- LATEST BLOG POST
- echo $post_date ?>
- A decade of physical risks generated by industrial systems hacking is featuring a remarkable and worrisome acceleration. Indeed, it all…
- Read More
In this post we keep analyzing some buzz-words and their meaning. Resilience Cont’d (3rd part) is today’s subject. The prior post discussed “antifragile”.
Another buzz-word: resilience.
Following the dictionary, resilience is the ability to become strong, healthy, or successful again after something bad happens (so, it would be a subset of antifragile, as it contemplates return to normality, but not thriving out of the mishap). Resilience is also the ability of something to return to its original shape after it has been pulled, stretched, pressed, bent, etc.
We engineers are always looking into building resilient systems. If a system is robust and reliable and you add resilience then you have a “magnificent piece of design”.
Some authors rightly consider and explicitly state that Risk Assessment/ Risk Management are the first step towards a resilience improvement study, and remain at the heart of any attempt to increase the resilience of a system. They encourage clients to establish Crises Plans/Business Resumption and Continuity Plans, and Disaster Recovery Plans, based on scenarios developed during the RA.
A major difference between a “classical” (meaning “current”) study of risk mitigation and a “pure” (meaning “extreme”) resilience improvement study lies in the fact that the second does not examine the detailed causes of negative outcomes against which one wishes to be protected.
That “extreme” approach sounds however rather simplistic, as shown in the following example: assume that the subject under scrutiny is a ship-loader and that the metric for risk is business/ service interruption (BI). A risk assessment will seek to assess the probability of occurrence of certain BIs and formulate scenarios capable of producing them, then aim to define appropriate risk mitigation measures. A resilience improvement study would instead define what should be done to reduce the impacts of a BI of more than, say, 1,000 hours, regardless of the cause. Of course, without knowing what caused the arbitrarily selected 1,000 hours BI, it would be difficult to imagine how to protect the system! Undoubtedly, if the cause was for example a local fire, which would leave the entire adjacent civilian infrastructure intact, the situation would be different than in the aftermath of a major earthquake or a nuclear accident like the tsunami induced Fukushima incident.
Thus, the only “excuse” to justify the use of “extreme” resilience improvement studies rather than a risk mitigation study seems to be to prepare protective plans for events with a very low estimated probability. As a matter of fact, the slogan used by promoters of this approach is “let’s think about the unthinkable”. In this way “extreme” resilience improvement studies would protect users against the “universal optimism” trend which underestimates the probability of a bad mishap. Unfortunately, humans have short memories and the bad habit of considering common events as “Black Swans” would push users of “extreme” resilience improvement studies to unsustainable mitigative investments. Alternatively, the proper logical risk assessment process, not only defines scenarios and focuses on “thinking about the unthinkable”, but also where “unthinkable events” have a probability. The probability is -p- set at the limit of human credibility (10-5 (one hundred thousand) to 10-6 (one in a million)), a range that is “universally agreed” in many areas of hazardous industries all over the world.
“Extreme” resilience improvement studies bypass the risk scenario definitions and look at possible extreme damages (Consequences-C-) caused by unspecified “catastrophes”. These studies place themselves systematically at the Maximum Consequence level, with probabilities as low as an unspecified “unthinkable” event could be, regardless of the scenario (for example asteroid fall, terrorist attack, etc…). Resilience improvement studies avoid relying on probability estimates, which, if presented improperly or ill-conceived, might give a false impression of precision. Instead they will look to major consequence scenarios, and discuss how to mitigate them.
If this seems to constitute a very conservative approach, it is very likely that it would lead to higher “unjustified” mitigative costs, and almost certainly to biased allocation of funds, compared to what would result from a proper risks assessment taking into account probabilities of occurrence.
Some resilience improvement studies seem however to follow a more balanced process, analysing the hazards, developing a list of possible scenarios, and defining p and C for each scenario. This being said, they generally end up biasing for unspecified small p /large C scenarios.
It can be concluded on this basis, that resilience improvement and risk mitigation studies are virtually identical except for the phase of risk prioritization and decision making/action plan.
Studies should address extant mitigative measures and controls, which are already part of the system’s resilience. A good Risk Management approach must necessarily lead to solutions aimed at increasing resilience to avoid massive and too costly insurance contracts. Incidentally, if an industry is hit by disaster, and is unable to react, thus displaying insufficient resilience, it will have its image severely tarnished, perhaps forever, or, in other words will be in the midst of a very deep crisis!
This view is also supported by other professional groups and researchers including: http://www.cmcc.it/research/research-projects/concluded-projects/freeman , T. Mitchell and K. Harris, Resilience: A risk management approach, ODI Background Notes, January 2012; S. McManus et Al., Resilience Management, A Framework for Assessing and Improving the Resilience of Organisations, Resilient Organizations, New Zealand, Research Report 2007/01.
Let us finally note that none of the elements listed above (Business Resumption/Continuity Plans, Recovery Plans, Disaster Management, etc…) has the power to change the cost of the immediate consequences of an event, but may strongly influence the duration to recovery, which causes a reduction of C. Note also that none of the above alters the value of -p-, whatever it might be.”.