Nerds on a plane: what we can learn from the aviation industry | Sarah Young

well we have two more speakers left for today our next speaker has previously spoken at many security conferences including black hat and has co-authored a few Microsoft press technical books she's an active supporter of security communities across the globe and a co-host of the Microsoft Azor security podcast please welcome Sarah Young

hi everybody I mean I've spoken this is the third time I've spoken in like three days so hello again uh if if you've watched me thank you for not getting really bored of me because there's only so many times no matter how great a presenter you are that you can listen to someone's voice but today I'm going to do the talk that I was actually sched well this afternoon I'm going to do the talk that I was actually scheduled to do here at uh beside Sydney the other one was just a in for someone who couldn't make it so if you didn't come to that or anything else I've ever done uh obviously I've had an introduction but

my name is Sarah Young I am a principal security Advocate at Microsoft I live in Melbourne I spend probably more time doing things overseas than I do here in Australia so it's really nice to do stuff a little bit more local I've worked into security for far too long nowadays I love talking about security I would be strange doing my job if I did not I got two cute dogs I just pimp the dogs because it's a much nicer thing to put on the screen than me and I have as my introduction said I've written some Microsoft press books if you've done some Microsoft exams you may have read a book that I at least co-wrote and I have

a podcast which disturbingly people actually listen to so what am I going to talk about today to hopefully keep you awake for the last couple of talks of the day I'm going to talk to you about planes now I spent a lot of time on planes particularly in the last five or six years minus Co in the middle and as my mother would say planes are great bits of kit that is pretty much what she said um they are great bits of Kit they are obviously amazing pieces of engineering they are designed by very smart people and probably much smarter than me and a fun fact when I was younger I was actually scared of flying

like really scared of flying and I decided I would teach myself about flying to understand the mechanics of it more so I wouldn't be scared it didn't work uh but I did learn a lot more about planes and what actually worked for me was exposure therapy that my employer threw me on a plane pretty much every week for years and I kind of stopped caring about planes after that because you just can't but anyway this is what we're going to talk about I'm going to talk about the Swiss Cheese model of safety which is used in many different Industries including Aviation we're going to talk about Aviation Safety Management Systems how aircraft accidents are assessed and

then we're going to look at some notable aircraft accidents over the years and then obviously bringing it back this is a security conference not a plane conference what can we actually learn from this as security folks so trigger warning might be obvious but I'm going to mention it anyway I'm going to talk about aircraft accidents people are going to die so if you're scared of flying or kind of sensitive to that topic you might want to go cuz this probably isn't the talk for you I will not be insulted no one's actually got up and left yet when I when I've given this talk but I said trigger warning has been done I feel good another disclaimer I am not a

hardcore Aviation geek I spend a lot of time on planes so there's kind of a bit of Stockholm syndrome going on there um and I appreciate that they are very good bits of engineering and if I get some of the exact details wrong if there's anyone who knows more about planes in the audience than me I apologize the very first time I ever gave this talk there was actually a pilot in the audience thank goodness I didn't know that until afterwards and he did tell me that I was pretty on spot on and I was like sweet so uh but please feel free if I get anything slightly not right to uh come and tell me

so let's get into it let's start with the Swiss Cheese model of safety you may be familiar with this now it is actually called its real name is called reasons model but commonly referred to as the Swiss Cheese model it is based on a chap called reason he actually studied at the University I went to and it's a model about how to do safety so it's not specific to security it's any industry where they have to consider safety so that could be Aviation it could be mining it can be medicine they all have to look at these kinds of things and if we have a look at this you can see we have hazards which

we would probably call threats in security and then we have at the other end accidents and losses which would be a security breach or or something in in it and then we have these two different sides of how these things can line up one is active failures and active failure is when something goes wrong someone makes a mistake so in terms of Aviation because that's what this talk is maybe the pilot makes a mistake and then we have latent conditions that's things in the environment that aren't as controllable that can also cause problems so in terms of Aviation we'd probably be looking at something like the weather something that we don't control but can have uh effects and and

does this look like um office insecurity we call this defense in depth so the idea is that we have have multiple layers of security controls and if one fails another one will block the problem but it's only when all all of those things line up that a bad thing happens it's exactly the same in safety and in aviation so here's a lovely GIF GIF you can call it whatever you want um of how they dealt with Co in New Zealand so uh it was very similar to here I know it depended on the state but what you can see is all the different controls they put in to try and deal with covid so on uh the left there

