Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

You’ve no doubt read about Google’s driverless car and the effort  at the state level to gain permission for its use on public roads.   

Driverless Car Risks

There are the obvious concerns and risks with operating a driverless car, though Google does have someone sitting behind the wheel, just in case.   Of course, can a person just along for the ride respond fast enough to a problem?  This becomes one of the risk areas needing to be addressed before full adoption of driverless vehicles.  Integrated with Intelligent Transportation Systems (ITS) we’ll see vehicles and roads sharing data with each other to produce safer travel and relief of congestion. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

I usually write about risk as related to projects, but several of the comments I received on my article on “Can Your Pacemaker be Hacked” made me realize that we are all faced with risk management in our personal lives.

Continuing on the medical topic, think about how many options you’re faced with when your doctor recommends a procedure, whether adding a pacemaker, replacing a joint or a prescription drug.  

Hopefully you have a doctor that you trust and knows you, but how would you respond to the doctor recommending a procedure?  If we use a risk process then we’d have to consider the possibility of the identified risk occurring, the impact on our life(style), the benefits of mitigating the risk.

To support our decision we could get a second opinion, do on-line research or check with family/friends that have had the same procedure.  Then just like a manager assigning a risk we’d have to review the data we collected and make a decision.  The advent of Electronic Medical Records should make life easier, but also lead to more challenges for managing/securing data. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Hack a pacemaker?  Is this a real problem?

Some recent experiments have been able to hack a pacemaker and other medical devices including an insulin pump.  The weakness of these systems was the analog sensors attached to the body to gather information. These analog inputs bypass the internal security and are converted directly to digital signals. 

From a risk perspective is this something medical device manufacturers , insurance companies and the medical professionals need to worry about? It was part of a conversation at the Black Hat @Design West Conference where considerable discussion was held on building defensive walls. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

After writing several articles about topics  related to medical devices and big data, thought I’d explore a new area, risk and space tourism.

Though I will include one interesting note about medical devices, on the October 20^th episode of 60 Minutes former VP Dick Cheney admitted that he had the external programming capability for his defibrillator turned off to prevent it from being hacked.  So, even as people question the possibility of this occurring we have a real world example of the steps taken to prevent this from happening.  Think risk mitigation. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Frequently in my work as a systems engineer I’m faced with producing several artifacts for a project, typically a system architecture, model(s), requirements, safety analysis and risk analysis (management plan).

The challenge is many of these are treated as serial activities, items to be completed but not necessarily tied together.  To produce an architecture and requirements that reflect all of the known/identified issues we should be working on all of these activities concurrently or at the least have a first cut at the safety and risk analysis before starting the requirements.  From a project planning stand-point how these are shown on a schedule are driven by the size of the team and the project schedule.  “What do we need to complete a phase/gate review”  is how the schedule ends up being built versus what do we need to proceed with the systems design and architecture. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Here in Seattle we’ve had several interesting incidents/accidents with personal UAVs (unmanned aerial vehicles) or drones.

In one case a person flew their UAV into the Space Needle, no damage and no one was hurt; at a parade an operator lost control and hit and knocked out a parade attendee and the operator was cited by police; UAV stuck on power lines over a lake, result – power turned off and UAV recovered at a cost of $35K and the operator was not found; and just recently a UAV was flown into the Ferris wheel on the waterfront, no damage to the wheel though a table on a nearby deck was destroyed.

In the first two of these cases the operators were identified and contacted by Seattle Police. No one has stepped forward in the third and fourth, and since the FAA database is not in place yet, the only means to track them may be through the manufacturer. [Read more…]

Guest Post by David Parishkoff (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

If Knowledge is Power, then understanding the cascading factors that shape our destiny can potentially offer Disruptive Knowledge and Decisive Power. Cascade Effect Thinking (CET) is a new paradigm that dynamically discovers the truth about interacting threats and opportunities in unique, analytical and gamified ways. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Risk Management is like vitamins; we know it is good for us, but we don’t always want to take it.

Why?  Human nature is to avoid discomfort and unpleasantness.  What does this have to do with risk?  What is the real impact of consequence of a Risk?  Why do we not want to face it? If you think about it, it is the underlying of risk – it is Fear. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

One area that does not receive much emphasis in risk management is the human factor.  In risk assessments, risk events, likelihoods and consequences, vulnerabilities are the usual focus.  People are viewed as ‘weak links’ in risk prevention, but what about risk mitigation?  Your risk planning depends on people to respond when an event occurs. How good is their risk decision-making under stress?  There is the weak link.

In 1996, IEEE published a book on “Probabilistic Risk Assessment and Management for Engineers and Scientists” by Kumamoto and Henley[1].  This book is about using probability to assess reliability and safety risks in an industrial environment.  The book introduces some interesting concepts, such as risk perception and ‘Human Reliability’. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Why are there “bad” decisions? No one starts out to deliberately make a bad decision. If you look into available thought papers and reports, you can find some evidence that can provide some understanding of how bad decisions are made.

COSO in 2012, commissioned a report on “Enhancing Board Oversight”[1] focusing on challenges and biases in making professional judgments.

More recently, several HBS faculty authored a study an “attribution error”[2], where decisions are biased by unjustified attributions of goodness to applicants based on “luck” rather than ability. [Read more…]