/10/15/technology/isis-energy-grid/, and by the Washington Examiner at http://www.washingtonexaminer.com/article/2552766.  USA Today carried an in-depth study of the issue by Steve Reilly on Mar. 24, 2015 at http://www.usatoday.com/story/news/2015/03/24/power-grid-physical-and-cyber-attacks-concern-security-experts/24892471/. I blogged on Stuxnet on July 24, 2011 and July 2, 2012.

Can Technology Stop Mass Shootings?

The mass shooting at Umpqua Community College on Oct. 1 brought a violent end to the lives of nine victims (eight students and one professor), besides the death of the perpetrator, Christopher Harper-Mercer, at the hands of police called to the scene.  This tragedy has inspired a predictable chorus of editorials calling for something to be done about such things. 

Two voices heard on opposite sides of the political fence are E. J. Dionne, based at the Washington Post, and Charles Krauthammer, a familiar face on Fox TV.  In a recent column, Dionne decries the standard knee-jerk responses of his fellow liberals who call for gun control laws that they know won't pass Congress.  He rightly regards this as a futile gesture, especially now that Republicans control both houses of Congress and the National Rifle Association's influence is strengthened thereby.  Dionne's idea is to focus on gunmakers, who sell almost half their output to governments of various forms (federal, state, and local) and who might start making safer guns if that segment of the market demanded them. 

Safer how?  Dionne mentions two technologies that might mitigate unlawful gun use:  smart guns that can be used only by their owner, and microstamping of guns and bullets.  Several gunmakers have marketed various versions of smart guns, which typically use some add-on such as a magnetic ring or RFID chip worn by the owner to allow use of the gun.  These things are not popular with the gun lobby, and a sea change in attitudes would have to happen for any one of the smart-gun technologies to become common.  Microstamping is a patented technique of engraving a tiny serial number on the firing pin of a gun, which is then stamped into the cartridge when the gun fires.  If the cartridge is recovered, it can be matched with the microstamped gun.  Although California passed a law requiring microstamping of semi-automatic guns, it specifically exempted law-enforcement weapons (there goes the government tie-in), and two gun manufacturers have quit selling semi-automatic weapons in that state, citing the microstamping requirement as a major reason. 

The main weakness of Dionne's technological fixes has nothing to do with the virtues or flaws of a given new technology.  As Charles Krauthammer pointed out in his column last week, even if every new gun sold was smart enough to shoot only at truly bad guys, there were some 350 million guns in the U. S. as of last year (more than one for every man, woman, and child), and the only effective gun law that would stand a chance of reducing mass shootings would have to round up the ones out there already.  Krauthammer cites Australia's compulsory buy-back program as an example of this, but for a number of reasons it would never work in the U. S.  To stop such a program here, all that gun proponents would need to do is to cite the Second Amendment, which the U. S. Supreme Court has interpreted as granting citizens the right to bear arms.

And that gets to the tradeoff involved in this situation.  Australia decided that the risk of gun-related crime was so great that they sacrificed the freedom of average citizens to bear arms, by and large.  In this country, the right of private citizens to own guns is valued more highly, and the result is that we have to run the risk of unstable individuals now and then getting hold of a gun and shooting lots of people.

Is that problem any worse now than it has been?  Every mass shooting is a unique tragedy, but if we look at them in the same light as other unlikely but spectacularly awful ways to die such as airplane crashes, the problem takes on a different look.  According to the Stanford Mass Shootings in America Database, a comprehensive but not exhaustive study of mass shootings in the U. S. since 1966, 1011 people have died in mass shootings in the last 49 years.  To put that into perspective, more than 1300 passengers have died in commercial airline crashes in the U. S. since only 1996, although many of those fatalities happened in the 9/11 terrorist attack.  Graphing the Stanford data versus time produces a curve that has no clear upward or downward trend—just noticeable spikes that don't seem to be clustering toward the recent past. 

Maybe it's coldhearted to view these things as statistics, but one way to view this is that as a society, we have decided to tolerate a certain risk of a small number of unstable people getting hold of a gun as the price we pay for the freedom of the vast majority of well-behaved, law-abiding gun owners to keep their firearms.  Krauthammer speculates as to how you could stop the isolated mass shooters, but most of them prior to their flame-outs never do anything illegal enough to warrant taking their guns away before they come out shooting.  What has emerged about Christopher Harper-Mercer's background has eerie resonances with that of another mass shooter, Adam Lanza, who walked into a schoolroom in Sandy Hook, Connecticut and killed 26 people after shooting his mother, and then killed himself on Dec. 12, 2012.  Both were loners with absent fathers whose mothers struggled to socialize their autistic-spectrum sons.  But if having minor autistic tendencies is made a crime, we'll have to lock up a lot of engineers.