you've got border closures controls I actually got stuck outside Australia during covid because I am not a citizen thanks o uh and uh um and then on the other side of things we have uh the people staying home if they're sick cleaning surfaces handwashing and you can see all of these different things we had lockdowns in the middle there and some of those combinations work well and obviously as we went through the pandemic we changed some of these controls we had more we had less uh and so as you can see as we start to take away some of those layers that's when it was more likely covid you would catch covid I think just this is very uh very

topical um and uh you know to and and the more controls we have the more restricted people felt I mean I know this is New South Wales but anyone from Victoria and did the EXT exensive lockdowns I actually missed them which was great because I was in New Zealand but um we were living like it was 2019 uh 2019 and 2020 mostly apart from no overseas travel um but this is going to go round and round but the point is that um actually lots of different industries use this idea of multiple controls so Aviation Safety Management Systems now who here has done risk assessments and and stuff like that the organization few hounds me too because

for my sins I used to work for a big four sorry if there's anyone from a big four in here uh and so I have done plenty of risk stuff in in my time now have a look at this then um and even if you've just done security standards internally rather than risk assessments have a look at some of the things they do in aviation and see if it looks familiar they have policy and objectives and that's where they assign key personnel and accountability for things they do risk management which is identifying hazard things that could affect the plane and the safety of the passengers and risk mitigation never heard this before safety assurance which is the monitoring

and the measuring of those controls you know we've put a control in but how effective is it is it any good and then finally training and education uh have we um fishing training anyone anyone not done fishing training seriously have you ever worked have you done a job okay where's your fishing training Sylvia no do you not have fishing training Oh no you're too you're just leap you're too leap for fishing training it's all good anyway so we have training and education now what's really interesting is in aviation and I took this from uh the Australian uh civil aviation authorities website they have something called positive safety culture and of course we talk about security

first culture security awareness but they are so much more mature than us have a look at what they've got here U we'll go around the circle a bit uh flexibility where the culture and the behavior adapts to change lovely um just culture now this one's a good one culture that discourages blaming an individual for an honest mistake that contributes to an incident let's have a look I'm not going to name a specific incident that may have happen may or may not have happened in the last couple of months but if we think about said specific accident that may have taken out all the supermarkets in Australia um and if you were following that online you may be aware that there was blame

placed at the foot of an intern an intern that nobody actually knew existed and there was no evidence that person existed uh but they did that because we love to blame someone has anyone here um been part of a security or an operational incident and it's been firmly BL the blame has been placed with one person or one team even though that was arguably very not justified iable one there the rest of yeah there's people like we did so yeah we blamed them so um what and so they they and same problem in in other Industries you see um whereas they in aviation say no we want people to speak up we want also want to look at what other factors

accounted for things rather than just going they did it they're crap let's move on also um looks and collects and analyzes data to improve the safety now we do reluctantly I would say do incident post-mortems but I would say generally in insecurity we do them generally if uh I'm just watching that's my sticker hey um I didn't know they rolled um uh I would say generally um and you may have a different experience that we we do postmortem quite reluctantly in security we we do them you know if like it's so uh if the incident's been so impactful and everybody knows about it that we have to do one rather than doing one for the

sake of doing one now the airline industry doesn't quite have that luxury because if a plane crashes out of the sky people notice kind of every time so you sort of have to do it um so slightly different they do say that the best saf um best improvements are often Written in Blood which is horrible but I believe that is a phrase they use um and uh reporting culture do you do you report a near Miss if I realize a near Miss is kind of a bit of a funny one in security do you report things where you think you might have messed up but you're not sure does your organization encourage this oh you do lovely lovely good on you

anyway I think that they have um it's not dissimilar but I would say they're way more mature than other of this stuff so look at this diagram this is uh the kind of flow chart for their risk management doesn't look familiar let's go from the top identify the hazard analyze the assess the risk the the actual severity of the risk look at the probability of the risk is this acceptable yes no yes we accept the risk and document no find some mitigations go around Implement new controls wash RS repeat God that's not exactly the same as what we do in sec cuz I think one of the things as security folks that we like to say is

that we think that the problems that we deal with are unique like no one else in the world has to deal with you know risk and and the probability and the severity and 100% loads of other Industries deal with it I mean literally this is what we do so this this look at this this is a direct screenshot from a very old PowerPoint as you can see by stunning clip art uh this is from the io which is the international civil aviation Authority um they talk about Safety Management systems and look at this we need to incorporate safety into everything not just the planes it's not just you know make sure the wing doesn't fall off it's the people it's the tools

