Resilience Analysis for Engineered and Infrastructure Systems Under Deep Uncertainty or Emergent Conditions

In this paper, we discuss a proposed resilience analysis metric for measuring resilience based on three resilience capacities: adaptive capacity, absorptive capacity, and recoverability. The proposed resiliency factor and uncertainty-weighted resilience metric may enable planners and managers to explore the performance of engineered systems under deep uncertainty by encoding assumptions about the resilience of engineered systems to highly improbable, catastrophic events in an entropy-based approach. We discuss how our metric might promote the development of methodologies for investigating “deep” uncertainties in resilience assessment while retaining the use of probability for expressing uncertainties about highly uncertain, unforeseeable, or unknowable hazards in design and management activities using a computational example and discussion of practical difficulties in the implementation of our resilience framework. cussion, while also suggesting the use of the proposed metric in situations of deep uncertainty. This paper has two primary objectives. 2.1 Objective 1: Synthesis of a new resilience perspective This paper is a discussion paper aimed at synthesizing a new resilience perspective from tools developed in the fields of deep uncertainty, decision analysis, and reliability analysis. 2.2 Objective 2: Propose a quantitative approach to facilitate creative deliberation We argue that the most important difficulty in developing resilience theories is facilitating creative deliberation about potential adverse scenarios. 3 SYNTHESIS OF SYSTEM RESILIENCE UNDER DEEP UNCERTAINTY 3.1 Approaches to Deep Uncertainty The shortcomings of SEU theory addressed by deep uncertainty have been acknowledged for some time in the research community. Several quantitative techniques have been developed. Here, we discuss modeling to generate alternatives, portfolio evaluation and info-gap theory, and resilience analysis. 3.2 Modeling to Generate Alternatives One of the first approaches to evaluating alternatives in the presence of deep uncertainty was modeling to generate alternatives (MGA) using the “hop, skip, jump” (HSJ) algorithm (Brill et al. 1982). MGA was designed to construct a set of alternatives similar to one another in objective space (e.g., obtained similar scores on a multi-objective scoring function) but strikingly different from one another in decision space. Under this circumstance, SEU theory may not only fail to account for slight differences in preference structures, but also may fail to give the analyst the ability to identify alternatives robust to variations in underlying model assumptions or stakeholder preferences. Many similar techniques are now built using genetic algorithms, genetic programs, particle swarm optimization, ant colony optimization, or other bio-inspired techniques in which a population of near optimal solutions are identified. The principal insight contributed by the MGA approach is the use of modeling to facilitate creative interpretations of decision contexts. Creative interpretation of the decision context is achieving a thorough search through the potential futures to identify events of concern, then identifying the consequences of those events of concern. Because well-tested systems exhibit an increasingly large share of their failures in the tails of the event generation models, this creativity in exploring the decision situation is of utmost importance. 3.3 Portfolio Evaluation and Info-Gap Decision Theory The main advance of current approaches to deep uncertainty compared with MGA is the focus on the construction and interpretation of models designed to represent the extreme conditions to which the complex engineered system may be exposed. To this end, techniques such as robust decision making (Lempert & Groves 2010), info-gap theory (BenHaim 2006), and portfolio evaluation (Karvetski & Lambert 2012) can provide better decision support than modeling to generate alternatives. Portfolio evaluation and info-gap decision theory embrace a non-probabilistic approach to exploring the responses of engineered systems to possible futures. In portfolio evaluation, deep uncertainties are considered stakeholder viewpoints that may have important differential implications for the desirability or performance of investments. On the other hand, info-gap theory evaluates the robustness and opportuneness of system performance under a range of possible deviations from the “best-guess” scenario. The ranges of plausible deviations are called “frontiers,” and are not treated probabilistically. Instead, the system performance is simulated for each plausible frontier, an opportuneness curve (optimum for each frontier) and robustness curve (minimax for each frontier) is obtained. 3.4 Incorporating Resilience Into Deep Uncertainty Evaluation In incorporating resilience into the evaluation of alternatives under deep uncertainty, a few insights may be available. First, the influence of subjective uncertainty, even when the form of the model and its true parameters are not available for validation, may be useful proxies for preparedness and overconfidence. The entropy metric may present a useful way to combat overconfidence in a decision support situation because it will “penalize” the importance ranking of potential alternatives based on the extent to which stakeholders cannot agree on a model for the plausible futures. This disagreement may encourage deliberations where such model critique may not have taken place. In situations where a decision support tool automatically generates potential alternatives from possible futures, ensembles of models and fault generation techniques can be used to explore the conditions to which a system may be exposed through the use of popular computing techniques, including those mentioned above. For example, Monte Carlo simulation can be used to explore the joint posterior distribution for hazard generation, fault occurrence, and consequences of adverse events. The entropy-weighted metric can then enable prioritization of resilience investments via weighting the performance aspects of the resilience metric with the extremeness of the event’s possibility. Finally, the degree to which we are surprised by an event may be a reasonable proxy for the maximum attainable preparedness for an event. The future preparedness cannot be observed, nor can subjective beliefs about preparedness be validated, but incorporating surprise into a metric used to prioritize investments may enable analysts to operationalize the idea that we cannot fully prepare for an event we cannot even anticipate. 