Risk-based decision making for resilient systems

Reliability Engineering & System Safety, 2017

Resilience has become an important concept in safety and risk research and applications. There are many definitions, but the fundamental idea is that resilience has to do with the ability of a system to sustain or restore its functionality and performance following a change in the condition of the system (referred to as an event). Describing or measuring the degree of resilience is challenging as it is not obvious what events should be considered; also unknown types of events occurring need to be taken into account. Considerable efforts have been made to understand and describe the resilience concept and its relationship to risk, and the purpose of the present paper is to contribute to this work by arguing that to analyse and manage resilience, risk considerations and assessments can provide useful input. Resilience management is not depending on risk considerations and assessments to be effective, but could benefit from such considerations and assessments if properly conducted. They need to extend beyond traditional quantitative risk assessments; broader qualitative or semi-quantitative risk considerations and assessments are needed which highlight uncertainties and the knowledge and strength of knowledge that the uncertainty judgments are based on.

IFIP Advances in Information and Communication Technology, 2010

Resilience is the ability of a system to react to and recover from disturbances with minimal effects on dynamic stability. Resilience is needed as systems and organizations become more complex and interrelated and the consequences of accidents and incidents increase. This paper analyzes the notion of resilience based on a literature survey and an exploration of incidents. In particular, resilience involves the ability of systems to undergo graceful and controlled degradation, the ability to rebound from degradation, the presence of redundancy, the ability to manage margins close to the performance boundaries, the establishment and exploration of common mental models, the presence of flexibility in systems and organizations, and the reduction of complexity and coupling. The paper describes how resilience can be included in system development and operations by considering organizations, technology and human factors. Also, it shows how past strengths and weaknesses can be considered in risk analysis to enhance safety, security and resilience.

2006

Resilience Engineering represents a new way of thinking about safety. Whereas established risk management approaches are based on hindsight and emphasise error tabulation and calculation of failure probabilities, Resilience Engineering looks for ways to enhance the ability of organisations to create processes that are robust yet flexible, to monitor and revise risk models, and to use resources proactively in the face of disruptions or ongoing production and economic pressures. In Resilience Engineering failures do not stand for a breakdown or malfunctioning of normal system functions, but rather represent the converse of the adaptations necessary to cope with the real world complexity. Individuals and organisations must always adjust their performance to the current conditions; and because resources and time are finite it is inevitable that such adjustments are approximate. Success has been ascribed to the ability of groups, individuals, and organisations to anticipate the changing shape of risk before damage occurs; failure is simply the temporary or permanent absence of that.

2007

The aviation industry as benchmark for resilience engineering is interesting only when it can be compared with at least one or a few compelling contrast cases. These industries should have their safety-critical nature in common with aviation, as well as an express willingness to learn from failure. Healthcare delivery, and in particular critical care medicine, is one candidate under consideration for further investigations of resilience engineering in other industries. Another is process industry, or even emergency/rescue services. Contrasting a selection of industries for their efforts to turn lessons from past failures into a broader, resilient future, is necessary for discovering contingent requirements for how to engineer resilience into a complex system. What works for one may not work for the other, or rather, particular measures of resilience (e.g. " preparedness ") may find completely different expressions in different systems. Also, these various industries (or th...

Safety Science, 2011

In recent years, resilience engineering has been given considerable attention among safety researchers and analysts. The area represents a new way of thinking about safety. Whereas conventional risk management approaches are based on hindsight knowledge, failure reporting and risk assessments calculating historical data-based probabilities, resilience engineering looks for ways to enhance the ability of organisations to be resilient in the sense that they recognise, adapt to and absorb variations, changes, disturbances, disruptions and surprises. The implications of this shift in thinking are many. We focus in this paper on the understanding of the risk concept and how risk can be assessed and treated. The traditional ways of looking at risk are not suitable for use in resilience engineering, but other risk perspectives exist. A main purpose of this paper is to draw attention to such perspectives, in particular one category of perspectives where probability is replaced by uncertainty in the definition of risk. We argue that the basic ideas of resilience engineering can be supported by such risk perspectives.

International Journal of Systems Assurance Engineering and Management, 2021

Resilience is about the ability of the system to resist, adapt to, and expeditiously recover from a disruptive event. The first and maybe the crucial step of resilience management is known as resilience analysis. However, there are many obstacles in front of the analyzers to analyze the resilience of systems. One of these obstacles is precise resilience data accessibility. Conventional resilience analysis methods frequently only consider historical data (e.g., time to repair and time to failure). However, to analyze the system resilience more precisely, the effect of the risk factors, which are known as observed and unobserved covariates, should be considered in the collected resilience database. These covariates will lead to the observed and unobserved heterogeneities among the collected database. Ignoring the effect of covariate may lead to erroneous conclusion about the resilience level of the system. Since it is hard to find a homogeneous operating condition, in this study, a formulation is proposed to model the effect of these covariates on complex system resilience. Finally, it is applied to a transportation system of a surface mine.