the materials the software and then this is the one I love the most maintain a balance between production and protection now I think this is much more easily demonstrated in aviation because if you wanted to keep your plane 100% safe no risk no risk at all of there being a crash the plane has to stay on the ground right there are no passengers on the plane they stay in the airport but there's a problem there because then no one's going anywhere and there's literally no point having the aviation industry now we also have this problem right in security um we but ours isn't as so so obvious and clearcut in the same way but we are also trying to

balance production and protection because if we put probably every single security control we could possibly think of in the production would be severely limited and so we have the same problem as they do but there's is there's no question in their mind that the planes have to fly whereas I think there are some pantic security people who would possibly put in every single control that they possibly could irrespective of whether that means the business can do business we are definitely getting better as an industry at that but I don't think we're as good so yeah just LOL at the bad clip art I mean God knows how old this slide is I also stole another side from the uh

IO and here this is the the uh them tracking how uh um aircraft accidents have gone down over the years since they started doing more thorough reviews of what happened so you can see kind of before 1950 I mean that's you know arguably this is you know in the very early days of Aviation more generally uh that the accidents have come down quite significantly and if you think about how many more flights are happening as well every year that's a huge huge huge reduction now sadly you know when wouldn't it be amazing if we could get the these kind of stats in security I don't think they would look like this but and and that would require everybody

to be very transparent and and and admit mistakes and I sadly don't think we'll ever get that but you know if it's really cool to see how as they've spent more time analyzing and learning and sharing information about how things have gone wrong you know accidents have gone down they haven't stopped completely that's never going to happen but actually plane crashes were much more frequent in the past than than they than they are now especially relative to the number of aircraft that are in the air which is significantly higher so as you can see so actually uh actually they're a lot better than us they're far more mature so how do they how do aircraft

accidents get assessed let's have a look at this and maybe compare it with if you if you do it how you would assess a security incident within your your uh organization so first of all go and gather the evidence you I'm sure you've seen when there is a horrible aircraft accident that they go to the site and the investigators put everything in bags and start collecting things and go and usually take it all to a warehouse to go and analyze it and they can spend days and months doing this and if the plane is in the sea they go and look for it I know mh70 the one that disappeared but you know generally they they spend a lot

of time and effort trying to do this and find it then they'll take that evidence and they'll start examining it and analyzing it trying to work out what happened so it might be relatively clear cut or at least on the surface you know the I don't know the wing fell off but they still I know I know sorry like I said don't don't stay stay in this talk if you're scared of flying wings don't just fall off by the way that's not a thing but say the wing just fell off um you know that's obviously the immediate cause of the accident because planes kind of need wings but why did the wing fall off was it that they didn't

maintain it properly and if they didn't maintain it properly why did the engineers not do that what cultural things led to the engineers not doing what they should have done on the plane have you ever heard anyone go into that much depth in any kind of it Rapport it's usually they did it wrong done um so they're much much much more thorough they draft the report it's internally reviewed generally these aircraft accident reports are done sometimes it depends a little bit but it's usually done by the country that the accident happened in or and or by the country that the of the airline that was involved in it um the the air where the aircraft came from that's not a hard

and fast rule but generally then they'll do an external review with external experts it'll be approved and then the whole report is put out publicly some of the aircraft accidents I'm going to talk to you about in a second you can go and read the official report online they're all public now of course as I said uh you can't hide a plane crash like you can potentially hide a security breach um and I think the fact that means that they have you know they've got no choice really but to do it publicly whereas you know most companies I think will try and keep it on the down low unless they're forced to if it's something very very public though we do

know that mandatory breach reporting legislation is coming in in some parts of the world so maybe we'll see that change and people will start being more open with these things but of course we know that people want to protect their reputations and I think short of jurisdictions mandating it we're not going to see the same sort of transparency in security which I think is a shame because if you share all these how accidents happened people can learn things okay this is what you're all here for right like we're going to talk about plane crashes that's sounds so weird I'm like we have plane crashes right okay but let's talk about a few and let's look at

how that swiss cheese model all those holes lined up for something bad to happen because it is not planes do not just fall out of the sky okay first off erance uh we're going to skip around a bit in the Years here I did not do these in a logical order they are not in Timeline order but let's start here Air France 447 that was a flight in June 2009 it was from Rio de Janeiro to Paris and again I'm doing this quite high level at the end of the talk I will link to some videos and articles if you want to go read in depth but essentially what happened here was the PTO tubes on the TR on the plane got

