back to article To improve security, consider how the aviation world stopped blaming pilots

To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to ISACA director Serge Christiaans. Speaking at Singapore's Smart Cybersecurity Summit this week, Christiaans explained that until around 1990, the number of fatal commercial jet …

  1. ChoHag Silver badge

    Blame Culture

    Who's fault is that then?

    Also see https://xkcd.com/1831/ but thanks for playing. Now maybe get back to flying the plane? Developers have been at it so you're going to want to pay attention.

  2. chuckufarley Silver badge
    Boffin

    Many years ago...

    ...I worked for a major commodities exchange that also happened to be a non-profit organization. It was hands down the best environment I have ever worked in. Not only were the network and software highly complex, and the people that built all of it willing to share their wisdom with young PFYs like I was, but everyone knew that when you made a mistake you owned it as soon as you realized it. Sure, it took guts to stand up and raise you hand and say "I really screwed this up!" On the other hand that kind of honesty was good for everyone because it saved the exchange time and money. Having all hands on deck to over come a problem works so much better if everyone knows what the problem is and why it happened. Even if it means restoring data from a back up tape is the only solution at least everyone can do what they need to without sitting in a conference call for three hours. Service level agreements, big money clients, insurance companies, and more can be satisfied so much easier when the root cause is known to be human error from the start because then it's easier to correct the problem without down time.

    Not only that, I learned that smart people are smart. Most problems have more than one solution and I saw many ingenious fixes and workarounds to issues that could have delayed the opening of international markets if the person that had made the mistake kept quiet about it. Image not having to play the blame game every time there was a problem. Imagine working in a place where the easiest way to get fired is making a mistake and not telling anyone. Imagine not being written up or fired for being a human being.

    That's why when I go to the rare job interview these days I always start with "If I make a mistake I'll tell you right away and here is why..."

    1. ComputerSays_noAbsolutelyNo Silver badge

      Re: Many years ago...

      What was the underlying reason for this culture?

      My take from your description would be money, or the potential of losing money.

      For an commodities exchange, downtime would be quite a loss-maker.

      So, you had an overarching goal (avoiding downtime) and everything else (personal ego, etc.) was subordinated.

      This makes your case special in my view, because many IT businesses lack that sort of motivation.

      For many IT businesses downtime is bad, but losing your personal data?

      They have backups, so it's not really lost; and it being out there isn't a problem as long as the leak isn't attributable to them.

      And even then, they promise to do better and simply carry on.

      1. chuckufarley Silver badge

        Re: Many years ago...

        Simple questions and answers are the best and your question is worthy of a simple answer:

        Q: "What was the underlying reason for this culture?"

        A: "Getting it right in one try."

        Teams shouldn't be punished because of the human failures of their members, but they should be rewarded for overcoming the weaknesses of all their members.

        1. Zolko Silver badge

          Re: Many years ago...

          I have worked for a local company in the development branch, and every year was the CEO-fest where he dispatched his wisdom. And every year we could hear the same mantra: "Despite the technical problems this product was a commercial success ". For him, problems were always technical, and success was always commercial. He didn't realize that the commercial success was because we had solved all the technical problems. Development engineers were a source of cost for him, and marketing people a source of benefit.

          I left the company when I realized that.

    2. stiine Silver badge

      Re: Many years ago...

      I've operated that way since I started working in IT 35 years ago. Threre's no sense in having admins, devs, and operations all searching for the cause of a problem when a simple 'I did x and it caused the outage' will save everyones time and energy (and mental state.)

      Besides, there is a certain amount pride to be had in causing a multimillion dollar system to got titsup...

      1. HumPet

        Re: Many years ago...

        I've been a part of a SCADA technology development team since 2003; I'm mostly into communication protocols, databases, and archiving (historian).

        Our systems are used in industry, energy control (electricity, gas), chemical factories, and transport (railroads). They are often built as redundant 2 or 3-node systems, so they are meant to go 24/7/365. The planned outages during patching are 0, the outages during upgrades are counted in minutes (see https://d2000.ipesoft.com/blog/dispatch-control-system-upgrade-scada).

        We (developers & application specialists) acknowledge we are human and we make mistakes. When we do, we analyze them, correct them and learn from them. Btw, we are using Ada language that helps us to make fewer mistakes and find them faster (by features like strict typing, runtime checks, and high readability).

        Also our customers are technically-oriented, so they acknowledge the new version may have issues that escaped testing, but as long as we can correct them within hours since being reported, they are satisfied.

        1. Anonymous Coward
          Anonymous Coward

          Re: Many years ago...

          So, the opposite of Dev Ops then?

        2. Anonymous Coward
          Terminator

          Re: Many years ago...

          @HumPet: “I've been a part of a SCADA technology development team since 2003”

          Do they still connect SCADA units directly to the Internet?

  3. A Non e-mouse Silver badge

    If you've never made a mistake in your worklife, you're either lying or have never done a days work and I'm not interested in employing you.

    (Of course, if you've never done a days work and are applying for your first ever job...)

    1. Anonymous Coward
      Anonymous Coward

      … and Sopra Steria make plenty of them.

      Huge numbers.