These matters come close to home here at my university, just down the road from Austin where Charles Whitman inaugurated the modern era of mass shootings in 1966 from the famed University of Texas tower.  In its most recent session, the Texas legislature passed a law making it legal for qualified concealed-weapons owners to carry their firearms into classrooms and other buildings at public and private universities.  The idea seems to be that if a nut case suspects that somebody besides himself may have a gun in the room, he'll at least hesitate before he starts anything.  Even if he does, maybe dead-eye Annie there in the back row will take him out before he gets too far. 

Needless to say, I don't look forward to the Shootout at the Mitte Engineering Building taking place in my classroom.  Fortunately, you have to be 21 to get a concealed-carry permit, and so only a small minority of our students would qualify. 

We can count on oceanic news coverage of any mass shooting, but it's hard to keep a sense of perspective while the media rattles on.  Unless the great majority of gun owners in the U. S. decide it's just not a good idea to have a gun around, those 350 million weapons are not going to go away any time soon.  And anybody without a serious criminal record (and even some with one) can still get one of them.  Current technological fixes for the problem simply don't seem to have the political traction to get very far.  Maybe smart, unobtrusive metal detectors with RFID chips for people authorized to carry concealed weapons could work, but that would be a lot of expense for an unlikely problem.  In the meantime, I'm going to act like nobody in my classroom has a gun.  But all the same, I'm glad my podium is close to the exit.

Sources:  E. J. Dionne's column "Let's focus on gun makers and smart-gun technology" was carried by the Austin American-Statesman on Oct. 9, 2015.  Charles Krauthammer's "Massacre begets charade with confiscation a no-go" appeared in the same publication on Oct. 10.  The Stanford Mass Shootings in America Database is available to anyone (after a check-in procedure) at https://library.stanford.edu/projects/mass-shootings-america.  I also referred to Wikipedia articles on smart guns, microstamping, and airline fatality statistics. 

Engineering Exemplar: Smarter Every Day's Destin Sandlin

An exemplar is an excellent model of something.  Engineering has its exemplars—people who excel at their work so well that it's worthwhile to point them out as good examples.  The aerospace engineer Destin Sandlin is an exemplar in a corner of engineering we don't think much about:  explaining engineering and science concepts to the general public.  Believe it or not, some of the ethics codes of engineering societies call for their members to do this.  Members of the IEEE (which used to stand for Institute of Electrical and Electronics Engineers before they changed it to just the initials) are committed "to improve the understanding of technology; its appropriate application, and potential consequences." One engineer who is doing a lot in that direction right now is Destin Sandlin.

Mr. Sandlin has a graduate degree in aerospace engineering from the University of Alabama at Huntsville and works as a missile flight test engineer at the Redstone Arsenal.  Some time in the late 2000s, he posted a video on YouTube showing his friends how to light a bonfire with rockets.  They liked it so much that he started making more videos.  It's now a collection of videos he calls Smarter Every Day.  He's now up to No. 142, at least, and now has over two million subscribers and 24 videos that have received more than a million views each. 

What does he talk about?  All kinds of cool stuff involving technology, explained in a visually appealing way with well-produced graphics and a narration by Mr. Sandlin himself.  He is the opposite of the stereotypical inarticulate nerdy engineer, as you might expect from someone who won the University of Alabama's Outstanding Senior Award.  (Notice that's not Outstanding Engineering Major, but Outstanding Senior—period.)  I discovered his videos while searching for high-speed photography videos, and came upon one that dealt with a thing called a Prince Rupert's drop.  Go look at it to find out what it is—it has to do with dropping very hot glass into cold water.  I was impressed by his combination of clarity, technical correctness, and enthusiasm.  Plus which, he shows some really neat high-speed videos of how the thing works.

His videos aren't just all about technology—he gets into engineering ethics in a way too.  For example, one of his recent videos covers the three-in-a-row explosions of cargo-rocket launches that were intended to resupply the International Space Station.  Ever the optimist, his take on them is that if we were going to have some rockets blow up, this was the perfect time for it to happen, when the Space Station happens to have rather a surplus of food and before we start putting people on those rockets. 

Cameras that can take 100,000 frames per second aren't cheap, and I wondered how Mr. Sandlin pays for all the production expenses of his videos—green screens, high-quality graphics, and so on.  Well, several ways, it appears.  One is contributions—you can donate to his effort through a website called Patreon.  Another is advertising—some of the later videos have little ads at the end for various products (the one I saw boosted a book sold by Amazon).  And there's the revenue from the YouTube viewings.  He is up front about his hopes that Smarter Every Day will provide funds for his children's college education, and there's nothing wrong with that.  So he's an entrepreneur of a sort as well as an engineer, which is a good combination.

One thing that's fairly certain is that Mr. Sandlin hasn't gotten any money from the National Science Foundation.  If he had, they would have insisted that he have some kind of acknowledgment of the fact.  Over the years, I have been peripherally involved with NSF-sponsored efforts in the area of engineering education.  It turns out the kind of skills that enable one to raise or spend NSF education money are not always the kind of skills needed to appeal to a wide popular audience.  NSF would like both, of course, and every now and then, an NSF-sponsored project designed to explain or promote engineering to the general public actually gets a fair number of the general public to pay attention to it.  But successes like that are generally few and far between.