blocked by Ice whilst it was flying along now if you don't know what a PTO tube is they look like little guns they're the little things that look like guns on either side of the plane just underneath the pit there's usually three of them so one on one side one on the other in kind of a spare failovers and they got blocked by Ice uh because there is a lot of ice in the atmosphere at a high level now that's not a massive problem but what PTO tubes do well it's a problem but only a temporary one what pbes do is the air passes through them and they measure the speed of the plane and things like that which is quite

important for Pilots to know so they got blocked by ice and it made the speed warnings on the Pilot's monitors go a bit funny and they were like oh God okay uh now the correct thing to do was to just chill for a minute and the PTO tubes would clear because the planes are moving quite fast and everything goes back to normal but these Pilots panicked and so they started to move the plane again like I said please go watch the videos for like a more in-depth technical thing don't kill me if you are an AV person the pilots got confused they thought they had to take action so they were like oh what we do um uh we

better like the plane it looks like the plane's slowing down we'll go up we'll go down and essentially what they did was they ended up stalling the plane now if you don't know an aerodynamic stall is not the same as a car stall uh if so if you don't know how planes work think of when you put your arm out of a car you feel the air and the air gets heavy and your arm sort of goes like that that is how planes work they get really fast and the the uh the wings Start generating lift and and that's how they take off so in order to and planes have to be going at a certain speed to keep

generating the lift to keep flying so an aerodynamic stall is when basically you slow the plane down to the point that the wings aren't generating enough lift and that's when the plane would drop these guys um they were experienced Pilots um and you really shouldn't as an airline pilot you should not stall a plane um he did they did what's really sad is these were the two more Junior pilots in the cockpit and the captain was called back from his break because there was three of them and they were rotating because it was a longer flight and the captain actually worked out what they'd done um and he told them no you need to put the nose down because if you

put the nose down on a plane you go faster and that then that makes the wings like generate the lift so it sounds a bit counterintuitive but this is what all Pilots should know it's like flying Basics he realized what had happened because they've got this from The Voice Recorder but um it was too late they were too low down and they didn't have any enough distance to be able to recover the plane so here it was um if this had happened when the captain was on duty don't think it would have happened um if the pilots had been better trained they were more Junior they panicked and there was a lot of Reliance on Automation and when the PTO

tubes got blocked the autopilot turned off that's part of the feature of the plane it's a safety thing now if they' have just held the plane level and done nothing else would have been fine but they panicked thought they had to do something and it caused an accident so you can see it wasn't just one thing here there were a c a lot of factors like Technical and people that went into this accident happening next up going back a long way uh to the 1950s now this bad boy is called a deavin comet it was the first jet plane ever so jet planes started in the 1950s after the second world war and every and jet planes were very exciting

and new because planes before this as I'm sure you know were like propeller planes much slower had to fly much lower the exciting thing about jet planes was they could go faster and they could fly higher but with flying higher that meant that they needed to pressurize the cabins to keep because who know anyone here not flown on a plane at some point great probably no one's going to admit to it anyway but you know when you I think everyone's flowing on a plane and uh you know when you fly in a plane your ears pop as the pressure changes and that's because when you get above 10,000 fet you need to keep a different

pressure in the cockpit of a plane and the reason for that is because humans can't breathe the air above 10,000 feet because it gets too thin and there's not enough oxygen in your pass out there's actually another aircraft accident about that but this is not in my talk today um so um you need so the plane needs to be essentially uh watertight airtight so it can maintain that pressure um of below 10,000 ft so people can breathe now this was the first these jet planes were the first planes they had to do this with because new technology now for those of you I know it's a bit small at the back but what can you see something different

about the windows in this plane they are square have you ever seen a plane in real life with a square window so the these uh these planes started flying in the 1950s um they weren't very long range they used to only do an hour or so here or there particularly around EUR Europe and a few of them crashed and they didn't know what happened and this was the 1950s so they didn't have so much monitoring there were no black boxes this was the very early days of air crash investigation so they would go to the wreckage they would try and work out what happened and it happened two or three times with these planes and it was

