Last week, Tesla Motors unveiled another first for the auto industry: starting immediately, the company will be delivering upgrades directly to vehicles via the Internet.

“We view it the same away as updating your phone or your laptop,” said CEO Elon Musk, as reported in the Wall Street Journal on March 19.

Remote updates for cars was not the only taste of the future that Tesla announced last week. Talk is buzzing even louder about the new “driverless” capability that Tesla’s cars will get this summer (via wireless download, of course). The New York Times says that once your vehicle gets the upgrade, you will be able to turn on an “autopilot” when on major highways.

Tesla’s move further disrupts the traditional way of business in the automotive industry—the direct-to-consumer updates eliminate yet another reason to buy and service through a dealer. The convenience potential to consumers is obvious, and everyone is excited about driverless technology finally being within reach. What could be the downside?

Enter that fear du jour, cybersecurity. Capitol Hill is considering the unpleasant potential of bad guys being able to hack your car’s sophisticated computer system. Last year, Senator Edward Markey (D-MA) sent a letter to 20 car manufacturers asking them about their vehicles’ reliance on wireless computing technology and, in turn, the vulnerability of their systems. In February, he published the companies’ replies, and they weren’t completely reassuring (the full report is here).

According to Wired, Sen. Markey found that “nearly 100%” of vehicles sold today use wireless connections that could be used to access “sensitive systems or [to] compromise privacy.” Combine these findings with the recent exposé on 60 Minutes—where a DARPA hacker demonstrated the ability to hack into a Toyota Prius and gain control of the vehicle’s braking and acceleration—and you have a pretty good understanding of why Sen. Markey is concerned.

Manufacturers that responded to the Senator’s inquiry gave mostly ambiguous answers about the cybersecurity of their products. Some said they encrypt information such as driving history and physical location, while others admitted that they don’t use encryption. The same is true for third-party testing of vehicle cybersecurity—some do it, but many do not.

Tesla was one of three companies that chose not to respond to Sen. Markey’s questions. Do concerned consumers have cause to worry? After all, last year, Chinese hackers publicized their successful hack of a Tesla, although they limited their efforts to unlocking the doors and opening the sunroof.

The company is generally tight-lipped, but Musk has said that he is committed to security. He recently stated at a tech conference that “one of the key areas of focus for the company is…protecting…self-driving software from malicious attacks.”

Let’s hope so. A breach of self-driving software would, of course, be a much bigger problem than the Chinese hack of the car’s more superficial systems. And the non-response to Sen. Markey’s investigation would then start to resemble a self-inflicted wound.

For more on the risks of computerized vehicles, see “Robots Take the Wheel” in the March issue of Risk Management.

{ 1 comment }

Advocates for the legalization of medical marijuana have had a busy year. Three states–Maryland, Minnesota and New York–passed legislation this year, while Florida, Ohio and Pennsylvania have pending legislation or ballot proposals. Additionally, in two states, Colorado and Washington, voters have approved recreational marijuana in addition to medical marijuana, with the issue pending in Oregon and Alaska.

These measures have prompted many employers to ask if there is growing societal acceptance of marijuana and other drugs and should they expect a possible increase in employees using drugs on the job.

New data suggests the answer to both of those questions may be yes. An analysis from Quest Diagnostics, which provides workplace drug testing to private and public employers, found that in 2013, the percentage of employees that tested positive for drugs increased for the first time in 10 years, fueled by a rise in marijuana and amphetamines. The analysis involved 8.5 million urine, oral fluid and hair workplace drug tests in the United States.

The cost of substance abuse, including alcohol, on businesses, in terms of employee absenteeism, occupational injury, and impaired reasoning and reaction time, is significant–more than $276 billion annually by some estimates. A survey sponsored by the National Institute on Drug Abuse found that drug-using employees are 2.5 times more likely to have absences of eight days or more, 2.2 times more likely to request early dismissal or time off, 3 times more likely to be late for work, and 5 times more likely to file a workers compensation claim.

As a result, most businesses have comprehensive drug-free workplace programs in place, and 57% of American businesses required all job candidates to pass a drug test in 2011, according to the Society for Human Resource Management. Due in part to these workplace efforts, substance abuse by workers subject to testing declined incrementally over the past decade, giving hope that the epidemic of drug use and misuse was abating.

But the Quest Diagnostics report suggests those gains may be reversing. The positivity rate for 7.6 million urine drug tests in the U.S. workforce increased 5.7% in 2013 over 2012 rates, the first time the positivity rate for combined national workplace urine drug tests has increased since 2003.