I would point out that Mr. Sandlin has no degree in education—or mass communication, for that matter.  All he had to start with is enthusiasm and a motivation to pay for his kids' college expenses.  And he's come up with something that presents engineering in a positive light to millions of people.  I'm not saying that government support for engineering education efforts directed at the general public is wasted, but Mr. Sandlin's work proves that it's not necessary, and the number of failed projects in that area proves that it's not sufficient, either.

One personal example of how not to do it will suffice here.  Years ago I made a misguided attempt to develop a kind of computer-based learning module for non-engineers.  I took a lot of NSF money and spent a whole summer at Cornell University with a grad student, learning how to use a very early version of development software for that kind of thing.  The project was used in an experimental course once, and that was that.  Clearly, it was not my forte.

Mr. Sandlin makes it look easy, but he says on his website that each video takes upwards of 100 hours to produce, and I believe him.  What he's doing deserves the support and encouragement of the engineering community, and so I encourage my readers to take a look at www.smartereveryday.com.  If you like what you see, let Mr. Sandlin know.  He's doing a good thing for engineering and the world.

Sources:  I encountered Mr. Sandlin's work in the form of his video on Prince Rupert's drops at https://www.youtube.com/watch?v=xe-f4gokRBs.  His video on the cargo-rocket explosions is at https://www.youtube.com/watch?v=PbabP9ttrZc.  His main website is www.smartereveryday.com, and I also referred to the Wikipedia article "Destin Sandlin."

Seattle Amphibious Vehicle Crash: Should the Ducks Retire?

Last Thursday, a "duck tour" amphibious vehicle used to show tourists the city of Seattle from both land and water was involved in a crash with a charter bus on the city's Aurora Bridge.  Four international students on the bus died and several others were injured.  This accident has raised concerns that the vehicles used for amphibious tours are inherently unsafe. 

An eyewitness said that the amphibious vehicle, which appears to be a World-War-II-vintage "DUKW" type, was traveling on the bridge when its left front wheel locked up, causing it to veer into the path of the bus.  The bus was carrying students from North Seattle College, and the four who died were from Austria, China, Indonesia, and Japan.  A later report says that investigators have found that the DUKW's left front axle was sheared off in the accident.  The investigation may take a year or more to complete.

The usefulness of a craft that can negotiate both land and water is obvious if you are an invading army, and that is why the U. S. military bought thousands of six-wheeled DUKW-type vehicles from General Motors during the Second World War.  After that conflict, they went on the surplus market, and in 1946 two enterprising gentlemen named Mel Flath and Bob Unger bought some and started what is now known as Original Wisconsin Ducks on the banks of the Wisconsin River.  The unique appeal of seeing a locale both from streets and a river without having to disembark from a land vehicle into a boat made their idea a success.  Since then, the concept has spread around the world, and today over 30 cities have some form of amphibious-vehicle tours available.

In the U. S., there are both state and federal regulations governing the operation of such tours, and the vehicle involved in the Seattle accident was reportedly inspected annually by a federal inspector.  Despite such measures, you might wonder if 70-year-old boats that weren't designed for ordinary city streets are simply outmoded and need to be retired. 

One main concern voiced about the DUKW-type vehicle is visibility.  The driver rides high above the street and the view immediately in front of the craft is blocked by the bow.  This problem has led to some non-fatal accidents involving low-slung cars being rear-ended by a DUKW.  Another concern is that the technology used is simply wearing out, and anything that old needs to be replaced by a more modern design.

As defenders of the DUKW point out, the wearing-out argument is countered by the fact that regular hull inspections and mechanical checkups can catch problems associated with aging vehicles and fix them before they become the cause of a bad accident.  In 1999, a DUKW used for tours in Hot Springs, Arkansas sank and 13 people died.  And in 2010, a DUKW's engine failed in the Delaware River, and a barge crashed into it and killed two passengers.  The Delaware River incident was later attributed mainly to an inattentive tugboat pilot, who was on his cellphone instead of watching where he was going.  The available accident record involving DUKWs does not show that any particular age-related defect is causing large numbers of accidents.  On the contrary, doing good maintenance on the vehicles seems to keep them going indefinitely.

It would be nice if we had a database of total number of passenger-miles carried by DUKWs and could compare the vehicle's safety record with those of other modes of tourist travel—charter buses, for instance.  But no such database apparently exists, and it would be a lot of work to estimate the customer volumes of a number of privately owned tour companies throughout the world. 