the same thing the planes seemed to kind of blow up in the air and they couldn't work out what had happened happened they were like is it a bomb like what has happened to these planes it's happening multiple times so there must be a problem and we didn't have the same kind of telemetry that they had back in well we we have way more Telemetry now what it transpired was but they had to get a few wreckages before they could work this out is that the the the Square Windows when the plane was when the plane uh took off and it pressurized it would put stress on the corner of the windows and then when the plane landed

and came down it would put more stress as it depressurized and the problem was with the shape of these windows there was Far much too much stress being put in the corners and so what was happening was uh at some point it would stress and stress and stress and then the metal would fatigue and break and then the plane would effectively blow apart because the pressure inside was higher than on the outside and they realized when they did more analysis it was due to the shape of the window and that is why now you see all plane Windows of that kind of overly shape which equally spreads the pressure when you pressurize and depressurize I think to me what's the

most interesting about this is that jet planes were brand new like brand new it was a brand new technology and they literally didn't think of this like so thinking about this in security terms you know everyone's starting to use AI or starting everyone's using AI it's a new technology we don't know what we don't know about it right we just don't there's a lot of stuff we have some ideas of what might go wrong with it but it's a new technology they just didn't think of this they just did not think this could be a thing until they started having these accidents and that is why now days you do not see Square Windows and I've just literally talked over my

other side already um because I do that but also you know they didn't have a lot of accident investigation procedures at the time so unfortunately I think two or three of these deand comets crashed before they worked out what the problem was but pressurized cabins were new technology they didn't understand the risk risks next one air blue this was in July 2010 so little bit more modern if you've never heard of air blue I hadn't before I was uh before I started watching lots of YouTube videos about planes they are uh Pakistani Airline and there was a flight flying from Karachi to Islamabad so a domestic flight long story short the plane flew into a mountain range

rather than Landing which was clearly not the intended thing to do so uh the plane was coming in this way I don't have a pointer today and I'm not tall so it was supposed to come in here loop around and land on the runway which was here but instead it went up here and then crashed into the mountains right up there which clearly would not be the intention of the pilots now what happened here so this was pilot error and but there are a number of factors that went into it that where it could have been caught and wasn't so let me so Pilots got confused at the beginning of this flight there was just a captain

and a first officer the first officer was quite Junior the captain was quite senior and this is all on The Voice Recorder so when they started the flight the captain starts grilling the first officer about random flight things now this wasn't a training flight so that was not necessary and actually he shouldn't have done it but the the the captain was like tell me what you doing this this situation tell me what you do in this situation and was like really laying into the first officer they're not sure why and eventually they could tell the first officer was like sorry sir sorry sir blah blah blah blah blah and started getting really quiet because he was really beating the guy down and

actually during this when they were starting to come into land the first officer thought they were going the wrong way but and he said one tiny thing like sir I think we're doing this and the captain's like shut up pretty much and so actually what's really sad is the first officer actually realized there was a problem but because he'd been grounded down throughout the flight by his senior didn't bother um didn't really feel like he could say anything also the airport at azamabad did not have radar at the time I think that's kind of I think most airports do but actually it's not compulsory I don't believe even now and so they didn't have radar so as the plane was flying around

the pilots were saying oh we're here we're here and the air traffic controler like cool we'll just take your word for it because they had and if they'd have had radar they might have seen the plane was going way off um the captain also ignored something called the minimum descent level now this is which was 2 thou uh 2500 ft now the minimum descent level is something that every single airport has it's not the same height at every airport it depends and essentially what what that is is when planes come into land if they can't see the runway at the minimum descent height they're supposed to take off and go around again now this Captain completely ignored this

minimum descent he couldn't see the runway it's not surprising he couldn't see the runway CU he wasn't anywhere near it um and that's what um but he ignored that now the procedure would have been he at 2 200 feet he should have gone around and tried again but he didn't he continued to descend to 2,000 feet and that's actually roughly where they hit these mountains so again another time where this this accident could have been avoided but and this is like a global standard it's not even a particular Airline thing you know why did he not do that it's like common sense um they also weren't using the proper the the standard approach to the

airport all airports have maps of the way you're supposed to approach it they weren't using that what was sad about this one was that as I said I said earlier so I'm going to say something different now uh the Pakistan Aviation Authority this report unlike most Airline reports is really sparse and it's not as good it it does exactly what I was saying the airline industry usually doesn't do which is they they basically said this was the Pilot's fault they were bad but they're dead oh well let's which obviously sounds terrible but um you know it didn't really look at like why was the captain ignoring the minimum descent level that's that's a global industry