The goal of this thesis was to determine the substantiation and usefulness of a set of abstract principles and support principles which can be applied in the design and development of systems in enabling the avoidance, survival, and recovery from disruptions caused by both natural and human-made threats. The researcher synthesised these candidate resilience principles and support principles from the analyses and statements of many sources. The starting point for the thesis was the set of principles identified by the researcher in a previous book, Jackson (2010, pp. 159-186). The final set of candidate resilience principles constitutes a more comprehensive set than any individual source would provide. A principal finding was that all of the candidate resilience principles examined were substantiated and useful to the extent that their limitations and system types were considered in the development of the various specific systems. Another finding was that candidate resilience principles, in general, cannot be applied singly to a system but must be combined with other candidate resilience principles to enable resilience. These findings satisfied the goal of the thesis pertaining to the substantiation and usefulness of the candidate resilience principles and constituted the first major contribution. A second contribution was the substantiation of these candidate resilience principles from data for ten case studies and four domains using solutions posed by experts in these domains. The domains examined in this thesis include fire protection, aviation, rail, and power distribution. The researcher extracted the data for these case studies from authoritative reports that met the criteria for independence and objectivity. A third contribution was that the usefulness of these candidate resilience principles varied from domain to domain as demonstrated by the case studies. The concrete solutions proposed by domain experts showed that the recommended improvements in resilience varied across domains. This variation in improvements was called a gap analysis. This gap analysis demonstrated the applicability of the candidate resilience principles to the different domains. A fourth contribution was the development of a model called a state-transition model that can assist the developer in selecting candidate resilience principles and using these candidate resilience principles to develop specific solutions to systems which will enhance their resilience. This model showed that in order to be resilient a system must 20 pass through various states from a normal operational state to a minimally acceptable state and that transitions from state to state will require the employment of one or more of the candidate resilience principles examined in this thesis.

European Journal for Security Research, 2016

Resilience engineering can be defined to comprise originally technical, engineering and natural science approaches to improve the resilience and sustainability of socio technical cyber-physical systems of various complexities with respect to disruptive events. It is argued how this emerging interdisciplinary technical and societal science approach may contribute to civil and societal security research. In this context, the article lists expected benefits of quantifying resilience. Along the resilience engineering definition objectives, it formulates resilience optimization or minimization problems, which can be further detailed, e.g. in terms of resilience chance optimization. The main focus is on four types of approaches to achieve resilience quantification: (1) qualitative/quantitative/analytical resilience assessment processes and frameworks, (2) probabilistic/statistical static expansion approaches, (3) resilience trajectory/propagation/dynamic approaches, and (4) complex system resilience modeling, simulation and analysis. The article comprises for each quantification option its motivation, a top level derivation as well as formal, tabular, schematic or plot-wise representations, as appropriate. For each approach, a list of application examples of methods are given that could implement the resilience quantification. In particular, the article introduces the concepts and notions of resilience expansion order analysis, resilience transition matrix elements, generation of time-dependent resilience response curves, indicators and distributions, resilience barrier, and resilience tunneling or equivalently resilience gap and resilience bridging, as well as resilience quantity probability density.

Journal of Risk Research, 2012

Risk, vulnerability, robustness, and resilience are terms that are being used increasingly frequently in a large range of sciences. This paper shows how these terms can be consistently defined based on a decision-theoretic, verbal, and formal definition. Risk is conceived as an evaluation of an uncertain loss potential. The paper starts from a formal decision-theoretic definition of risk, which distinguishes between the risk situation (i.e. the risk analyst's model of the situation in which someone perceives or assesses risk) and the risk function (i.e. the risk analyst's model about how someone is perceiving and assessing risk). The approach allows scholars to link together different historical approaches to risk, such as the toxicological risk concept and the action-based approach to risk. The paper then elaborates how risk, vulnerability, and resilience are all linked to one another. In general, the vulnerability concept, such as the definition of vulnerability by the Intergovernmental Panel on Climate Change (IPCC), goes beyond risk, as it includes an adaptive capacity. Thus vulnerability is mostly seen as a dynamic concept that refers to a certain period of time. If the vulnerability of a system is viewed only at a certain point of time, vulnerability equals risk. In contrast, if we consider dynamic risk in the sense that we include actions that may follow adverse events, risk resembles vulnerability. In this case we speak about adaptive risk management. Similar to vulnerability, resilience incorporates the capability of a system to cope with the adverse effects that a system has been exposed to. Here we distinguish between specified and general resilience. Specified resilience equals (dynamic) vulnerability as the adverse events linked to threats/hazards to which a system is exposed to are known. Robustness can be seen as an antonym to (static) vulnerability. General resilience includes coping with the unknown. In particular, the approach presented here allows us to precisely relate different types of risk, vulnerability, robustness and resilience, and considers all concepts together as part of adaptive risk management.