Part of what is going on here is what I might call the pathos effect.  News media tend to report on incidents that have an emotional tug to them.  The contrast between the joyful pleasures of a holiday excursion and the tragedy of sudden death by drowning or collision is pathetic, in the technical sense of arousing pity.  It's one thing if a commuter is hit by a bus, or a drunk driver runs into a tree and kills himself.  It's a higher level of pathos if some international students who are getting their first sights of America suddenly have their lives cut short by a crash with another sightseeing vehicle.  So other things being equal, fatal accidents involving duck tours are going to get publicity way out of proportion to the actual body count, to put it somewhat cynically. 

Nevertheless, it's a valid question to ask whether these mid-twentieth-century vehicles should be replaced by more modern ones, or whether the existing fleets can be made safer.

Regular inspections with annual certifications are already part of the ongoing effort to keep these types of tours safe, and if some maintenance lapses are discovered in the Seattle accident, increased scrutiny of the integrity of these inspections will be warranted.  But until we find out exactly what happened to cause the wreck, such measures are premature.

The visibility problem is relatively easy to solve these days with small video cameras and displays.  Not too long ago, I helped a friend of mine install a backup video camera on the bumper of his large pickup so that he can see anything low that he might not want to back into.  With this type of installation for a DUKW, there might be some issues involving waterproofing and so on, but these can be dealt with relatively easily, leading to greatly improved visibility in the vehicle's blind spots.

When the investigation of the Seattle duck-tour accident is complete, we'll have a better idea of why it happened and whether negligent maintenance or some other cause was at fault.  In the meantime, it's probably safe to say that tourists who want to see London or Malacca or Singapore from an amphibious vehicle are not taking their lives in their hands when they get aboard.  But it wouldn't be a bad idea to find out where the life vests are kept.

Sources:  An Associated Press report on the Seattle accident was carried by numerous news outlets, including the Los Angeles Times on Sept. 26 at http://www.latimes.com/nation/la-na-seattle-bus-crash-20150927-story.html.  A more recent report carried on USA Today's website at http://www.usatoday.com/story/news/2015/09/27/front-axle-of-duck-boat-in-seattle-crash-with-bus-that-killed-four-student-was-sheared-off-investigators-say/72918604/ reported the axle shearing off.  I also referred to Wikipedia articles on duck tours, the DUKW, and amphibious vehicles. 

EPA Accuses VW of Software Cheat in Diesel Autos

Last Friday, Sept. 18, the U. S. Environmental Protection Agency (EPA) announced that it had discovered a "defeat device" installed in nearly half a million diesel vehicles made by Volkswagen (VW) and sold in the U. S. from 2009 to 2015.  Specifically, EPA claims that VW engineers have admitted to designing and installing software that implements full emissions controls on their diesel engines only when the software detects that the car is undergoing emissions testing.  The rest of the time, some of the emissions controls are disabled, allowing the vehicle to produce as much as forty times the maximum allowed levels of NOx, a type of pollutant that can lead to respiratory problems and smog.  When queried about the accusations, VW spokespersons declined comment, citing the ongoing investigation.

Until VW has their day in court, or wherever this case ends up, fairness dictates that we give them the benefit of the doubt.  But when both the EPA and the California Air Resources Board (CARB) issue notices that VW is in violation of clean-air ordinances, citing admissions made by VW personnel, it's a fairly safe bet that something is amiss.

In 2014, some researchers at West Virginia University who were working for the International Council on Clean Transportation discovered that certain VW diesels emitted far more pollutants when operating under actual road conditions than one would expect from the fact that they are certified by the EPA for sale in the U. S.  When the researchers notified the EPA about this, EPA asked VW about it, and VW said they would issue a recall to recalibrate the systems involved, which they did in December of 2014.  However, the California Air Resources Board checked some of the supposedly fixed VWs in May of 2015, and found that some of them were still out of compliance—hence, more meetings with VW.  According to a letter from the CARB, its staff and EPA staff held a technical meeting with VW personnel on Sept. 3, 2015.  Reading between the lines, we can surmise that the question they asked was along the lines of, "Okay, guys, what's really going on here?"  Faced with the inevitable, VW admitted that they had deliberately designed the vehicle's software to detect an official emissions test, and to turn on all the pollution controls only during testing.  The rest of the time, some of the controls were inactive. 

Faced with this smoking gun (so to speak), EPA and CARB had no choice but to declare the affected vehicles in violation and to order VW to issue a recall to remove the defeat-device software. 

As it turns out, if the allegations prove true this isn't the first time that regulators have found diesel-engine defeat devices deployed on a massive scale.  Back in 1998, diesels in trucks and construction machinery made by Caterpillar, Renault, and Volvo were found to have two different sets of software.  One set was used when the EPA was running emissions tests on the engines, and adjusted the injection timing for low NOx emissions.  The second set of software used a different injection timing that delivered better fuel economy, but also caused more NOx emissions.  The manufacturers ended up paying about a billion-dollar fine for that infraction. 