standard why was he laying into the first officer clearly it was very clear from the the the cockpit voice recorder that the first officer was like really scared of this Captain who' been laying into him for the whole flight so again as you can see multiple things go wrong for an accident to happen now this one's really this one is a very famous air disaster this is the tenar air disaster it involved two 747 so two big planes and this is still to dat the biggest single loss of life ever for an aircraft accident um and that's because two very big planes collided into each other one was km which is a Dutch Airline and one is PanAm which was

a US Airline which does not exist anymore the pilot of the or the captain of the km was this dude he really looks like a pilot right like he really does like he looks like a pilot um he was like one of the km's top Pilots he was in their adverts but he didn't actually fly that much regularly he didn't fly regularly anymore he mostly did training and apparently took pictures for adverts um now there's a lot of things that went wrong in this uh so number one the again this there's a lot more to all of these stories so please go watch the videos if you find them interesting uh but the reason this happened is because both of

those planes were not supposed to tenie they were going into another Canary Island um I always forget which one but they had a bomb scare there so all the planes were diverted to tenie so ten was quite a small airport at the time it wasn't expecting all these planes there were other planes there as well not just these two and tenar Airport I don't know if anyone here has been to tenie it's basically a volcano and and it gets a lot of the weather's very changeable on one particular on one side of the volcano and it and so fog and Cloud can run in really really quickly while all these planes were on the ground waiting

to be able to go back to the airport they was supposed to go to a load of fog came in and this chat Captain Von zaventem really wanted to go home to Amsterdam and they know this because it's on the voice recorded he was telling the other pilot he's like I really want to go home so he said whilst we're at tenar we're going to fuel up to go back to Amsterdam we're going to save some time we'll do the hop to the other airport offload people pick up people go home sounds like a great plan but um there was also no ground radar at tenar as well and all this fog came in and basically uh the km went to take off

cuz they were all ready to go and the air traffic control were still maneuvering some of these other planes and the km took off whilst the PanAm flight was taxiing across the runway it ran into it and but it they saw them very last minute it tried to take off didn't make it and a few some people on the the plane on the ground the PanAm survived but everyone in km was uh uh died and again the first officer of the km actually said to this guy are you sure Pam's not on the runway and he was like no we're fine let's go again someone impatient um not paying attention and also there was also there

was a lot of different things that that went wrong here there was some non-standard radio communication so uh in if you ever watch anything plane related you know there are some quite specific phrases they use now everybody apart from the PanAm Pilots wasn't speaking in their native language because everyone in aviation uses English now so in tenary if they speak Spanish uh the km folks they speak Dutch now if there's any Dutch people here I know that your English is like perfect but technically it's not your first language so and uh so they they used a couple of they just said oh yeah okay and they're not supposed to okay is not an aviation term you shouldn't say okay

because it doesn't really mean anything and there was some of that as well and if anyone does radio stuff you also know that in radio channels you someone can only one person broadcast at a time and as they were giving some of these directions someone else bumped in and they actually missed a bit as well so it was really bad what's really sad about this is the you know I said the captain chose to refuel so when you refuel a plane makes the plane heavier takes it a little bit longer to take off had they not refueled and they'd been lighter they don't know for sure because they can't they think that they might have been able to get up

above the PanAm and it wouldn't have happened which sucks but again layers lots of thing little things went wrong to line up for an accident to happen so by now you're probably feeling thoroughly depressed so I've got one more story for you one more uh now this is uh until well maybe lockaby uh if those of you who know lockaby in the late 80s and then obviously 9911 but before those ones this was like the probably the biggest terrorist uh related plane accident out there and it was Air India in the in 1985 it was a flight that went from Montreal to Bombay with a couple of stops on the way and it was carried out

by a seek terrorist group who were campaigning for an independent seek stake in seek state in India now you may know that Canada has quite a big seek immigrant population and so this started over in Canada uh what happened was the plane was uh blown up somewhere over the Atlantic Ocean kind of close to Ireland and and the bomb was in luggage that was checked into the plane and in fact there were two bombs that day that they had planted one was on this FL and one was on a flight going to Japan from Canada and uh that one the plane got all the way to um it actually got all the way to Japan and the plane was back on the

