One Number to Rule Them All (1- Operations)
In the field of risk management, one number is particularly functional, the number “Three”.
The third cigarette
If you know the American folk adages, or if you have been in the army, especially at a time when smoking was not discouraged, but cigarettes provided within the combat rations, you know that you should never light three cigarettes at a time. It is considered bad luck in the civilian world and a deadly move according to the military sayings.
There were rationals behind this precept:
The light of the first match is visible from far in the night and alerts an enemy sniper of your presence.
At the second light, the sniper aims his rifle.
He shoots at the third...
This lesson was tragically learned at first in the trenches of WWI, but it is still common sense passed to the young recruits around the world.
The ubiquitous “Three”
We all know the universal symbol of warning: the triangle.
But why this number three is so closely associated with the risks and crisis, safety, and security matters?
At first, let’s recognize that “Three” is deeply intertwined with our cognition:
Scientists might explain it from the tri-dimensional experience of our environment.
Linguists will point out the fact that in some languages, the expression of the numbers was limited at: “one, two, three, many.”
Anthropologists will teach us that a primitive social classification follows a “Three” based pattern: “Me, Us, Them.” The third element is the external one, therefore the bearer of unknown and threats.
Geometers will explain that a triangle is the most stable base.
Architects will admit that there is something more aggressive in the sharpness of the triangle’s summits than in any of the other common shapes, circle, rectangle, or square.
Historians will remind us of the countless occurrences of the number “Three” in mythologies and religions, in cultures from all around the world. Even in our daily life, the number Three is often involved in the bad luck / good luck tension, for example, the positive 3 (“san” sounding like “alive”) opposed to the negative 4 (“si” sounding like death) in Chinese culture, the English “Third time’s the charm,” or the “Jamais deux sans trois” in France (never a second without a third).
Beyond these deeply rooted explanations, there are practical considerations to explain the importance of the number “Three”. We are going to present some in three parts : Operations (first part), in Information (second part), and Organization (third part).
TEST YOUR SENSITIVITY TO RISK: DO YOU SEE IN THE PICTURE ABOVE WHY DESPITE THE 3 CARABINERS, THERE IS NO REAL REDUNDANCY? (Answer at the bottom of this page)
1- in Operations
The real redundancy
As one of my old instructors used to say:
“One is Zero, Two is minimal, Three is optimal.”
In short, this explains everything. In risks management, redundancy or backup are a must. But what is the value of a redundancy that is not itself redundant? We are not playing with words here. With a single redundancy, in case of failure in the current system, (first layer), once the second layer has been activated, the system is exposed by definition. Therefore the running time on the secondary should be extremely limited, but this situation will often last for a while, with a maximum risk, if there is no third layer. This tertiary level provides the real redundancy, when after one failure, the system remains unexposed.
Deeper testing with three challenges
A series of three “What if?” is an effective way to put to test any system pretending to protect a specific target from a specific harm.
Most of the professionally designed systems will pass the test of the first '“What if?” with flying colors. The system works, if the expected threat materializes. The real challenge starts with the second time, insisting with “and what if?”.
These protective systems are generally conceived with a specific threat in mind, what is considered the most probable scenario. So, after the satisfactory answer to the first “What If?” testing this case, it is necessary to evaluate the response in case of a deviation of this most probable threat, differences in angle, speed, date, time, weather, actors, weapons, etc… This is the purpose of the second “What if?”.
And the challenge goes deeper, as the third “What if?” will assess the answer to something different, not a variation of the most probable scenario, but a new concept of attack, a blind spot, a multiple event, etc.
It is not a comprehensive evaluation but a field proven tip: 1-test the scenario, 2- test the deviations of the scenario, 3- test out of the scenario.
A real story
The Company: “The recipe of our new product must be kept secret from our competitors, we have organized our work in such a way they cannot steal it.”
Q1: “What if a thief tries to enter the lab where is kept the recipe?”
A: “It is in a safe, only our team can access it.”…. Test 1 passed: basic scenario.
Q2: “What if the thief gets recruited, or a team member is paid or blackmailed?”
A: “Nobody in the team knows the full recipe.”…. Test 2 passed: variation of the basic scenario.
Q3: What if someone accesses your accounting books where all your suppliers’ invoices are stored with plenty of details on specifications and quantities?
A: “… Oh my!…”… Test 3 failed, another scenario, not an attempt to access to the recipe itself, but to valuable pieces of information openly exposed in another department of the Company.
Answer: all 3 carabiners are hooked on one single cable, potential single point of failure.
Our “TAPS Tips” (like in “short advice” or “summit of the mountain”) are summaries or examples, featuring topics of general interest as simplified illustration of the content of our Total Awareness Training System.
The INT2PLAN Team