There seems to be something about software that tempts engineers to bend the rules.  With hardware, it's relatively easy to dig into the machinery and find the gizmo that's doing its nefarious work—that's the kind of thing that the term "defeat device" brings to mind.  It reminds me of a scene from the autobiography of Vannevar Bush, who was in charge of the U. S. Office of Scientific Research and Development during World War II.  In the 1920s, he was a professor at MIT and got involved with a startup company named Raytheon.  At the time, Raytheon's hot product was a type of rectifier tube that was useful in the rapidly growing production of radios that operated from power-line current (earlier radios used messy and expensive batteries).  In a dispute with rival radio manufacturer Westinghouse, Bush claimed that Westinghouse was using Raytheon's patented tube structure.  The patent attorney for the rival firm rival denied it.  In response, Bush told Westinghouse's patent attorney to pick up a Westinghouse tube (which had an opaque coating on the glass) and crack it over a trash can.  He did so, and there was Raytheon's patented tube structure.  As Bush put it, the patent attorney agreed to advise his client Westinghouse to "keep off the grass."

You can't do that sort of dramatic stunt with software so easily.  If the accessible form of the software involved is in the form of machine code (which it usually is in production systems), often nobody other than the people who wrote it can really tell what it does.  So sneaky evasions such as the one VW engineers are accused of doing with the defeat-device software are hard to pin down, which means that indirect evidence such as performance measurements have to be used instead.  And it's not often that regulatory agencies go to such trouble to track down violations.  Further investigation may reveal exactly who at VW was responsible for the defeat-device software, and how high in the firm the decision was made.  And then, if the charges are proven, VW will have to pay—at least with a recall fixing the problem, and perhaps with fines or other penalties. 

The contrast between the way cars used to pollute before environmental regulations and what comes out the tailpipe today was brought home to me recently when we started working on a 1955 Oldsmobile owned by my late father-in-law.  It now starts up pretty reliably without help, but whenever it does, a blue cloud appears behind it and the sharp tang of volatile organic compounds (VOCs) fills the air.  Exhaust just doesn't smell like that any more, by and large, and that's thanks to catalytic converters, selective catalytic reduction for diesels that uses urea to reduce NOx emissions, and many other measures that make the air cleaner than it would otherwise be.

If the charges against VW prove to be true, that firm will have the opportunity to make the air behind its cars even cleaner.  And we will all be thankful for that.

Sources:  Numerous news outlets carried reports of the EPA's press release of Sept. 18, which can be found on the EPA website at yosemite.epa.gov/opa/admpress.nsf/21b8983ffa5d0e4685257dd4006b85e2/dfc8e33b5ab162b985257ec40057813b!OpenDocument.  I referred to reports on the issue by the Washington Post at http://www.washingtonpost.com/news/energy-environment/wp/2015/09/18/epa-volkswagen-used-defeat-device-to-circumvent-air-pollution-controls/ and a letter from the CARB at http://www.arb.ca.gov/newsrel/in_use_compliance_letter.htm.  I also referred to an article on the 1998 defeat-device actions in the Los Angeles Times for Oct. 23, 1998 at http://articles.latimes.com/1998/oct/23/news/mn-35220.  The patent dispute between Raytheon and Westinghouse is described on p. 198 of Vannevar Bush, Pieces of the Action (William Morrow, 1970).

Mecca Construction Crane Tragedy

Construction sites can be dangerous places.  That is why under most circumstances, access to the sites is strictly limited to workers who presumably know what they're doing, and even then, worksite injuries and deaths can occur as temporary structures or machinery such as cranes can get out of control. 

But what if the site you're working on is regarded as sacred by your religion, and in a few weeks hundreds of thousands of pilgrims are going to visit it?  Putting up "closed for construction" signs isn't an option. 

This is the dilemma that those in charge of the Grand Mosque (Masjid al-Haram, in Arabic) in Mecca faced as this year's hajj (obligatory pilgrimage) approached.  When upwards of a million people are expected to crowd into a few dozen acres of ground, the potential for disaster is always present.  And in years past, stampedes of pilgrims have on occasion led to the deaths of hundreds of people caught in panic-stricken rushes.  Improvements to the structures used can help with crowd control, and so areas near the Grand Mosque have seen a lot of construction activity in recent years.  That is one reason why the Grand Mosque was surrounded by numbers of tall construction cranes last Friday, Sept. 11, shortly before the time of evening prayer at 6:30.  At least one of these was a "crawler crane" mounted on a mobile platform that could move on tank-like treads. 

Around 5 PM, a thunderstorm approached the city and brought heavy rain, lightning, and high winds.  Although the central part of the Grand Mosque surrounding the Kaabah (the black cube at the center) is open, much of it is covered by in a ring-shaped multistory structure that affords protection from the weather.  