  4. CGBS

    "The ones who adapt succeed." I've never heard anything so amazingly naive in my life. If you think Boeing needs to adapt to succeed, you are a complete and total brain dead idiot or....you are just gunning to be the next Boeing: too consolidated, too well connected and too vital to fail.

    1. lglethal Silver badge
      Stop

      Boeing used to be the king of the commercial aviation market. People only bought Airbus when they didnt have enough money to get Boeings. But Airbus upped their game massively, and Boeing didnt adapt (or it adapted the wrong way by simply cutting costs). Now Airbus are king of the commerical aviation market, and people only buy Boeing if they dont have enough money to buy Airbus.

      If the current trend continues (and Airbus dont screw it up), Boeing will become an irrelevance in commerical aviation, at which points funds will dry up fast. The support and connections from the US government will only go so far. It wont collapse into nothing over night, but a steady selling off of anything profitable (probably to politicians friends) and a break of anything else into multiple smaller firms, will occur unless something changes. I'd give it 10-15 years, but if things dont change that's the direction it's going.

      1. anothercynic Silver badge

        I think you ignore the massive defence industrial complex that Boeing is part of. Boeing Commercial might see a drop perhaps, but that it will break into smaller companies? Not a chance. The GOP will not let that happen because too many snouts are in the troughs that Boeing provides (and vice versa). I say the GOP because they are the party of supposedly smaller government but prove themselves incapable of reducing defence spending.

        Boeing will survive on defence contracts. That's why they moved their HQ from Chicago to Arlington in Virginia, to be closer to the big trough that is government spending (and the Pentagon, and the various three-letter agencies). Seattle is... well... 'just' manufacturing (ditto South Carolina).

      2. This post has been deleted by its author

      3. CGBS

        The US wouldn't let any of its automakers go under, do you think the primary commercial aircraft manufacturer and massive defense industry company is going down? Like I said, amazingly naive. Also, apparently last year Airbus lost so many wide body aircraft orders it actually went to negative 55 orders, and horrible crappy Boeing did, to be clear this is a positive number, 213 orders. Yes, Airbus won out in orders on small aircraft. So...people love flying on big Airbus aircraft so much they lost all their orders and then some. I think you mistake what is a point of fact, ie the US won't let Boeing fail because they are too important and connected as an attack on something you obviously have far too much invested in. Again, my position is correct, too big to fail. If that somehow offends you on a deep level, oh well. Link to the numbers since you will probably respond about something if not, so there ya go: https://www.flightglobal.com/airframers/airbus-bests-boeing-in-2022-orders-and-deliveries-but-both-airframers-take-positives/151599.article

        1. bazza Silver badge

          Boeing / Airbus Market Share

          There's a lot of too and fro in the debate about which company is doing best. However, I think the data in Wikipedia is fairly conclusive. This Table shows the aircraft actually in service across the worlds airlines. It shows that in the 14 years from 2006 to 2020, the in-service share shifted from Boeing:Airbus 2:1 to nearly 1:1. That's a huge swing in market share from Boeing to Airbus, in quite a short time (aircraft last in service a lot longer than 14 years). That's reinforced by the fact that, today, Airbus has thousands more aircraft on backlog than Boeing. Even more tellingly, what with the MAX grounding and COVID, Boeing has taken quite lengthy "delivery holidays", whilst Airbus continued to deliver at quite a high rate even during the COVID pandemic.

          One of the reasons why long haul airline tickets are so expensive at the moment is because Boeing has massively under-delivered. Consequently, leased aircraft are at a premium on the rental market as aircraft that have expired their hours are grounded and have not been replaced. You can tell how badly this is affecting the market when airlines are dragging A340s out of storage and putting them back into service. Even the A380 now looks like good sense (Even Qantas have restored their entire fleet to operations).

          Continued contraction for Boeing seems guaranteed, especially given that the CEO / board has said they're not really going to do anything about this by investing in new designs. The problem with this is that, with Boeing's performance continuing to be eratic, collapse seems highly likley, and probably sudden.

          To Airbus, market share has been their key driver. You can make money if you have market share. You can't make money if you don't have market share. What Boeing has found is that, whilst their inefficiencies could be hidden and ignored when they had high market share, they can no longer be ignored now that Airbus has pinched a big slice of the market. A real indication of this is that Airbus, despite the commercial failure of the A380 program (as big an inefficiency as you can get) none the less managed to survive and thrive. How bad can Boeing be that they couldn't make Airbus really, really hurt with the failure of the A380?

          Too Big to Fail? US Gov Military Motivation to Support Boeing?

          I think you overestimate the extent to which the US gov is prepared to support Boeing. The US Military have had issues with a lot of Boeing made products of late - Apache, KC46, P8, Airforce One.

          Apache - a mature, legacy programme - was inexcusable; the US Army sent a whole batch of brand new ones back because of poor quality manufacturing.

          KC46 has had innumerable issues such as poor quality, it not being usable as a tanker at night, and its cargo floor clamps spontaneously letting go of cargo containers. It was and is a nightmare procurement for the USAF. Boeing used every dirty trick in the book to beat up the USAF to win the contract, and then delivered a shite aircraft.

          P8 has recently stopped production because of a supplier issue.

          Airforce One is very late. And, the cost of saving Boeing to the sake of future AF1's is probably more than the cost of a future bespoke design. For example, Airbus spent about $25billion creating the A380; it's going to take more than that to save Boeing. Paying Lockheed or Northtrop to do a one-off design is probably cheaper.

