The reactionary state of the industry means that we quickly identify the ‘root cause’ in terms of ‘human-error’ as an object to attribute and shift blame. Hindsight bias often confuses our personal narrative with truth, which is an objective fact that we as investigators can never fully know. The poor state of self-reflection, human factors knowledge, and the nature of resource constraints further incentivize this vicious pattern. This approach results in unnecessary and unhelpful assignment of blame, isolation of the engineers involved, and ultimately a culture of fear throughout the organization. Mistakes will always happen.
Rather than failing fast and encouraging experimentation, the traditional process often discourages creativity and kills innovation. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Expose the failures, build resilient systems, and develop an "Applied security" model to minimize the impact of failures. In this session we will cover discuss the role of ‘human-error’, root cause, and resilience engineering in our industry and how we can use new techniques such as Chaos Engineering to make a difference.
Security focused Chaos Engineering proposes that the only way to understand this uncertainty is to confront it objectively by introducing controlled signals. During this session we will cover some key concepts in Safety & Resilience Engineering work based on Sydney Dekker’s 30 years of research into airline accident investigations and how new techniques such as Chaos Engineering are making a difference in improving our ability to learn from incidents proactively before they become destructive
7. SAFETY DIFFERENTLY ORIGINS
"Safety differently' is about relying on
people’s expertise, insights and the
dignity of work as actually done to
improve safety and efficiency. It is
about halting or pushing back on the
ever-expanding bureaucratization and
compliance of work."
-- Sydney Dekker
8. "SECURITY DIFFERENTLY’ IS ABOUT RELYING ON
PEOPLE’S EXPERTISE, INSIGHTS AND THE DIGNITY OF
WORK AS ACTUALLY DONE TO IMPROVE SECURITY
AND EFFICIENCY. IT IS ABOUT HALTING OR PUSHING
BACK ON THE EVER-EXPANDING BUREAUCRATIZATION
AND COMPLIANCE OF WORK."
9. SECURITY CURRENTLY VS. SECURITY DIFFERENTLY
Security Currently Security Differently
People are the Source of Problems People are the Solution
Tell them what to do Ask them what they need
(Control & Compliance) Competency & Common Sense
Count absence of Negative events Count Presence of Positives
10. FACT: NO SYSTEM IS SECURE ON ITS
OWN, IT REQUIRES HUMANS TO CREATE
IT
11. SECURITY CURRENTLY
> Are we doing the things that really matter?
> What is the best measurement of performance?
> How much are we learning from our past performance?
> How do we know when we’re doing well?
22. COMPLEX SYSTEMS TRAITS
• Cascading Failures
• Di!cult to determine boundaries
• Difficult to Model Behavior
• Dynamic network of multiplicity
• May produce emergent phenomena
• Relationships are non-linear
• Relationships contain feedback loops
23. EXAMPLES OF COMPLEX SYSTEMS
• Global Financial Markets
• Nation-State PoliicS
• Weather Patterns
• The Human Body
• Bird Patterns
• Distributed Computing Systems (aka your systems)
38. IF THE SECURITY POLICIES AREN’T
UNDERSTOOD OR CANT BE EXPLAINED
EFFECTIVELY BY SECURITY HOW ARE
ENGINEERS EXPECTED TO TRANSLATE
THEM INTO REAL-LIFE PRODUCT?
57. Resilience is the ability of systems to prevent or adapt
to changing conditions in order to maintain control over
a system property…to ensure safety… and to avoid
failure.
-- Hollnagel, Woods, & Leveson
61. FIELD GUIDE TO 'HUMAN-
ERROR' INVESTIGATIONS
BY SYDNEY DEKKER
62. OLD VIEW
> Human Error is a cause of trouble
> You need to find people’s mistakes, bad judgements and
inaccurate assessments
> Complex Systems are basically safe
> Unreliable, erratic humans undermine systems safety
> Make systems safer by restricting the human condition
63. NEW VIEW
> Human error is a symptom of deeper system trouble
> Instead, understand how their assessment and actions
made sense at the time - context matters
> Complex systems are basically unsafe
> Complex systems are tradeoffs between competing
goals safety vs. efficiency