Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Hack a pacemaker?  Is this a real problem?

Some recent experiments have been able to hack a pacemaker and other medical devices including an insulin pump.  The weakness of these systems was the analog sensors attached to the body to gather information. These analog inputs bypass the internal security and are converted directly to digital signals. 

From a risk perspective is this something medical device manufacturers , insurance companies and the medical professionals need to worry about? It was part of a conversation at the Black Hat @Design West Conference where considerable discussion was held on building defensive walls. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

After writing several articles about topics  related to medical devices and big data, thought I’d explore a new area, risk and space tourism.

Though I will include one interesting note about medical devices, on the October 20^th episode of 60 Minutes former VP Dick Cheney admitted that he had the external programming capability for his defibrillator turned off to prevent it from being hacked.  So, even as people question the possibility of this occurring we have a real world example of the steps taken to prevent this from happening.  Think risk mitigation. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Frequently in my work as a systems engineer I’m faced with producing several artifacts for a project, typically a system architecture, model(s), requirements, safety analysis and risk analysis (management plan).

The challenge is many of these are treated as serial activities, items to be completed but not necessarily tied together.  To produce an architecture and requirements that reflect all of the known/identified issues we should be working on all of these activities concurrently or at the least have a first cut at the safety and risk analysis before starting the requirements.  From a project planning stand-point how these are shown on a schedule are driven by the size of the team and the project schedule.  “What do we need to complete a phase/gate review”  is how the schedule ends up being built versus what do we need to proceed with the systems design and architecture. [Read more…]

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Here in Seattle we’ve had several interesting incidents/accidents with personal UAVs (unmanned aerial vehicles) or drones.

In one case a person flew their UAV into the Space Needle, no damage and no one was hurt; at a parade an operator lost control and hit and knocked out a parade attendee and the operator was cited by police; UAV stuck on power lines over a lake, result – power turned off and UAV recovered at a cost of $35K and the operator was not found; and just recently a UAV was flown into the Ferris wheel on the waterfront, no damage to the wheel though a table on a nearby deck was destroyed.

In the first two of these cases the operators were identified and contacted by Seattle Police. No one has stepped forward in the third and fourth, and since the FAA database is not in place yet, the only means to track them may be through the manufacturer. [Read more…]

Guest Post by David Parishkoff (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

If Knowledge is Power, then understanding the cascading factors that shape our destiny can potentially offer Disruptive Knowledge and Decisive Power. Cascade Effect Thinking (CET) is a new paradigm that dynamically discovers the truth about interacting threats and opportunities in unique, analytical and gamified ways. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Risk Management is like vitamins; we know it is good for us, but we don’t always want to take it.

Why?  Human nature is to avoid discomfort and unpleasantness.  What does this have to do with risk?  What is the real impact of consequence of a Risk?  Why do we not want to face it? If you think about it, it is the underlying of risk – it is Fear. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

One area that does not receive much emphasis in risk management is the human factor.  In risk assessments, risk events, likelihoods and consequences, vulnerabilities are the usual focus.  People are viewed as ‘weak links’ in risk prevention, but what about risk mitigation?  Your risk planning depends on people to respond when an event occurs. How good is their risk decision-making under stress?  There is the weak link.

In 1996, IEEE published a book on “Probabilistic Risk Assessment and Management for Engineers and Scientists” by Kumamoto and Henley[1].  This book is about using probability to assess reliability and safety risks in an industrial environment.  The book introduces some interesting concepts, such as risk perception and ‘Human Reliability’. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Why are there “bad” decisions? No one starts out to deliberately make a bad decision. If you look into available thought papers and reports, you can find some evidence that can provide some understanding of how bad decisions are made.

COSO in 2012, commissioned a report on “Enhancing Board Oversight”[1] focusing on challenges and biases in making professional judgments.

More recently, several HBS faculty authored a study an “attribution error”[2], where decisions are biased by unjustified attributions of goodness to applicants based on “luck” rather than ability. [Read more…]

Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Introduction

I was supposed to be in Boston presenting at “The Disaster Conferences” on 28 January 2015. Well, the weather just put us out to 19 March 2015 for the now rescheduled Boston conference.

I guess that they are still feeling the effects of this week’s blizzard, now named “Juno”; that left Boston with over 24 inches of snow.

According to the Weather Channel Winter Storm Juno pounded locations from Long Island to New England with heavy snow, high winds, and coastal flooding late Monday into Tuesday. The storm is now winding down.

The National Weather Service has dropped all winter storm and blizzard warnings for Juno. [Read more…]