          In short, there's not many reasons at the moment for the US Military to love Boeing.

          Meanwhile, Airbus has at least one reason to be loved by the US Military, who clearly want the A330 based MRTT tanker (which is what everyone else in NATO is buying). Airbus, properly teamed up with a US prime like Lockheed or Northrop, could find its successful commercial designs being picked up by a number of US military programs.

          Domestic Politics and Geopolitics

          An actual Boeing collapse would be a huge issue, because all of a sudden it'll not be legally possible to fly a large fraction of the world's aircraft fleet. Certified flight operations depend on manufacturer-backed "design authority" support, which will have disappeared. That's the part that's "too big to fail".

          Plus, if Boeing collapsed with thousands of aircraft still on the order books, it's not like Airbus could fill the gap quickly. That starts getting geopolitical, very quickly. The US Gov and Europe would not want a Boeing-sized hole in the commercial aircraft market filled by a Chinese State backed manufacturer. Some very strange things might happen, e.g. the US Gov asks Airbus to come in and pick up the remains of Boeing, keep plants operating, etc.

          The ideal for the democratic West is that Boeing is restored to industrial, engineering and economic health. Aviation is important to the global economy, and no one in the West wants China to gain control of that aspect of it. It's therefore worthwhile pondering, how has Boeing got into this mess in the first place, to know how to fix it? It's related to how US businesses behave and are incentivised, how employment in the US works, and so forth. Boeing has chased profits and cost reduction because that's what shareholder have obliged them to do, and in doing so has accumulated vast debt, lost a ton of market share, has a poor product line up, and huge labour issues (e.g. they've just lost hundred of experienced engineers who've had to retire, due to the contract between the company and the union). You cannot permanently fix this simply by pouring money into the company. It takes wholesale reform of how business operates in the USA. That's a deeply political issue, and one that the US political system is uniquely ill equipped to address.

          What's going on round the world is that everyone is looking at the USA / Boeing, to see if the US is actually going to do anything about it. They seem not to be doing anything (apart from a belated attention to certification practises). Some airlines are evidently buying Boeing partly because they're worried if they don't, Boeing CA will collapse and then there won't be any choice.

          Airbus too are rumoured to be worried about a Boeing collapse; becoming a global monopoly would attract the most dreadful political heat. It's known that, in launching the A320neo family, Airbus were taking a bet that this would bump Boeing into (yet again) revamping 737. When Boeing responded with the MAX, apparently there was champagne popped open in Toulouse, because Airbus knew they could out-profit another 737 derivative. Then the MAX crashes happened.

          I don't know for sure, but I strongly suspect that Airbus seniors are now a little bit worried that they might just have overdone the whole "attack Boeing's market share" thing, sowing the seeds for big problems for Airbus in the future. There is competition, and then there's deadly competition. Airbus now know that if they corner Boeing even more, there's a danger that the consequences can be fatal. It's pretty bad way to do business knowing that if you're too good at doing it, your (incompetent) competitor might end up killing people again trying to keep up. At least the FAA seems to have sharpened its regulatory teeth again, to keep things minimally safe.

          One way out of this is to allow Airbus to continue to become truly vast at a high pace, to get to a point where (from everyone else's point of view) Boeing is small enough to fail, ASAP.

          Another way out is for the US Gov and European Governments to realise that an alliance on commercial aviation is needed. If a global monopoly is going to be the eventual result, why not arrange that in advance and avoid the chaos? That could involve the US admitting that, "Okay Airbus, you win", but ensuring a smooth transition from Boeing making (defunct) Boeing designs to the same people in the same facilities coming under Airbus-style mangement building Airbus designs, and the whole Airbus vs Boeing thing being buried for good.

          There is already precedent for this: this is exactly how Airbus got formed in the first place - an amalgamation of European aircraft manufacturers. A politically backed merger between Airbus and Boeing is no different in concept.

          1. anothercynic Silver badge
            Mushroom

            Merging Airbus and Boeing? GO. WASH. YOUR. MOUTH! That's heresy!!

            1. bazza Silver badge

              Heresy today indeed! Perhaps, geopolitical necessity tomorrow. You heard it here first!

              The aviation business is a very big part of the world economy, and the western version of it is too big to fail. Merging Airbus and Boeing will at some point look more like common sense than losing out to, say, China. The logical conclusion to the fight between Airbus and Boeing is that one of them will go out of business, which is bad news no matter who you are. Companies failing and merging is what's happpened repeatedly in the industry over the past 7 decades, I don't see why we should expect it to stop. Better that happens in an orderly fashion, with the West still firmly in control, than for one or both Western companies to be mortally wounded in the fight. The democratic world's politicians will have to call off the competition at some point, if the industry doesn't work that out for itself first.

              1. Paul Hovnanian Silver badge

                "Merging Airbus and Boeing will at some point look more like common sense ..."

                But that's how Boeing became infested with McDonnell Douglas management. The merger brought a lot of people along that were better at back-stabbing than building airplanes. Old Boeing management was pushed aside. Boeing would have been better off waiting for McD-D to go under. And then pick up the pieces it wanted at the liquidation sale. Same advice applies to Airbus.