ground and it blew up on the ground and killed a baggage handler so not good for the baggage handler of course but slightly you know fewer people died anyway there's a couple of things that went wrong well there are multiple things again that went wrong here this and and this is why anyone here been delayed because they've had to offload bags because someone didn't make the plane this is why or well there's another one as well but the two reasons why that they will never carry bags where the passenger isn't on the plane anymore or if the passenger's not made the plane so there's a couple things that went wrong here the the bomb was

originally checked in in Vancouver and the gentleman who went to check it in uh the terrorist gentleman he went to the desk and said I want to check in my bag all the way to India and they said oh no you can't do that sir because it didn't work like that she said no we'll have to offload it uh I think in Toronto um maybe Montreal it was on the east coast of Canada no it'll have to be offloaded and you'll need to recheck it in again to go to India and he was like excuse me I'm business class I want and he really pressured this lady he was like I want you to check it all the way through and

even in the 1980s this was not the procedure but he put a lot of pressure on her to check it all the way through saying he was busy business class this was disgraceful blah blah blah and eventually she relented and checked it all the way through now that gave the gentleman the opportunity to get off the plane and the bag still go all the way through without him being on the plane um then there was another chance to catch this uh at the luggage x-ray machine because as you know all luggage is x-rayed uh it was it was broken um at one of the stops where they were scanning it so the baggage was being

scanned with with manual baggage uh scanners um now actually one of the devices beeped on the bag in question but the baggage handlers didn't use these scanners very often and they'd been told that these scanners only you only needed to pay attention if there was a big beep not a little beep so although it actually detected something they their training wasn't good enough and they let it go through and then as bags in the hold without passengers attached to them even if they didn't make the plane at the time weren't necessarily offloaded so unfortunately this bag was loaded it was not caught the other gentleman got off the plane and then it blew up over the Indian not

the Indian Ocean sorry it blew up over the Atlantic so again this is why we have to offload backs one of the reason one of the reasons so I've given you some really depressing stories but what can we learn in Tech from this and I think that's quite a cool little few take ways we can take away too much automation can lead to loss of essential skills so automation is a great thing I am not saying we should not automate things please do not take that away from this talk we do need to automate but we also need to be conscious that you you need to you need to know how to do things if the

automation goes wrong um and I think with AI um this is going to become even more pertinent um that AI will we're going to start to automate things with AI and will people forget how to handle um the the things that the the automation is doing no one is infallible you should have safe spaces for people to be able to speak up Junior people can see mistakes as well because people make mistakes we're all human and if people and if people feel like they can speak up that's way better than someone ignoring something and then you know a bad thing happening it's really really important that we do this and I don't think we're very good at that insecurity

I'm in my personal opinion procedures reduce the likelihood of mistakes and misunderstandings couple of the stories I've told you here today if procedure had been followed the accident wouldn't have happened if it's either not doing your minimum descent you know not going below the minimum descent rate using okay which is not an aviation term that means anything and things like that you know procedures I know everyone hates them they're boring they're a pain to make but when they're done they really do reduce the likelihood of people doing the wrong thing because they know the process to follow everyone is susceptible to social engineering I know we like to think as security people no no no I wouldn't

click on the dodgy link it's true like I'm not going to click on the I'm a Nigerian prince here's a million dollars just give me your you know but I need $500 you need to send me $500 first no some of these scams are getting really good I saw one recently where I was this close to clicking on it because it was a really well-crafted email um so don't be so arrogant or up yourself that you think you can't be susceptible because you can that poor lady on the check-in desk I can't imagine how she felt after what happened happened but you know she she gave in and then you don't know what you don't know like especially any new tech

especially I know I can't believe I'm using this phrase in the age of AI um you don't know what you don't know there's going to be a ton of stuff but not just AI we're introducing new technology new combinations of technology stuff can happen and then thorough post morms are essential please do them don't just point the finger at one person or or one group of people because it's never just one thing there's always a number of factors that come into it because different parts of the Swiss chese model fail at different times and those holes can and will line up you need to try and make it as unlikely as possible and I think I'm like bang on

according to my laptop I am bang on time done it um here's if you want to read um that is not a dodgy QR code you can scan it I promise it's my terrible joke I make every time um it will send you to a page that's got some links for videos and additional resources if you want to read up on it um thank you for paying attention it's a Saturday afternoon and penultimate Talk of the day so thank you for your attention I hope you enjoyed it don't think we got time for questions because I'm up for time but I will hang around somewhere and you can come and talk to me if you want I I have a few

stickers but most of you cleared me out this morning so you can come and see what's left and thank you very

much smashed it bang on