While details are not yet clear and await investigation, apparently about 5:30, winds became strong enough to overbalance one of the crawler cranes stationed just outside one of the Grand Mosque's walls.  Videos shot at the time show the crane as it toppled onto the roof of part of the mosque, crashing through the ceiling and landing with its top  inside the mosque's inner open area.  Unfortunately, hundreds of people were in the path of the collapse and were killed or injured when the crane knocked down masonry as it fell.  As of Sept. 13, the death toll had risen to 107, with over 200 injured.  King Salman of Saudi Arabia has stated that once an investigation of the tragedy is complete, the findings will be made public.

First, our prayers and sympathy are with the injured and the relatives and friends of those who died.  Accidental deaths are always tragic, but especially so when victims were engaged in a religious pilgrimage made obligatory by one's faith.  There is some comfort at least in the knowledge that the pilgrims who died were engaged in what they considered to be a holy act. 

From an engineering point of view, this incident has several lessons that can be learned. 

First, crawler-type cranes can be less stable than other types with bases that are anchored to the ground.  The crawler crane is obviously more flexible and easier to position, but this convenience comes with a price:  less stability, unless great precautions are taken to ensure that the crane's rated load and maneuvering envelope are strictly observed.  And even if this is done, unpredictable wind loads such as are present in a thunderstorm can tip the balance of forces away from stability. 

Prudence might have suggested that with all the cranes around, someone should have kept an eye on the local winds and issued an evacuation order if the wind exceeded a certain speed.  But that might not have helped, for a number of reasons.  First, winds in a thunderstorm can change minute by minute, and it's possible that a sudden gust was responsible for the crane's collapse.  But evacuating a complex as large as the Grand Mosque would have presented its own problems, including the possibility of inducing exactly the kind of panic that has led to deaths in stampedes in the past.  So although evacuating the area might have prevented some loss of life, it might have contributed to it as well.

The other alternative would have been to use only cranes that could withstand higher winds.  This might mean either using only stationary ground-mounted units, or shorter crawler cranes that are sturdier in high winds.  While either of these options would cost something in terms of workplace efficiency and schedules, in retrospect it would have been a price worth paying.

Like airports in expanding metropolitan areas, the Grand Mosque complex in Mecca is likely to be under construction in some sense for an indefinite time.  Given that it is, the authorities in charge of it are under an obligation to see that nothing like this tragedy can ever happen again.  Unlike the whims of mobs, engineering involves calculation, prediction, and the ability to plan ahead.  While engineers cannot foretell every eventuality that could lead to disaster, the investigation of the Mecca crane collapse may show how it could have been prevented.  If it does, the engineering staff in charge have their work cut out for them to make sure that pilgrims can worship safely in the holiest city of Islam.

Sources:  I referred to news articles on the collapse carried by several outlets:  CNN at http://www.cnn.com/2015/09/12/middleeast/saudi-arabia-mecca-crane-collapse/, the BBC at http://www.bbc.com/news/world-middle-east-34236662, Al Jazeera at http://www.aljazeera.com/news/2015/09/saudis-probe-deadly-mecca-crane-collapse-150912125336576.html, and The Guardian at http://www.theguardian.com/world/video/2015/sep/11/aerials-of-mecca-crane-collapse-reveal-damage-video, which has a cellphone video showing the crane falling amid heavy rain.  I also referred to the Wikipedia articles on the Grand Mosque and the climate of Mecca.

Stingray and the Swiss Cheese of Electronic Privacy

The main distinguishing characteristic of Swiss cheese is that it's got holes in it.  This image came to mind when I read a recent report about a cellphone tracking device colloquially known as Stingray.  These expensive, sophisticated devices are contributing to a pernicious double standard about electronic privacy.  Private citizens on the one hand, and local and state law enforcement authorities on the other hand, appear to be working under very different rules.

Ordinary U. S. citizens are forbidden to eavesdrop on private electronic communications over the airwaves.  Back in the days when cellphones transmitted easily received analog signals, this meant you could not buy scanners that covered cell-phone frequencies.  And wiretapping—connecting a listening device to a telephone wire—was something that only authorized law enforcement people could do.  Back then, even the cops first had to get a court to issue a warrant for a wiretap, which was limited as to time and the target of the wiretapping.  Just to make sure that these restrictions weren't overwhelmed by new technological developments, in 1986 Congress passed the Electronic Communications Privacy Act (ECPA), which extended restrictions on landline communications to the then-new wireless types.

Then there was 9/11 and a burst of foreign terrorism, and a need arose to track cellphones in foreign countries that were being used for nefarious purposes, like setting off improvised explosive devices.  In response to this demand, the Harris Corporation developed a clever system that has come to be called the Stingray.  In order to track and eavesdrop on a target cellphone, you set up the Stingray in the general vicinity of the target—a few dozen or hundred yards is probably sufficient.  When the target phone is activated, the Stingray pretends it's a real cellphone tower, sending out a "pilot" signal that is stronger than the genuine tower's pilot nearby, and capturing not only the target phone, but many others in the vicinity.  In its most sophisticated mode, the Stingray performs a real-time decryption of the encrypted cellphone data and relays the content of the phone call (or text message, or what have you) to the legitimate system, while making copies for the cops.  In this mode, any calls the target phone originates go through as usual.  Only, the law enforcement people using the Stingray can hear and read everything in the vicinity.

