Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
2017 –The Year in Review“Highlights” From the DRIE Digest Real Event Log
DRIE Toronto SymposiumDecember 12, 2017
Des O’Callaghan FBCI
Why look at real events?
� Reality checks – wake-up calls
� Understand the “when not if” factor
� Counter “it’ll never happen to us” attitude
� Re-evaluate threats; expand horizon scan
� Broaden planning scope
What is real, anyway?
� The opposite of fake?
� Tangible consequence (hurt, or hurt?)
� News vs. opinion
� It has happened (vs. might)
Jan 11th: 6 Volkswagen employees charged$4.3 billion in fines are levied
Event: VW scandal aftermath Lessons / Implications
� Liabilities don’t go away
� Financial damages
� Reputational / brand damage
� Untold amounts of future business lost
� (CEO already lost job –9/23/2015)
Mar 21st: Google report shows 32% increase in web site hacks from 2015 to 2016
Event: report on cyber attacks Lessons / Implications
� Don’t put off improving your defences…..
� …..or you too can become a statistic
� Ensure you have a cyber response plan…..
� …..and a plan to continue business by other means
Apr 9th: United Airlines creates a public relations nightmare with forcible removal of a
passenger from a plane
Event: airline PR disaster Lessons / Implications
� Do your policies pass the common sense test?
� Recognize a line can be crossed that you don’t want to cross
� Ensure your explanations do not make the situation even worse
May 1st: Fire in a hydro vault on Toronto’s King St. leads to some extended premises outages
Event: fire Lessons / Implications
� What seems like a short-lived disruption can have long-lasting consequences
� Consider “invisible” hazards in your threat assessments
May 12th: #wannacry disables several large organizations such as the U.K.’s NHS;
affects 100 countries
Event: ransomware attack Lessons / Implications
� Appreciate the global reach of cyber threats
� You are not immune
� Collateral damage can affect critical infrastructure
May 27th: British Airways has a computer “glitch” that disrupts flights for days
Event: more airline PR failure Lessons / Implications
� Understand which of your systems are critical
� Have appropriate IT continuity solutions in place
� Communicate
� Communicate
� Communicate
June 13th: Grenfell Tower apartment fire in West London (UK) kills 71 people
Event: residential fire Lessons / Implications
� “Police told an inquiry Monday that possible charges include misconduct in public office, manslaughter, corporate manslaughter and breaches of fire safety regulation.”
� Do not clad your building in combustible material
� Do not ignore warnings
July 7th: Air Canada near miss at SFO could have been the worst airline disaster in history
Event: airline…..again Lessons / Implications
� The pilot, seeing “some lights on the runway,” called into air traffic control, to confirm the landing.
� "Air Canada 759 confirmed cleared to land runway 28 right," the tower responded. "There is no one on 28-Right but you."
� Seconds later, another voice –seemingly one of the pilots waiting on the taxiway –interjects "Where's this guy going? He’s on the taxiway.“
July 7th: Air Canada near miss at SFO could have been the worst airline disaster in history
Event: airline…..again Lessons / Implications
� The pilot, seeing “some lights on the runway,” called into air traffic control, to confirm the landing.
� "Air Canada 759 confirmed cleared to land runway 28 right," the tower responded. "There is no one on 28-Right but you."
� Seconds later, another voice – seemingly one of the pilots waiting on the taxiway –interjects "Where's this guy going? He’s on the taxiway.“
� ANOTHER ONE on OCT 22nd
(radio problems)
Aug 26th: Hurricane Harvey stalls over Houston and causes massive flooding
Event: hurricane Harvey Lessons / Implications
� History will repeat itself (2001, 2012, 2015, 2016...)
� Be careful what you pave over (anticipate flooding)
� Some businesses were forced to close for a long time, even permanently
Sep 20th: Hurricane Maria hits Puerto Rico with force. Over 1,000 killed. Massive damage and power outages.
Event: hurricane Maria Lessons / Implications
� Neglecting infrastructure WILL cost
� Political blame games will not save lives
� No time limit on a crisis
� Full recovery may take a generation
Oct 1st: Gunman shoots at concertgoers from a Las Vegas hotel room; killing 59, injuring 527
Event: mass shooting attack Lessons / Implications
� Don’t count too heavily on hotel security
� Questions raised (fairly or unfairly) on the speed of the response – either way, seconds count
Oct 14th: 40 killed as some of California’s worst ever wildfires approach Sonoma; 8,900 buildings destroyed.
Event: wildfires Lessons / Implications
� Pre-conditions can be ultra hazardous (dryness of terrain, prevailing winds)
� Policies on controlled burns may make it worse (easy to say, hard to do)
Nov 1st: Heavy chain reaction collisions on Hwy 400 near Barrie kill 3, injure more
Event: highway pile-ups Lessons / Implications
� Tanker trucks described as “bombs on wheels”
� Cause of pile-up believed to be driver inattention
� Should hazardous goods transport be regulated more strenuously?
Halifax Explosion Anniversary
� Canada’s greatest disaster: Dec 6, 1917
In Memoriam
Ken Macdonald
A New Honorary FBCI
Graeme Jannaway
Conclusions
� Use real events from anywhere to inform your own planning
� Take the big lessons from big events and distill them to the reality of your business
� Build self-sufficiency
� Build adaptive capacity (resilience)
� Don’t stop planning