2017 –The Year in Review“Highlights” From the DRIE Digest Real Event Log

DRIE Toronto SymposiumDecember 12, 2017

Des O’Callaghan FBCI

Why look at real events?

� Reality checks – wake-up calls

� Understand the “when not if” factor

� Counter “it’ll never happen to us” attitude

� Re-evaluate threats; expand horizon scan

� Broaden planning scope

What is real, anyway?

� The opposite of fake?

� Tangible consequence (hurt, or hurt?)

� News vs. opinion

� It has happened (vs. might)

Jan 11th: 6 Volkswagen employees charged$4.3 billion in fines are levied

Event: VW scandal aftermath Lessons / Implications

� Liabilities don’t go away

� Financial damages

� Reputational / brand damage

� Untold amounts of future business lost

� (CEO already lost job –9/23/2015)

Mar 21st: Google report shows 32% increase in web site hacks from 2015 to 2016

Event: report on cyber attacks Lessons / Implications

� Don’t put off improving your defences…..

� …..or you too can become a statistic

� Ensure you have a cyber response plan…..

� …..and a plan to continue business by other means

Apr 9th: United Airlines creates a public relations nightmare with forcible removal of a

passenger from a plane

Event: airline PR disaster Lessons / Implications

� Do your policies pass the common sense test?

� Recognize a line can be crossed that you don’t want to cross

� Ensure your explanations do not make the situation even worse

May 1st: Fire in a hydro vault on Toronto’s King St. leads to some extended premises outages

Event: fire Lessons / Implications

� What seems like a short-lived disruption can have long-lasting consequences

� Consider “invisible” hazards in your threat assessments

May 12th: #wannacry disables several large organizations such as the U.K.’s NHS;

affects 100 countries

Event: ransomware attack Lessons / Implications

� Appreciate the global reach of cyber threats

� You are not immune

� Collateral damage can affect critical infrastructure

May 27th: British Airways has a computer “glitch” that disrupts flights for days

Event: more airline PR failure Lessons / Implications

� Understand which of your systems are critical

� Have appropriate IT continuity solutions in place

� Communicate

� Communicate

� Communicate

June 13th: Grenfell Tower apartment fire in West London (UK) kills 71 people

Event: residential fire Lessons / Implications

� “Police told an inquiry Monday that possible charges include misconduct in public office, manslaughter, corporate manslaughter and breaches of fire safety regulation.”

� Do not clad your building in combustible material

� Do not ignore warnings

July 7th: Air Canada near miss at SFO could have been the worst airline disaster in history

Event: airline…..again Lessons / Implications

� The pilot, seeing “some lights on the runway,” called into air traffic control, to confirm the landing.

� "Air Canada 759 confirmed cleared to land runway 28 right," the tower responded. "There is no one on 28-Right but you."

� Seconds later, another voice –seemingly one of the pilots waiting on the taxiway –interjects "Where's this guy going? He’s on the taxiway.“

July 7th: Air Canada near miss at SFO could have been the worst airline disaster in history

Event: airline…..again Lessons / Implications

� The pilot, seeing “some lights on the runway,” called into air traffic control, to confirm the landing.

� "Air Canada 759 confirmed cleared to land runway 28 right," the tower responded. "There is no one on 28-Right but you."

� Seconds later, another voice – seemingly one of the pilots waiting on the taxiway –interjects "Where's this guy going? He’s on the taxiway.“

� ANOTHER ONE on OCT 22nd

(radio problems)

Aug 26th: Hurricane Harvey stalls over Houston and causes massive flooding

Event: hurricane Harvey Lessons / Implications

� History will repeat itself (2001, 2012, 2015, 2016...)

� Be careful what you pave over (anticipate flooding)

� Some businesses were forced to close for a long time, even permanently

Sep 20th: Hurricane Maria hits Puerto Rico with force. Over 1,000 killed. Massive damage and power outages.

Event: hurricane Maria Lessons / Implications

� Neglecting infrastructure WILL cost

� Political blame games will not save lives

� No time limit on a crisis

� Full recovery may take a generation

Oct 1st: Gunman shoots at concertgoers from a Las Vegas hotel room; killing 59, injuring 527

Event: mass shooting attack Lessons / Implications

� Don’t count too heavily on hotel security

� Questions raised (fairly or unfairly) on the speed of the response – either way, seconds count

Oct 14th: 40 killed as some of California’s worst ever wildfires approach Sonoma; 8,900 buildings destroyed.

Event: wildfires Lessons / Implications

� Pre-conditions can be ultra hazardous (dryness of terrain, prevailing winds)

� Policies on controlled burns may make it worse (easy to say, hard to do)

Nov 1st: Heavy chain reaction collisions on Hwy 400 near Barrie kill 3, injure more

Event: highway pile-ups Lessons / Implications

� Tanker trucks described as “bombs on wheels”

� Cause of pile-up believed to be driver inattention

� Should hazardous goods transport be regulated more strenuously?

Halifax Explosion Anniversary

� Canada’s greatest disaster: Dec 6, 1917

In Memoriam

Ken Macdonald

A New Honorary FBCI

Graeme Jannaway

Conclusions

� Use real events from anywhere to inform your own planning

� Take the big lessons from big events and distill them to the reality of your business

� Build self-sufficiency

� Build adaptive capacity (resilience)

� Don’t stop planning