                Read "Flying Blind" by Peter Robison. Or don't, if you need to fly on a Boeing airplane in the near future.

                1. anothercynic Silver badge

                  A man after my own heart. And one who read the book.

                  Yes. indeed. And Airbus's shareholders will *never* approve a merger with Boeing. Why? Because Airbus was founded to be a counterweight to Boeing (and McDonnell Douglas, and Lockheed).

    2. Martin

      There are loads of examples of companies who were market leaders, thought they had it easy, and didn't bother to adapt - and suddenly, they were playing catch-up.

      One obvious one springs to mind - Kodak.

      1. D.A.

        We can only pray that Atlassian will follow their example..

      2. Someone Else Silver badge

        Another one: EMD

      3. bazza Silver badge

        Kodak - the irony being that wet film photography is becoming trendy once more. Like vinyl records. Adapt can mean, "survive", which is what Kodak have done.

        Wet film photography at its very best is difficult for digital systems to beat. It remains in use in some quite important niches, as well as becoming more popular in general photography.

        1. Mike Pellatt

          But.having scaled to meet the mass wet film market, it became unable to meet the needs of the niche market.

          To think, I nearly took a job with them in Harrow doing process control.....

      4. Sudosu Bronze badge

        Novell, but they got murdered on pricing.

  5. fnusnu

    We'll know we are making progress in this direction when we stop blaming "human error". It's a meaningless labe akin to blaming car accidents on 'bad driving'

    1. This post has been deleted by its author

    2. SundogUK Silver badge

      Apples and oranges.

    3. Anonymous Coward
      Anonymous Coward

      Minor fender-bender caused by not quite seeing one specific vehicle on one occasion? Human error, but understandable. Maybe tech can help with that. (Maybe.)

      Crash caused by driver going 20mph faster than other cars on that road, fast signalless lane changes, and going through traffic lights just after they turn red? Technically human error, but better known as "bad driving". Best solution is to remove the driver from the road.

  6. fpx

    Pilot Error

    In the end, a large proportion of aviation accidents come down to pilot error, unfortunately. Pilots have ultimate control over their aircraft and are in position to avoid accidents. Most aviation accidents would have been preventable, if the pilots hat acted properly. Unfortunately, that "proper action" is sometimes obvious only in retrospect.

    Therefore, when an accident happens, there is a culture of questioning why it came to that, and why the pilots did not use their opportunity to avoid the accident. Were pilots given false, conflicting or misleading information? Were they distracted by an overload of concurrent events? Were they following a checklist, and if not, why not?

    I encourage everyone to read NTSB aviation accident reports. They go into deep detail about what could have been done to prevent an accident. The reports do not blame the pilot, but investigate why pilots acted the way they did, and what should be done to assist future pilots in recognizing a similar situation, and to arrive at the proper action earlier.

    This holistic approach to investigating incidents without attributing blame is something that we can all learn from.

    1. imanidiot Silver badge

      Re: Pilot Error

      The surface level reason for a lot of accidents is indeed "pilot error". But what aviation as a whole has worked on is looking beyond that and finding out WHY that pilot error happened. Well trained pilots rarely make unforced errors, there's often more going on. Could be bad, conflicting, unusual, incorrect training, instruments, ATC instructions, crew communications, weather, etc, etc. By preventing or mitigating the circumstances that led to the mistake, allowing the pilot to focus on the flying and get things right, the pilot error doesn't happen again. Arguably the 2 737 MAX crashes were "pilot error" because they should have correctly applied the runaway trim procedure and landed the aircraft. But they didn't, and unclear instrumentation, bad training and bad design conspired to steer them away from the correct solution and ultimately led to them losing control of the aircraft.

      1. Christoph

        Re: Pilot Error

        "looking beyond that and finding out WHY that pilot error happened."

        The pilot misheard a message about waiting for takeoff and thought it was clearance for takeoff.

        Fix: Aircraft now wait for 'departure'. The word 'takeoff' is used ONLY when giving or cancelling clearance for immediate takeoff.

        Result: No more Teneriffe.

        1. Sudosu Bronze badge

          Re: Pilot Error

          Now, if only they could get rid of the word "Remove" off of point of sales devices until they actually want you to remove your card.

          If I haven't had all my coffees, it says "do not REMOVE card" and my brain only catches "REMOVE" and out it comes.

          This reminds me of the movie The Bedford Incident (at least I think that was the one) about a cold war stand off with a nuclear sub or another ship from a nuclear power.

          Spoiler alert!

          Everyone is on high alert and edgy, the captain is discussing strategy with his officers on the bridge where he says "I won't fire one unless they fire one"

          The dutiful weapons tech repeats "fire one" and launches the first strike of a nuclear war.

      2. SundogUK Silver badge

        Re: Pilot Error

        "Pilot error" simply means that nothing physical/mechanical/electrical etc... on the aircraft broke and that therefore THE MANUFACTURER IS NOT LIABLE.

        1. Lars Silver badge
          Coat

          Re: Pilot Error

          @SundogUK

          Yes but it's not that simple, take those cases when a pilot by accident has pressed something because his hand was for good reasons where it was and that he then also touched, by accident, that other thing.

          Yes, that was his fault but it's also an indication that it might happen again, by accident, and that the layout of the cockpit might need to be altered.

