This morning, I became the sacrificial lamb who went to the lecture whilst others (ahemalexpanamanahemtsoyuzhuahem) slept in. I had to take one for the team and take notes, so take notes I did. Usually, I refrain from taking too many notes as I'd rather listen than try and remember two things at once (what I'm trying to write and what I'm going to write based on what's currently being said). However, since my friends weren't in the lecture, I tried to make my notes as thorough as possible.
Fall back attack: "Nah you gotta use this crappy version"
Film in the exam: The China Syndrome
Root-cause analysis: Trying to figure out what went wrong to stop it from being repeated (which may cause more problems). It can be useless because things can always be different (combination of factors that might not happen ever again).
Humans prefer a single cause/explanation.
Top errors in descending order:
User/human-error: How do you fix it? You sack that person. It's quick. Humans like blaming people. The person who did the "last-touch" in aviation - the person who inspected the feature/signed-off would get all the trouble.
Culture: Don't have to sack anyone. Who's responsible for a bad culture? Everyone. Consultants and education training brought in. Changing culture is hard.
Honesty: maybe people aren't aware that they're not being honest. If the signing is at the top, people are more likely to be honest, than if the signing was at the bottom eg. Honour code (being EtHiCaL). Convincing yourself that you're right, despite the evidence eg. confirmation bias.
Misdirection and limited focus: Torch in dark room - some factors you don't look at, some factors you look at over and over again. Misdirection - to divert focus on something else, rather than what you should be looking at. Humans should focus on what's logically important, but we tend to focus on what's psychologically salient (most impressive, interesting). This is exploited by social engineers, magicians (tricks work because our attention is elsewhere),
Similarity matching: Finding what's similar and thinking that it's the same. Social engineers make the situtation seem familiar so that they're able to predict what their victim will do. You don't have to think very much.
Frequency gambling: When you have a match (the situation is happening and your brain is recalling the pattern), when pattern isn't similar, your brain will pick a pattern isn't the best matching one, but the one that you've used most often in the past. What's worked in the past will work in the future.
How is an accident different from an attack?
We can get away with accident, but we can't get away with security - someone will take advantage if it.
"Habit diminishes the conscious attention with which our actions are performed" William James 1980
The more habits we form, the less we use our torch.
Satisficing: Instead of maximising someting, you aim for something that's good enough - good enough is good enough.
Bounded rationality: Small amount of focus fed by a tiny little trickle. The amount of focus and energy you put into someting is very small, so you take a lot of short cuts.
Overriding tendency to verify generalisations rather than falsify them: If someone's made a generalisation, it'll be hard for them to back down.
Group think: They felt important and didn't want to do anything to jeapordise it. When you value group membership and harmony/consensus. If things are going of the rails, no-one wants to say anything and be the one that no-one likes. Group pressure.
No one cause, many factors that caused the error - a normal accident, a whole system is responsible. Just culture, instead of going around punishing people, you learn about how to fix things.
Chekhov's gun: What are the points?
Case studies: Lots of irrelevant stuff so that we don't fall into the cognitive traps.
Plan for fewer contingencies can occur: focus on one contingency
Illusion of control: when you understand or can explain the problem, you feel like you can control the outcome - a sense of power.
Hindsight bias: If you know the previous outcome of the previous outcome, you are more likely to think that it'll happen again. The more things happen, the more you're likely to think that it'll occur again. THe less things happen, the less likely to think that it'll happen.
The more you tell the story, the more you simplify things and the more you exaggerate what you think is salient.
Defence in depth: You feel safe - but things may fail invisibly.
Operator deskilling due to atutomatic safety devices: By having lots of defence in depth and using humas as the last line in defence, they may lose their skills and will not be ready for an actual attack.
Latent vs active failures: Latent failures - "an accident waiting to happen".