4 A PROPOSED FRAMEWORK AND METRIC FOR SYSTEM RESILIENCE 4.1 The Resilience Capacity Framework Underlying differences in existing resilience definitions, in most cases, can be attributed to differences in their description of resilience capacities. In addition, resilience capacities may be confounded with the factors that affect their attainment and are often included in defining resilience. In this section, we operationalize our definition by developing a resilience assessment framework. This framework, illustrated in Figure 1, consists of five components: system identification, vulnerability analysis, resilience objective setting, and stakeholder engagement and resilience capacities. System identification entails: definition of the system domain; delineation of fundamental and strategic objectives; identification and characterization of physical, chemical, spatial, or social characteristics; and identification of analytical goals and objectives. Because the occurrence of disruptive events cannot be perfectly predicted due to epistemic or aleatory uncertainty, it is important to evaluate the vulnerability of the system to plausible disruptive future events. To account for dynamic conditions, vulnerability analysis at regular intervals is a key to proactively identifying disruptive events and continuously learning from incidents. Iterative, continual assessment of the system’s resilience may enable proactive identification of vulnerabilities. Moreover, this practice facilitates continual critical evaluation and refinement of the organization’s risk model, with the recognition that in complex systems catastrophic failures may be inevitable. The ultimate goal of resilience is the continuity of system performance. Desired system performance is to be defined according to the fundamental objectives obtained in system identification. These fundamental objectives guide the analyst or organization through the navigation of multiple objectives extant in normal system function. A certain set of resilience actions may be delegated on the basis of system recovery priorities. For example, in resilience analysis the decision context for resilience actions might be limited to a predetermined time immediately following system disruption. In this way, the analyst or organization may evaluate resilience actions in a different frame from their overall strategic decision processes. Some researchers suggest complex engineered systems should adapt to their changing environment by permitting some critical system functionality to expire while new system performance characteristics emerge (Mu et al. 2011; Park et al. 2012; Park et al. 2011). Finally, stakeholders are an integral part of resilience analysis and management. In the case of critical infrastructure, for instance, the NIAC recommends coordination among varying levels of government and Critical Infrastructure and Key Resources sectors for efficient recovery of regular services during disruption (DHS Risk Steering Committee 2008). In order to facilitate continuous coordination between the private and public sector, the Australian government, for example, has established the Trusted Information Sharing Network, which enables owners and operators to discuss their vulnerabilities in a non-competitive platform (Commonwealth of Australia 2010). The ultimate goal is to effectively coorFigure 1. The “resilience capacity” approach to complex engineered system resilience analysis. This framework consists of five components: System identification, vulnerability analysis (before, during and after disruption), resilience objective setting (identification of goals such as normal performance or basic identity to be achieved or sustained), stakeholder engagement (coordination, cooperation & information sharing) and resilience capacities. The three principal capacities are absorptive capacity, adaptive capacity, and restorative capacity. dinate available resources, skills and past experience against potential disruptions to the performance of the system. 4.2 A Proposed Resilience Metric Others have proposed quantitative resilience metrics based on system functionality (Latora & Marchiori 2005; Henry & Ramirez-Marquez 2012), but we propose some additions to these previous approaches. We propose a resilience metric that incorporates the three resilience capabilities and the time to recovery. This metric has been described in detail by the authors in Francis and Bekera (Francis & Bekera 2013). Much of the discussion here is adapted from that exposition. Let Sp be the speed recovery factor, Fo the original stable system performance level, Fd the performance level immediately post-disruption, Fr* be the performance level after an initial post-disruption actions have been undertaken, and Fr be the performance at a new stable level upon completion of all recovery endeavors. Moreover, assume that these quantities are reflective of specific organization’s background knowledge, and time of disruption indicated by the subscripts td, and K. Finally, let td be the slack time, tr be the time to final recovery, tr* the time to complete initial recovery actions, and a be a parameter controlling decay in resilience attributable to the stakeholder preferences for time required for system to reach new equilibrium. The basic idea of resilience might be expressed as a resiliency factor, ρi: ρi S p , Fr , Fd , F0 ( ) = Sp ⋅ Fr F0 ⋅ Fd F0 (1)