          There has been quite a lot of similar "problems".

        2. doublelayer Silver badge

          Re: Pilot Error

          Not necessarily. It could be that something did break, and the pilot was going to act differently based on that broken part, but they did something wrong during that recovery. Multiple things cause a problem, even if a pilot error was required. Not to mention that parts can break for reasons unrelated to the manufacturer, like improper maintenance, lack of needed maintenance, damage related to weather, and the like. Your comment suggests you may be falling into the blame culture the policy was trying to avoid.

          1. SCP

            Re: Pilot Error

            Humans err, things break. These are the inconvenient truths of the real world. The key thing is that when these things happen we don't want the system to fail catastrophically.

            Aviation (and some other fields) have got to a stage where catastrophic failures are rare. Those that happen are investigated thoroughly and have processes that aim to ensure they are not repeated. However, to meaningfully drive continued improvements it is necessary to flag up and address those cases where things went wrong but were not a catastrophe. In this respect the aviation industry culture of "no blame" reporting helps flush out the smaller things that could be the harbingers of doom.

        3. SundogUK Silver badge

          Re: Pilot Error

          I think my point has been misunderstood. Aircraft manufacturers always want a verdict of 'pilot error' as it gets them off the hook. And they often have the power or influence to get it.

      3. bazza Silver badge

        Re: Pilot Error

        >Arguably the 2 737 MAX crashes were "pilot error" because they should have correctly applied the runaway trim procedure and landed the aircraft. But they didn't, and unclear instrumentation, <u>bad training</u> and bad design conspired to steer them away from the correct solution and ultimately led to them losing control of the aircraft.

        I hope that, by "bad training", you're referring to the initial failure to disclose the existence of MCAS in the first place, and also to the advice given by the FAA / Boeing following the Lion Air crash. You cannot say it's "pilot error" for not knowing how to respond to an on-board system they'd not been told of, or for failing to follow a procedure that in certain circumstances was physically or intellectually impossible (or both) to follow.

        As well as the failure to disclose the existence of MCAS to MAX pilots, there was also an issue in that any knowledge of the loads on the manual trim wheels had been lost to time. On the original 737 they were a lot larger and easier to turn. That was when anyone had last looked at what those loads could be. In subsequent generations of 737 the wheels remained, but they'd been reduced in diameter therefore giving pilots less mechanical advantage over the aerodynamic loads. But no one had bothered to revisit what that meant in extreme out of trim situations, because that "never happened". Then with the MAX, Boeing fitted a system that could cause extreme out of trim situations, very quickly, with no useful warning (MCAS).

        Worse, they didn't even tell pilots that there was something called MCAS fitted in the first place (this was part of the "no training difference" Boeing had attempted to achieve between NG and MAX). Still no one tried out extreme out-of-trim procedures for real, and the aircraft still got certified. So, the Lion Air pilots were attempting to fix a system that their manuals didn't even mention, and with the fault they had the "book" advice was lethal (because it meant turning MCAS - broken - back on).

        The advice given by the FAA / Boeing after the Lion Air crash turned out to be ill advised. The updated advise was based on try-outs in a simulator, not a real aircraft. The problem was that the sim was inaccurate, and didn't recreate the loads on the manual trim wheel. Had they tried it on a real aircraft, they would have realised that a pilot would have to have throttled back to be able to conduct the runaway trim procedure, and given more emphasis to doing that. More likely they'd have realised that, in the circumstances where a pilot was low to the ground, being told by the aircraft that "airspeed is unreliable", and experiencing strong nose-down tendancies in the controls, it would have been asking too much of a reasonable pilot to take an added risk and cut the throttles.

        Afterall, low altitude + nose down trim + too little airspeed (what does "unreliable" actually mean?) + cut the throttles guarantees a crash.

        It was the poor quality of the Boeing / FAA response to the Lion Air crash, evidenced by the Ethiopean crash, that lead to first the CAAC and then other global regulators grounding the MAX. It was effectively at that point that the rest of the world realised that it could no longer trust the US industrial / regulatory system, and realised they had to act independent of the US. If that isn't indication enough that the MAX crashes were not "pilot error", that there was no "correct solution" for the MAX + MCAS 1.0 failures, then I don't know what is.

        1. anothercynic Silver badge

          Re: Pilot Error

          BINGO! If you don't know a system exists and how to control it when it goes nuts (which MCAS did, multiple times, with fatal consequences TWICE), and the manufacturer is caught lying to the regulators about it in text chats, and all that because of MONEY, then you cannot for one second claim that "the pilots were badly trained".

          Ethiopian Airlines arguably has some of the best training facilities on the African continent, and has a bloody good safety record (compared to its peers outside Europe/USA). Claiming that their pilots were badly trained without understanding that Addis is a hot and high airport and that MCAS engaged when above a certain limit above sea level (which meant MCAS engaged *just after takeoff during a critical flight phase*) is at least ignorant and at worst racist and ignoring the facts.

          LionAir on the other hand is less stellar, but nonetheless, they had forewarning (that was not recognised) only because a jump-seat pilot there noticed what was going on on another flight and stopped the runaway there, otherwise there would have been 3 deadly incidents involving MCAS.

          The common denominator is MCAS. Which no-one knew about. Because Boeing deleted it from the manuals. Because they didn't want to have to go through extended certification. Because MONEY. Thus primary cause is manufacturer cocking up. End of.

    2. abend0c4 Silver badge

      Re: Pilot Error

      It's not just aviation. There's been a culture shift in Civil Engineering, too, where more time and energy could be spent in negotiating penalty costs between myriad subcontractors when things went wrong than on putting things right. See, for example:

      https://www.constructionbusinessowner.com/management/beating-blame-game

    3. graeme leggett Silver badge

      Re: Pilot Error

      Tim Harford's "Cautionary Tales" podcast is good for examples of how humans make mistakes, a recent one was an examples of when an anti-collision system caused an accident because of unclear documentation and insufficient training.

      1. JassMan

        Re: Pilot Error

        For a really good explanation of "pilot error" and causes of aircraft incidents, I can really recommend the Youtube Channel called "Mentour Pilot". He has just the right mix. He also shows that often what is called "Pilot error" is "Management error", because the airline owners often don't ensure that everything is working perfectly, so that not just unforced errors are avoided, but that situations no training can ever provide for, do not occur. One case was when an aircraft had had the aileron controls reversed in the backup systems. It took the pilots over half an hour to discover a combination of throttle control and aiileron trim to be able to stop porpoising, but eventually they were able to return to an airfield safely. It turned out that the instructions for aileron control replacement had been ambiguous. Mechs who had been on factory training didn't pick it up because they treated the instructions as a reminder, but staff whose management hadn't sent them on a manufacturer's course had to guess and in this case guessed wrong.

        1. PhilBuk

          Re: Pilot Error

          I'll second this. The presenter is a training pilot for his airline and provides detailed explanantions of incidents along with simulations (from FS2020) to illustrate them. He also has a related channel, Mentour Now, which discusses industry issues and technology - there is are a number of videos concerning Boeing's past and current woes.

          Phil.

    4. bazza Silver badge

      Re: Pilot Error

      NTSB reports are indeed well thought out, but are in themselves often inadequate. They won't criticise their bosses.

      With the MAX crashes in particular, if one asks "why?" enought times about the certification you inevitably end up at floor of both the Senate and House of Representatives, where both parties for decades have been cheerfully trimming the FAA's budget. The current crop of politicians has kinda realised that this is partly their fault (which is why the FAA has been given some teeth again). But we all know that this is, one day, going to happen again when a new batch of politicians ask "Why do we put so much money into this federal aviation agency? Crashes don't happen, cut their budget".

      That, coupled with how employment and business incentivisation works in the US these days, is practically guaranteed to recreate the same conditions that lead to the MAX crashes.

      I've not seen anything from the NTSB criticising the politicians, the business / political system or the way they choose fund their agencies, or the politicians' failure to ensure a proper business environment exists to support safety. Afterall, the same politicians fund the NTSB. It's quite evident that the role of US politics in the MAX crashes has been carefully not looked into.

      Minimum safety standards are only enforced if the funding to do so is not controlled by politics and business, but is controlled solely by engineers who know what they're doing. Politicians hate not being in charge of the bank account, but they've got a bad track record of managing it themselves.

      Boeing's Blame Culture

      Meanwhile, Boeing as a manufacturer has a habit of blaming pilots. They tried it with the MAX crashes too, briefly, until it became too obvious that it was their screw up that was to blame. They're still trying to wriggle out of liability, trying to not compensate families of the victims. If they cannot corporately accept that they've screwed up, they cannot corporately adjust themselves to not screw up in the future.

      The problem with Boeing and the mess they're in is that, if you follow the "why" to its conclusion, the result is that the USA is now a bad business and political environment in which to carry out such endeavours. No Boeing CEO can truly adjust how the organisation works, because the shareholders won't let them.

      It's interesting to consider the control a CEO / Chair has on a company. Steve Jobs famously had a vice-like grip on what Apple did, and what it spent its money on. Despite having more money than it knew what to do with, Apple under Job's stewardship didn't really pay dividends. Jobs wanted the money for his own reasons, and had sufficient control of the company and shareholders that what he said went. However, I can't really see that kind of mangement control of a company existing anywhere in the USA these days. If a strong Boeing CEO stood up and said "right, I'm going to sort this mess out and you the shareholders are going to pay for it", they'd be out within the day. Far better for such a person to set up a privately held competitor.

      I can understand why some company bosses try and take the business they work for private; better to have private owners who "get it" rather than suffer the vagaries of public ownership. It also explains why some corporate set ups have hardly any voting shares, though that's pretty unhealthy.

      1. anothercynic Silver badge

        Re: Pilot Error

        Well, Jobs took a leaf from Amazon's playbook, in that he didn't pay dividends a lot so Apple had money for R&D without having to ask shareholders for permission.

        You see, that's what Bezos did in the early days of Amazon... it annoyed the living hell out of Wall Street that he didn't, but he didn't care. In fact Amazon has *never* paid one. That's how Amazon was able to grow, build and perfect its processes that drive the company's growth today. The value in Amazon is now in the shares. If you want to make money, sell them.

    5. Mike Pellatt

      Re: Pilot Error

      I also recommend reading RAIB (Rail Accident Investigation Branch) reports.

      In this case, though, you will see a recurring theme of "we've already discovered what the industry should do, but they STILL haven't done it" (e.g. zero hours contracts for staff working for contractors so they inevitably have multiple jobs and are fatigued when working on safety-critical tasks) or, even worse, the lessons learnt after the Clapham disaster being forgotten so another one is on the cards.

      1. anothercynic Silver badge

        Re: Pilot Error

        RAIB and AAIB reports are very good at pointing out things... Neither organisation is attached to/captured by a manufacturer, so they are free to point fingers where it's necessary.

        AAIB and the then ARB (now the CAA) were also key drivers behind forcing Boeing to make several changes to their planes before they were first allowed into UK airspace over the years. The 707 had, according to the ARB, "insufficient yaw control, excessive rudder forces, and the ability to over-rotate on takeoff", which required structural changes to the vertical stabiliser and the addition of a ventral fin. The former was then retrofitted to *all* 707s, the latter only to a certain subset (which included BOAC's models). Of course, the whole rudder forces problem remained around in various forms, including the runaway trim on the horizontal stabilisers in the tail, which Boeing got several Airworthiness Directives for over the years...

  7. imanidiot Silver badge

    "The people at the top worked hard to get to leadership roles and become resistant to change. Shifting culture therefore needs to start with new recruits."

    I categorically disagree. Because the new recruits are never going to "get it" when the leadership doesn't accept just culture. This is a change that needs to come from the top (or at the very least from the middle management layer) and if the current leadership doesn't want to adapt they need to be removed and replaced.

    1. Marty McFly Silver badge
      Facepalm

      I would say even higher than that. The Board of Directors needs to resist the desire to eject executives when a bad day happens.

      CIO = Career Is Over

      CISO = Career Is Seriously Over

      It is no secret that CIOs & CISOs have an expiration date stamped on their backside. They get three years in and it is slash & burn on expenses. Then parachute out with a big bonus. Cleaning up the mess is their replacement's problem. But for the first two years, the replacement gets to run to the Board and blame their predecessor for everything. And then in their third year....

  8. ComputerSays_noAbsolutelyNo Silver badge

    Apart from stopping to blame pilots: regulation, and that's unlikely to happen

    Being grounded by the FAA, or any other large aviation regulator, is a pretty strong incentive to stop ones planes from crashing.

    However, I can not imagine any regulation nearly as strong in the IT sector, so the problem will persist.

    It also doesn't help that bits and bytes are quite invisible. While it's hard to hide the crashing of plane, even those that simply vanish from the face of the earth create quite some media attention.

    Your personal data gets stolen or simply leaks away from an IT biz?

    Nobody will be any wiser until the data is up for sale on some forum or it is being actively used by malicious actors.

    And even then, you have no indication who lost your data, or worse, the malicious use does not get noticed.

    Cyber-security is inherently different to physical aviation safety. Massively so.

    While there surely are valid lessons to learn from an established well-working safety-culture, I am afraid that the whole IT biz isn't susceptible to work safety consciously. After all, "move fast and break things" and "fake it til you make it" seem to be the among the driving dogmas of the industry.

    1. JassMan

      Re: Apart from stopping to blame pilots: regulation, and that's unlikely to happen

      "While there surely are valid lessons to learn from an established well-working safety-culture, I am afraid that the whole IT biz isn't susceptible to work safety consciously. After all, "move fast and break things" and "fake it til you make it" seem to be the among the driving dogmas of the industry."

      I think that was the point of the article. There NEEDS to be a change of culture in tech businesses along the lines of the Airline industry so that coding errors, rights misadministration, hardware configuration, etc can be reported on a no blame basis in order to IMPROVE data safety and security. Too many tech businesses are in the "get rich quick" industry and hang the consequences for the users. Until there is some means of regulation that levels the playing field, the Googles, Metas, AWSs etc and all the middle league bizes will just keep on keeping on.

      Mind you I think a good place to start would be training up politicians so that they know what they are talking about, before they re-utter the famous adage "we need a back door in encrypted internet traffic". If anyone is going get regulators working on the problems, they at least need to know the questions to ask.

  9. trevorde Silver badge

    Management response

    YOU'RE FIRED!

    Elon Musk

    1. EarthDog

      Re: Management response

      I think he stole that from "The Orange Man"

  10. Anonymous Coward
    Anonymous Coward

    National Health Service?

    Just imagine, we could spend money on caring for people instead of propping up a compensation industry.

  11. graeme leggett Silver badge

    You mean "Just Culture" as set out here

    https://www.england.nhs.uk/patient-safety/a-just-culture-guide/

  12. Boris the Cockroach Silver badge
    Boffin

    When the cyber

    safety meets the real world is down on our production cells

    As a result, our methods are "Something has gone wrong , why did it go wrong"

    Rather than "someone screwed up... fire him/her"

    Because the former way finds out the mistake, and finds a corrective action for us to follow, so we can show the customers affected(if any) that we know what we've done wrong and have a plan to avoid such failures in the future, but the latter way , while quicker and more satisfying(especially if I'm allowed to do it), does not cure the error in procdures that caused the failure in the first place.

