NEW YORK: A top US security expert and a former FBI agent believes that the “human factor” may have been behind the disappearance of the Malaysia Airlines Flight MH370 aircraft in March 2014; the aircraft’s disappearance remains a mystery to this date despite a vigorous hunt for substantive plane’s wreckage pieces and the bodies of the passengers on board that fateful flight.
While speaking on “Cybersecurity trends and the current cyber threat landscape” on Tuesday at the New York Foreign Press Centre, Edward Stroz, the co-president of Stroz Friedberg, a management firm that specialises in security matters, including cybersecurity, highlighted the plethora of security risks in today’s rapidly-changing technology-driven environment.
Stroz, who formerly worked as an FBI agent and supervised a computer-crime fighting squad at the FBI in New York before co-founding Stroz Friedberg, said that although people enjoy the benefits of technology, risks are also replete in the realm of technology.
Citing the problem of driverless cars, he said that hackers can access the computer system of a car remotely and take control of it. “So they could cause the car to brake, they could cause the car to steer to the right or steer to the left, and that scares a lot of people,” he said.
Though there were “very smart engineers” making such cars, that did not necessarily mean they know everything about how an adversary would compromise it, and “so our firm is often turned to, for example, by other companies when they roll out applications for your phone; they ask us to test it. And I think we have to decide how much risk do we want to take in this area”.
Stroz recalled that in the case of jet airliners and planes, pilots used to fly by much more pneumatic and sort of mechanical connections, and then decades ago they went to “what we call fly by wire which the pilots did not like, but ultimately, with the testing and the rigour, nobody’s even talking about this anymore”.
Asked if he had a theory to explain the disappearance of the MH 370 flight aircraft, Stroz told Bernama that his example about the jetliner was not about manipulation but that there was a time when people were concerned about manipulation.
“If they did not have a mechanical connection between the control surface and the control. If it was not just a wire sending an electronic impulse, some pilots were a little concerned about, hey, is this going to work the way it’s supposed to? So my point was about vulnerability,” he said.
The missing aircraft, which was carrying 239 passengers and crew, vanished on March 8, 2014.
Despite experts never having found the body of any of its passengers, the hunt for the MH370 was officially suspended on January 17, 2017 by officials in Australia.
Only 33 pieces of wreckage were found during the hunt, with investigators searching the deep sea areas near the suspected crash site in the Indian Ocean. The plane’s disappearance fuelled a number of conspiracy theories.
“I only know what I read in the newspaper about the example (MH370 flight aircraft) that you gave, so I don’t have a theory associated with that. I would put one point in here: Whether we’re talking about driverless cars or airliners – it’s not just the risk from the technology; it’s the risk from the way the technology is being used.
“So the human factor, what we call the insider risk, the person who is authorised to fly the plane – and I’m not making any particular point about the Malaysian episode, but we – since we don’t know, we just don’t know. And there have been other episodes where we know that the human factor was the one that caused things to go wrong, that we have to be not just so focused on technology, but the human beings who are running the technology,” he explained.
Stroz said that it was also a question of checks and balances, reminding that this was a reason why there are two seats in the cockpit of an airplane.
“And if one is unoccupied, there are certain protocols to follow to get away from a single point of dependency, not just because there could be somebody doing something intentionally, but what if one person is at the controls and they suffer a heart attack or something were to occur? – and this is how we practice security.
“If there is a single point of dependency, is there something we can do about that? Sometimes there is; but it’s too expensive; and sometimes you just can’t get away from it. But that type of critical analysis is really what has to occur,” he contended. – Bernama