> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/wgu-network-engineering-and-security/ethics-in-technology/ethics-in-information-technology-textbook/chapter-1.-an-overview-of-ethics/case-studies.md).

# Case Studies

Alright, let's dive into these case studies ADHD-style—let's make them interesting and help you visualize them in a way that’s fun and tied to cybersecurity!

#### 🏎️ **Case Study 1: VW Cheats on Emissions Testing** 🏎️

Imagine you’re playing a racing video game, and your mission is to make it to the top of the leaderboard by using only **ethical** methods. Now, imagine someone decides to use a cheat code, but instead of getting a power-up, they **break the entire game** and ruin it for everyone else. This is pretty much what happened with **Volkswagen (VW)**—they used cheats to win in the car market, and it backfired massively.

**🔧 What Happened?**

* In **September 2015**, VW was caught **installing software** in over **11 million cars** to **deceive emissions tests**. This sneaky software could detect when a car was undergoing testing and temporarily make emissions lower to pass legal limits.
* During normal driving, the software deactivated, allowing the cars to emit more pollution, but they got **better mileage** and **performance**.

It’s like **hacking** a computer to make it pass all security checks, but after passing, it becomes a **cybersecurity nightmare**.

**👨‍💼 The Leadership Style: Toxic Environment**

* VW’s culture was driven by **two top leaders**, Ferdinand Piëch and Martin Winterkorn, who had an **aggressive and autocratic** approach. Their leadership was like being in a boss fight where **failure wasn’t an option**, and losing meant getting **fired**.
* Engineers were **afraid** of challenging management—kind of like a **hacker group** where no one wanted to speak up, even if they knew things were going sideways.

**⚠️ "Normalization of Deviance"**

* **Normalization of Deviance** means that the entire VW crew started seeing this sneaky emissions trick as **normal** because everyone was expecting someone else to speak up, but nobody did.
* Imagine if you were in a cybersecurity team, and everyone ignored vulnerabilities because "it’s always been that way." This kind of environment allowed **bad behavior** to continue unchecked.

**🔍 Critical Thinking**

1. **Is Normalization an Excuse?**
   * No! In cybersecurity, **assuming others will fix the problem** is a sure way to get breached. **Everyone** needs to take responsibility for ethical behavior.
2. **New Leadership—3 Steps to Change VW’s Culture**:
   * **Encourage Speaking Up**: Create channels for employees to report issues **anonymously**.
   * **Reward Integrity**: Promote people based on **ethical practices**, not just outcomes.
   * **Diverse Hiring**: Hire people with different backgrounds to avoid the "**yes-men**" syndrome.
3. **Role of Bosch**: Bosch provided the engine part that VW programmed to cheat, but they said they weren’t responsible for **how it was used**. In cybersecurity terms, it’s like selling a **pentesting tool**—should you be blamed if someone uses it for harm? Maybe Bosch should've asked more questions when VW wanted to use their tech in suspicious ways.

***

#### 🖋️ **Case Study 2: Toshiba Accounting Scandal** 🖋️

Now let’s imagine that you’re in a team playing a **strategy game**, and one player keeps **lying** about how much money you have to spend. Toshiba did something like that—but in real life, with **$1.9 billion**!

**📉 What Happened?**

* In **2015**, Toshiba formed an outside panel to investigate accounting issues. Turns out, **profits had been overstated** by $1.9 billion over **seven years**! This was like building a **castle on a swamp**—sooner or later, it all fell apart.
* **CEO Hisao Tanaka** and other executives **resigned**. It turns out that Toshiba had a **culture where you couldn’t challenge management**—like if a boss was **always right**, even when it was clearly wrong.

**🚫 Fake Accounting = Cyber Red Flag 🚫**

* This case is similar to when someone **hides a vulnerability** in a system. It’s dangerous, because once it’s found, everything can fall apart.
* At Toshiba, **lower-level employees** couldn’t meet unrealistic targets set by their bosses, so they **cooked the books** to look like they did. In cybersecurity, it’s like **lying about closing vulnerabilities** instead of fixing them.

**🤔 Issues with Outside Panels in Japan**

* Toshiba used **outside panels** to investigate, but these panels only looked at what the **board allowed** them to see.
* Imagine if you were tasked to **audit** a company’s network but weren’t allowed to scan a certain server because it’s "sensitive." That kind of **limited investigation** can’t uncover the truth.

**🔍 Critical Thinking**

1. **Should the Investigation Continue?**
   * **Pros**: It’s important to **hold everyone accountable**. This helps build a culture where **nobody feels above the law**.
   * **Cons**: Dragging the investigation out can **drain resources** and hurt employees who weren’t involved.
2. **Better than Outside Panels?**
   * Use a **truly independent auditing team** with the power to **look anywhere**—like bringing in an **ethical hacking team** to have full access for a proper audit.
3. **Fixing Transparency Issues in Japan**:
   * **Independent Board Members**: Japan needs more **outside directors** who aren’t part of the company culture.
   * **Strong Whistleblower Protections**: Encourage **reporting** without fear of punishment—like an **anonymous cybersecurity hotline**.

***

#### 🎮 **How These Case Studies Apply to Cybersecurity** 🎮

* **Leadership & Culture Matter**: Toxic environments, like at VW or Toshiba, lead to unethical behavior. In **cybersecurity**, if people are afraid to report **vulnerabilities** or **misconduct**, it can end in disaster.
* **Normalization of Deviance**: Don’t ignore **small breaches** or bad habits because they seem normal. That’s how **malware** or bad actors get a stronghold.
* **Accountability is Key**: Whether it’s **cooking the books** or ignoring a **security flaw**, accountability at every level is crucial for maintaining **trust**.

***

#### 🔍 Summary

* **VW Case**: Used cheating software to pass emissions tests. Culture of fear and pressure led to **unethical practices** becoming normal.
* **Toshiba Case**: Overstated profits to meet unrealistic targets. **Management culture** discouraged questioning, and **outside panels** were limited.

Think of these cases like cybersecurity training:

* Don’t ignore red flags 🚩 just because everyone else is.
* Create a culture where **speaking up** and **doing the right thing** is **rewarded**.

Do you think a positive and transparent corporate culture could help avoid cybersecurity breaches in companies? How would you apply these lessons to a cybersecurity incident you might face in the future? Let’s discuss! 🎮✨