    Plus the fact that we dont fire for such failures means the people responsible for it say "Yupp, I/we f'ed up" rather than trying to hide it (and the customer finding it out.... )

  13. Adam Trickett
    Boffin

    Medication errors

    I used to work for a medical device manufacturer. Death or injury because a human pressed the wrong button on a device is far too common. In the US it tends to lead to very expensive law-suits, less common in Europe, but in either continent death or life changing injuries isn't something you want to happen.

    The business spent a lot of money trying to make the devices idiot proof, and you'd be surprised how ingenious idiots can be. Making software that is safe and not annoying is harder than you'd think. Some drugs are very weight sensitive, so a safe dose for an adult can be radically different for a baby. A device that is configured with an adult's typical weight could be lethal in a neonatal clinic, etc...

    I wasn't directly involved in the safety software, but I worked with people who were and saw the papers published in the medical journals. Some of the advice that was given out to medical staff was so bizarre that it's amazing how few accidents there were, but over time, with a holistic approach and moving away from a blame culture, things have improve. Not saying it's perfect, but transparency from all parties is important, and also accepting that even the best people will make errors, so processes need to be robust enough to cope with someone being a factor of 1000 out...

    I think we've all seen absurd password policies that don't help security, annoying, but bad polices for medical devices or aeroplanes can kill...

  14. EarthDog

    Never play the "blame game"

    It's unprofessional and gets you nowhere. I've worked in almost every aspect of software development over the years, including QA. QA should never be used as punishment, instead the attitude should be "let's work together to make better software".

    If you find yourself working in a place where blame is matter of course, get out. If you are working in QA and interviewing for a job and they want you to be confrontational, don't take the job. Likewise if you are taking a role anywhere else in development and they imply QA is their police force, don't take the job.

    In fact the same is true of almost any work place.

  15. wub

    The Howard Cosell Syndrome

    My apologies to William Macomber, a philosophy professor I had in college if I get the details wrong. In the process of attempting to teach undergraduates something about Greek philosophy, he used what was then a recent incident anyone would easily recall.

    At the 1972 Olympic games, someone failed to notify an American team about a last-minute change of venue (or time of event). At any rate, the whole team forfeited because they failed to show up to compete. This human error caused a great deal of righteous outrage, and among the loudest and most indignant voices was Howard Cosell's.

    What Professor Macomber attempted to show us was that in "ancient Greece" there was a very different cultural belief about the nature of human free will. Mistakes we would attribute to an individual making an unforced error were viewed as having been caused by one or another of the gods, and the individual was considered to simply be the agent through which that god was operating at the time. Sounds a bit fatalistic, in the sense that in that view the mistake could not be prevented by any amount of planning or redesign. But it is interesting to consider that an entire nation could potentially hold a different view on the need for and application of blame. There would have been no Howard Cosell running around shouting for someone to be punished.

  16. Sparkus

    The Big Difference....

    When/If pilots eff-up, they themselves can die.

    When a CIO/CISO eff-up, well, no personal or professional accountability means they can just move on and keep making the same dumb/criminal mistakes.

    1. EarthDog

      Re: The Big Difference....

      you forgot "after obscene bonuses".

      1. ecofeco Silver badge

        Re: The Big Difference....

        ...and the golden parachutes.

  17. Claptrap314 Silver badge

    Huh?

    First, and maybe I've been "lucky", but blameless post-mortems have been the standard everywhere I've been since 2013. In fact, the blame game, as it relates to security failures, hasn't been a thing for much longer than that.

    Second, culture has never been ground-up. It flows down. Always has, and it always will.

    Third, "culture", at least internal to a company, can never properly address security as it relates to code--at least, not if the company intends to stay solvent, barring heavy regulation. As I continue to stress, the proposition that a given piece of code does what it is supposed to do, and nothing else, is at least equivalent to a master's in mathematics. The cost is more than consumers are willing to bear.

    So, yeah, I'm pretty much in agreement with that heavily-downvoted first post--we've been fighting this for decades. Don't assume that you have some sort of genius solution that we're not already working.

  18. mpi Silver badge

    We live in a world...

    ...where people get fired, because the companies who hired them spent money like no tomorrow in a zero-interest overblown market, and then fire them by the tens of thousands when the market dips slightly (calling the current situation a depression is depressing when comparing it with actual economic crashes) just so the richest portion of their shareholders stop getting nervous.

    Given that this is the reality, how exactly are we supposed to implement culture changes, hmm?

  19. bazza Silver badge
    Coat

    No Blame Culture?

    I thought the software industry already had a no-blame culture. I've read some EULAs, there's absolutely no way anyone is going to accept any blame under the terms of any of them...

  20. ecofeco Silver badge

    Default condition

    When admitting to an error isn't seen as a failure, improvement easy to achieve, says pilot-turned-CISO

    Yes but never admitting fault is the default human condition, isn't it?

    (yes, that's a rhetorical question)

  21. RichardB

    Dekker

    Would be nice to give a little credit at least to Sydney Dekker, especially since you mention one of his books "Just Culture".

    The Field Guide to Human Error is also an excellent eye opener, and to really rub it in take a read of Dietrich Dorners book The Logic of Failure.

    These have been around some time, and have a huge impact on how we can choose to operate IT systems safely.

  22. The Vociferous Time Waster

    No blame culture in aviation

    Y'all never watched Sully?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like