I can't refer you to an advertising brochure or an official website on the Stingray, because Harris cloaks the device in secrecy.  Any agency buying one has to sign a non-disclosure agreement in which they promise not to divulge any details about it.  Nevertheless, the technology has become quite popular among the better-heeled state and local law enforcement agencies that can afford up to a half-million-dollar price tag.  And it is by no means clear that the agencies get proper court authorization before using the Stingray.  So your phone call or text might be showing up on a police computer near you—without your knowledge, of course.

In recent months, considerable information has leaked out about the Stingray and how it is being used, and there's even a Wikipedia webpage devoted to the technology.  It was most recently in the news when Deputy U. S. Attorney General Sally Yates announced on Sept. 3 that Federal investigators will now have to obtain a judge's permission before using cellphone trackers.  As recently as six months ago, the Feds were arguing in court that no such permission was necessary.  So on the federal level at least, some measure of protection has been restored to electronic privacy.  However, the ruling does not apply to state and local jurisdictions, which can presumably still use the Stingray and similar devices with impunity.

This is only one of many situations in which technology has outrun the legal system's ability to adapt to it.  Despite the blanket prohibitions of the ECPA, state and local law enforcement agencies are apparently using Stingrays frequently with or without court approval, depending on what the patchwork legal context in the specific region will let them get by with.  Sometimes, use of the device is revealed only in a court case when defense attorneys start asking embarrassing questions.  In Tallahassee, Florida, the state prosecutor gave an armed-robbery suspect a reduced sentence rather than being forced to disclose details of how a cellphone was tracked to the criminal's house—by use of a Stingray, presumably.

It may be the case that most, if not all, uses of this technology are approved by courts, although in some cases judges have complained that they were not aware of what exactly it was they were approving.  In that case, we are in principle no worse off privacy-wise than we were under the old regime of wiretapping laws, in which a court order was required to allow the telephone company technicians to permit a wiretap. 

We actually have two sets of Swiss cheese here:  one is the public's Fourth Amendment protection against unreasonable searches and seizures, and the other is the Harris Corporation's attempts to keep its technology out of the public eye.  Any system that has a 4500-word article on Wikipedia about it is no longer secret in any meaningful sense.  But nobody can sit down and build one for themselves just from the information on Wikipedia, and as long as nobody steals a physical unit and tries to reverse-engineer it, Harris is probably safe from getting their prize cellphone-tracker knocked off. 

There are two conflicting stakes here:  one on the part of the general public not to have its private communications eavesdropped on at the whim of a local police force, and another on the part of Harris Corporation not to have their advanced and very profitable cellphone tracker either copied or rendered useless by equally sophisticated bad guys who figure out some way to foil the Stingray.  One easy way to foil it is simply not to carry a cellphone, but for most people nowadays, that's like telling them not to breathe.  For the forseeable future, anyway, many crimes will involve cellphones one way or another, and the Stingray will continue to be useful in tracking down criminals.

My metaphorical hat is off to Deputy Attorney General Yates, who has at least clarified the situation at the federal level so that Stingrays will be used only with the proper authorization—we hope.  Maybe the state and local agencies will now follow the Federal lead and be more circumspect about how they use the devices, at least until the next round of electronic spy-and-counterspy warfare comes to pass.

Sources:  The New York Times article "Justice Dept. To Require Warrants for Some Cellphone Tracking" appeared on Sept. 3, 2015 at http://www.nytimes.com/2015/09/04/us/politics/justice-dept-to-require-warrants-for-some-cellphone-tracking.html.  I also referred to an earlier New York Times article "A Police Gadget Tracks Phones—Shhh-It's a Secret" at http://www.nytimes.com/2015/03/16/business/a-police-gadget-tracks-phones-shhh-its-secret.html.  The Washington Post carried the article about the plea bargain in Florida at https://www.washingtonpost.com/world/national-security/secrecy-around-police-surveillance-equipment-proves-a-cases-undoing/2015/02/22/ce72308a-b7ac-11e4-aa05-1ce812b3fdd2_story.html, and I also referred to the Wikipedia articles "Stingray Phone Tracker" and "Telephone Tapping," and a How Stuff Works article on how wiretapping works at http://people.howstuffworks.com/wiretapping3.htm.

The Colorado Mine Waste Spill: The Fix That Broke

On Wednesday, Aug. 5, heavy-equipment operators employed by the U. S. Environmental Protection Agency (EPA) were working at the site of the abandoned Gold King mine near Silverton, which is about a hundred miles northeast of the Four Corners area in southwestern Colorado.  The mine had not operated since 1923, and the workers weren't trying to get gold out of the mine.  Instead, they were trying to make sure that thousands of gallons of toxic-mineral-laden water that had filled large parts of the mine would stay there.  Their efforts were part of a larger project to clean up some nearby mines, an effort that would be spoiled if toxic water were to leak out of the Gold King mine and run downhill to the other mines. 

So, the workers had good intentions.  But good intentions don't always stop bad things from happening. 

It turned out that there was a lot more water backed up behind the "adit" (the horizontal mine opening) than the workers realized.  Apparently, if they had bored a test hole beforehand, they might have determined from the high pressure that it was dangerous to do what they were doing.  But bore holes cost money and time, the geology of the site made such a project tricky, and so they went ahead with some shoring-up operations.

Exactly what happened has not yet come to light, but somehow, the actions of the construction machinery disturbed the delicate balance of whatever loose rock was keeping the water in the mine, and here it came.  Some veiled references about prompt action preventing fatalities imply that things must have gotten pretty exciting for a while, as a flood of yellow acid water poured from the mine's opening down the hill to find its way to Cement Creek, where it spread to watersheds that cover parts of three states.  Some of these now-polluted streams pass through Indian reservations, and the Navajo Nation's president Russell Begaye has declared that his tribe is going to sue the EPA.

Clearly, the EPA has a mess on its hands.  But what about those good intentions?  Doesn't that count for anything?

The Gold King spill has drawn attention to an ongoing problem shared by many regions where mining was carried out with more enthusiasm than wisdom by operators who did only what they had to do to get the gold out.  As anyone knows who as a child played in sand on the beach with a toy shovel, holes in the ground dug below the water table eventually fill up with water.  Abandoned mines often contain soluble compounds such as iron sulfide (pyrite, or fool's gold) and minerals containing toxic elements such as lead, cadmium, and arsenic.  When water gets into these mines, the water acquires significant concentrations of these undesirable chemicals, and oxidized pyrite makes it highly acidic.  Sooner or later, water usually finds its way out of an old mine, either through natural fissures in the rock or more violently as water pressure builds up and breaches blockages, which is what happened at the Gold King mine, with a little accidental help from the EPA.

What one generation messed up, a succeeding generation is trying to clean up, but the task is Herculean—or maybe even Sisyphean.  Sisyphus was a mythological Greek king who played tricks on the gods.  The gods, in particular Zeus, didn't appreciate this, and so when Sisyphus died, Zeus condemned him in Hades to try to roll a boulder up a hill.  Just as he'd get nearly to the top, the enchanted boulder would elude his grasp and roll back downhill, and Sisyphus had to lather, rinse, and repeat, so to speak—forever.

The EPA won't have to clean up mines forever, but with 22,000 abandoned mines in Colorado alone, they have enough to keep them busy for quite a while.  The fact that the EPA has resources to prevent mine-water spills at all is due to the passage of laws such as the Superfund act, which helps pay to clean up environmental messes that the owners (or former owners) can't afford to fix.  The agreement under which the EPA was working on the Gold King mine wasn't a full-fledged Superfund situation (such a label was feared to discourage tourism), but millions of government dollars were committed to the cleanup anyway.  And it was in pursuit of this type of cleanup that the site workers inadvertently caused exactly the kind of problem that they were there to prevent.

There is an opportunity here, even in this crisis, for engineers and engineering educators.  It's hard enough to dig a mine without having it fall on your head, but as numerous accidents have shown, digging a mine is a piece of cake compared to trying to do anything with an old abandoned mine for which few records exist and maintenance ceased decades ago.  But doing the kind of thing that the EPA is doing is engineering too—pure-D environmental engineering, but probably not of a kind that too many environmental engineering departments consider. 

With so many abandoned mines to fix and federal money to fix them, one can imagine a new engineering subdiscipline of abandoned-mine remediation.  Typically, new engineering disciplines are practiced under other guises for some time before anyone recognizes them as distinct from previous disciplines.  For all I know, there may be a division of some civil engineering department somewhere that already teaches these things, but I doubt it.  If there isn't, though, there ought to be.

Maybe all the education in the world might not have prevented the breach that caused the Gold King spill.  Sometimes a bad thing is bound to happen no matter what you do.  But now that we've had a bad example of how not to handle abandoned mines, maybe the academics and engineers can get together to develop best practices and procedures to prevent things like this from happening in the future. 

Sources:  I referred to articles on the spill carried in the online editions of the Washington Post on Aug. 10 at http://www.washingtonpost.com/news/morning-mix/wp/2015/08/10/what-the-epa-was-doing-when-it-sent-yellow-sludge-spilling-into-a-colorado-creek/ and the Denver Post on Aug. 26 at http://www.denverpost.com/news/ci_28705984/epa-underestimated-water-pressure-led-colorado-mine-spill, as well as an article about the Navaho lawsuit at

https://www.rt.com/usa/312499-toxic-spill-tribes-epa/.  The Wikipedia article on Sisyphus has some great details about exactly what it takes to tick off Greek gods, by the way.