As human resources executives work to implement and maintain drug-free workplaces, additional findings in the analysis offer valuable insights into current trends in workforce drug use:

  • Marijuana continues to be the most commonly detected illicit drug, according to the Quest Diagnostics analysis of urine drug tests. Marijuana positivity in the combined U.S. workforce increased 6.2%, to 1.7% in 2013 compared to 1.6% in 2012. These increased positivity rates are consistent with findings from the 2012 National Survey on Drug Use and Health (NSDUH), which showed an increase in self-reported past-month marijuana use between 2007 and 2012–both among those respondents subject to employer drug testing and those not subject to such testing.
  • Amphetamines positivity continues to increase, continuing a multi-year trend. Combined U.S. workforce data in urine showed a 10% year-over-year increase in amphetamines positivity in 2013 compared to 2012. Of note in the U.S. general workforce, methamphetamine positivity in urine drug tests increased 27%; oral fluid methamphetamine positivity increased by 50%, and the positivity rate in hair testing jumped by 55%, suggesting that the higher incidence of methamphetamine identification in drug seizures by law enforcement is starting to be reflected in workplace testing. Amphetamines positivity rates are now at their highest levels on record and methamphetamine positivity rates are at their highest levels since 2007, across all specimen types.
  • Oxycodones positivity declined for the second consecutive year. Although the rate of opioid prescribing–the amount of opioids distributed and the average prescription size–all increased markedly in the United States over the past decade, the Quest Diagnostics Drug Testing Index report showed oxycodones positivity declined 8.3% between 2013 and 2012 and 12.7% between 2012 and 2011 in the combined U.S. workforce. Four states experienced double-digit declines in oxycodones positivity rates in both 2013 and 2012: Florida, Massachusetts, New Jersey and Ohio. Hydrocodone positivity remained at 1.3% between 2012 and 2013.
  • Despite double-digit increases in marijuana positivity in the two states with “recreational” use laws–Colorado and Washington–analysts at Quest Diagnostics cautioned that it is too early to tell whether the new statutes are correlated with increased positivity. Marijuana positivity rates in Colorado and Washington increased 20 and 23%, respectively, in the general workforce between 2012 and 2013, compared to the 5% average increase among the U.S. general workforce in all 50 states. However, both Colorado and Washington experienced dramatic increases and declines in marijuana positivity rates in the years prior to legalization, suggesting that multiple dynamics are affecting testing results in both states.
  • While the Quest Diagnostics Drug Testing Index report indicates that workforce drug use increased last year, HR managers have a variety of tools at their disposal to ensure safe and healthy workplaces, including vigilant oversight, strong zero-tolerance employment policies, employee drug screening, stigma-free mental health counseling and employee assistance programs. Preventing substance abuse in the workplace keeps employees safer and healthier, and leads to higher productivity, lower costs and a healthier bottom line.


After a harsh, cold winter, the clear, sunny skies and rising temperatures of spring are much appreciated. Businesses, however, also need to be ready for the possibility of flooding that may result from heavy rains combined with melting ice and snow.

The National Oceanic and Atmospheric Administration (NOAA) notes that flooding causes more damage in the United States than any other weather-related event. On average, flooding causes $8 billion in damages and 89 fatalities annually. Warming weather also often brings ice jams along rivers, streams and creeks, which can cause further flooding.

“In addition to the threat of floods that occur when severe weather hits, snow and ice have been piling up in many areas of the U.S. this winter,” Bill Boyd, senior vice president with CNA Risk Control, said in a statement. “When temperatures rapidly increase, so does the rate at which snow and ice melt…” which can create serious problems for those heavily affected this winter. “As spring temperatures begin to rise, it’s imperative for businesses to create emergency plans for flooding, which could cause costly property damage or disrupt operations,” he said.

According to NOAA:

Snowmelt and the breakup of river ice often occur at about the same time. Ice jams often form as a result of the sudden push exerted on the ice by a surge of runoff into the river associated with snowmelt. Ice jams can act as dams on the river that result in flooding behind the dam until the ice melts or the jam weakens to the point that the ice releases and moves downstream. A serious ice jam will threaten areas upstream and downstream of its location. Six inch thick ice can destroy large trees and knock houses off their foundations. Once an ice jam gives way, a location may experience a flash flood as all the water and debris that was trapped, rushes downstream.

CNA offers these tips for businesses to minimize loss during the thawing season:

Create a flood preparation plan.

Keep water out with barriers, sandbags and other devices.

Relocate materials from lower levels. In some cases, this may simply mean placing stored items on      one or two pallets, or moving items from lower shelves or racks to upper levels.

Review shutdown procedures for affected processes, especially hazardous processes.

Check to make sure drainage, including roof drains, are open and flowing freely.

Thaw Edition tools, checklists and bulletins, can be found at


Even though the U.S. government has broadened its pursuit against corruption, only about 9% of organizations see Foreign Corrupt Practices Act monitoring as a top concern, according to “Bribery and Corruption: The Essential Guide to Managing the Risks” by ACL.

Many companies have policies against corruption, but it still exists. Although remaining competitive can be difficult in some parts of the world that see payments, gifts and consulting fees as part of doing business, companies need to identify these risks and manage them across the organization. There is much is at stake, as penalties are rising and more companies globally are being fined, the study found.

According to ACL, if a formalized ERM process exists within an organization, then the anti-bribery and anti-corruption (ABAC) risk assessment process should ideally be carried out within that ERM framework. In some organizations, however, the overall risk management process is fragmented, meaning that the risks of bribery and corruption are considered in relative isolation. Whichever approach is taken within an organization, the process of defining the risks should involve individuals with sufficient knowledge of the regulations and ways the business actually works.

“We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate in the government’s investigation. But we will not wait for companies to act responsibly,” said Leslie Caldwell, assistant attorney general in the criminal division at the Department of Justice. “With cooperation or without it, the department will identify criminal activity at corporations and investigate the conduct ourselves, using all of our resources, employing every law enforcement tool, and considering all possible actions, including charges against both corporations and individuals.”

The study’s findings also include: