Airplane Engine Fire at 5,000 Feet! What now?
So we’re climbing to 5,000 feet and the instructor says there’s an engine fire, what are you going to do?
I grab the checklist, quickly scan to find the “ENGINE FIRE IN FLIGHT” section and execute the seven items on the list. At this point I’m feeling pretty good that if this was the real thing, I could find the checklist quickly and accurately follow the seven instruction items.
Then the instructor asks, “Are you going to put an emergency code into the transponder?” The transponder is the piece of equipment you use to advise air traffic control that you have an emergency. I’m thinking to myself, I can do that, but what’s the emergency code? Oh yeah – 7700 – got it! And I mutter, “Yep, I would enter 7700 into the transponder.”
Then the instructor reminds me that I should probably communicate with someone too. I say, “Right, emergency frequency is ah… yeah, 121.5MHz, so I’ll set that into the radio and declare an emergency.”
He asks me, “What else can you do to try to extinguish the fire?” I’m confused because it didn’t say anything about this on my checklist. The instructor notices this and says “maybe you could do a steep turning dive to the left to try to extinguish the flames, because turning to the left will help the smoke go down the right side of the cabin. It may allow you to still see out the pilot’s left window.” Ah, great idea, so I push the yoke forward to drop the nose and start a left-hand turn to gain airspeed, making sure to keep the airplane slower than the “never exceed speed.” You also want to get the plane on the ground as quickly as possible if you’re on fire.
The instructor then asks, “Okay, where you going to land”? I think, okay the wind was reported as blowing from the….I have to think for a moment which direction the wind was blowing from when we took off? If I remember correctly it was from the north when we left the airport so I should pick a field where I can land into the wind. I point toward the airplane’s wind screen and say “Let’s set down in the field that is situated in a north/south direction and we’ll land towards the north and in this field with major obstructions.” I knew we should land into the wind to decrease speed across the ground and touch down as slowly as possible. I also spot a small town that I fly towards so I’ll have a shorter walk to lunch, because the simulation has stressed me out and I’m tired. But the instructor has other ideas. “Okay, good, but let’s climb and do it again. You need to perform smoothly when we’re training because you’ll face additional pressure when it’s for real.”
The first time I ran through this scenario, it was overwhelming. Where did I put the checklist? Where is the emergency procedure for “ENGINE FIRE IN FLIGHT” on this two-page laminated checklist? What should I be doing with the airplane while I’m trying to read and follow the checklist? Why doesn’t the checklist cover communicating and aviating tips? I felt overwhelmed and wondered if I would ever get it right. Eventually I got through this scenario, but then the instructor asked, “Okay, but what do you do if oil is splattering on the wind screen and you can’t see forward? That’s not going to be in your emergency checklist but what would you do?” I thought “Oh no! How will I ever remember what to do when the scenarios change? How can I get the training to stick”?
There were two things I learned from my pilot training that I found to be true with any kind of situational training. The first is that working through and mastering “possible or basic” scenarios allowed me to gain enough experience and wisdom to apply to different situations that I hadn’t seen previously. If I learned the fundamentals of a subject, I could apply what I learned to figure out other scenarios that I hadn’t specifically trained for and adapt to abnormal situations.
The second thing I learned is that you must eventually apply pressure during a training exercise if you want to grow from it. What do I mean? In the Operations Technology (OT) cybersecurity profession, you will eventually be placed in an environment where you will face the pressures of dealing with a process that is not responding appropriately, restoring a system after it has been compromised, or meeting project deadlines. Once you survive one of these real-life scenarios, you will respond differently to the next crisis. With pressure and experience comes maturity and growth. Eventually the pressures that affected your performance will change. They may not be as intense during the next scenario, or you may perform the exercise more quickly and be better able to internalize the pressures. What I can say for sure is that during the real scenario there will be pressure. That said, you should train as if it is the day when the scenario is real.
The ICS612 Day 5 Challenge
All of this brings us to our ICS612: Cybersecurity In-Depth Day 5 Challenge. For the first four days of the course, we train with our PLCs, HMIs, firewalls, a multitude of operational support servers, and monitoring equipment. By day four, we have worked through the fundamental learning objectives of the industrial control system (ICS) assets we have in our factory. A SANS instructor has led us through the different scenarios that we might face, and now we’re ready to face the final challenge.
At the close of day four the instructor says, “Okay, leave your student kits on your desk. Tomorrow you’ll come into the factory where the equipment will be non-functional, and you’ll work to get your part of the factory running, then work as a team to get the entire factory running. Some physical issues and cyber anomalies will have occurred, and you’ll have to find and correct them. You’ll have to work through persistent attacks as we get the factory operational. So sleep well and come in rested, because tomorrow may be a bit stressful, but it will be fun, too, and for sure it will be educational.”
The ICS612 Day 5 Challenge was created for you to apply your knowledge and skills to a situational training environment while subjecting you to some operational pressures. Learning a new skill does require instruction, but eventually situational pressure needs to be added to the training regimen so that you can see how you would perform when you’re “on the job.” Take note that a hands-on industrial training exercise by definition often includes physical component malfunctions. If you’ve been around a factory or plant long enough, you know that industrial downtime often has nothing to do with malicious tampering with a cyber element, but rather is simply a malfunction of a mechanical system. You have to know what the physical elements are supposed to be doing in order to deduce such a system malfunction. It’s also important to include mechanical elements in our Day 5 Challenge because OT cybersecurity professionals should be able to converse with field technicians and mechanical and process engineers in order to understand system behavior before assuming a problem is a cybersecurity issue.
In sum, whether you are flying an airplane or applying cybersecurity controls to an industrial control system, you must master a base level of knowledge in order to be able to successfully think through and deal with advanced scenarios. And you need exposure to relevant training with an experienced instructor – something I mentioned in my last blog posting – so that you can then apply what you’ve learned to different scenarios. The Day 5 Challenge was designed to highlight your growth over the previous four days of ICS612 training and to give you the confidence to return to your workplace and be effective immediately.
In my next blog, I’ll discuss the learning concentrations SANS has selected to give you the widest exposure to the ICS cybersecurity arena.
Hope to see you in class!
Email: jshearer@sans.org
Find upcoming ICS612 training In-Person:
