Magazine article Security Management

End of an Error. (System Analysis)

Magazine article Security Management

End of an Error. (System Analysis)

Article excerpt

Los Alamos National Laboratory's security team aims to eliminate threats to national security resulting from human error.

"To err is human," wrote poet and commentator Alexander Pope in 1711 in his Essay on Criticism. This is still true today despite the assisting technologies developed in the interim. Security practitioners must know how to investigate and evaluate employee errors as a first step in reducing their frequency and consequences. Los Alamos National Laboratory (LANL) has applied human error analysis and mitigation techniques to security operations to cut error rates.

LANL'S SECURITY DIVISION enlisted the participation of human error, safety, and organizational effectiveness experts in implementing this program, which focuses on eliminating threats to national security resulting from human errors. It does not address either external threats posed by criminals, terrorists, or spies, or insider espionage or sabotage; LANL has other programs in place to deal with such threats.

Incident categorization. Few accidents or security and safeguards (S&S) infractions are caused by workers trying to harm themselves or the company. Instead, the human errors that underlie most accidents and infractions result from ineffective system conditions or processes, or from individual employee characteristics. These mistakes are known as system induced human errors, and they can be dramatically reduced through systems analysis, human error assessment, and mitigation techniques.

Thus, the first step in this program was to define and properly categorize the types of security incidents that had occurred. For example, "Improper Trans mittal of Classified Information" was the original incident category LANL used to describe such events as the mailing of classified material that has been improperly sealed or an incident in which an e-mail with a classified document attachment was sent over a nonsecure server. However, since the conditions, actions, and applicable requirements may be substantially different between these two examples, the use of a common descriptor makes it more difficult to accurately analyze the factors that contributed to either occurrence. Instead, subcategories such as "Improper Packaging: Classified Documents" and "Improper Transmittal: E-mail" could be employed.

One way of assessing errors is to distinguish between actions performed properly, errors of commission (something done incorrectly), and errors of omission (something not done at all). Subcategories can also enable analysts to note when a task is done correctly but at the wrong time or when there is a failure to perform one step of an operation. An alternative approach might be to sort errors according to whether the tasks can be accomplished without conscious control (skill-based), whether the task requires a knowledge of mentally stored rules or procedures (rule-based), or whether it requires the application of thought, planning, or reasoning (knowledge-based).

No one taxonomix approach is inherently correct or incorrect, nor universally better or worse. It depends on the application.

Based on the kinds of incidents encountered at LANL, the S&S human error mitigation program currently focuses on five kinds of situations, the first four of which are errors and the last of which is a category of breaches:

* Unintentional acts ("I didn't mean to do that.")

* Unintentional failures to act ("I forgot to do that.")

* Intentional but incorrect acts ("I thought that's what I was supposed to do.")

* Intentional but incorrect failures to act ("I didn't think I was supposed to do that.")

* Deliberate but not malevolent deviations from required policies and practices ("I thought that was a better or faster or simpler way to do that.") These acts are termed "breaches."

Both errors and breaches can occur individually or in combination. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.