Decision‐Making Analytics Using Plural Resilience Parameters for Adaptive Management of Complex Systems

It is critical for complex systems to effectively recover, adapt, and reorganize after system disruptions. Common approaches for evaluating system resilience typically study single measures of performance at one time, such as with a single resilience curve. However, multiple measures of performance are needed for complex systems that involve many components, functions, and noncommensurate valuations of performance. Hence, this article presents a framework for: (1) modeling resilience for complex systems with competing measures of performance, and (2) modeling decision making for investing in these systems using multiple stakeholder perspectives and multicriteria decision analysis. This resilience framework, which is described and demonstrated in this article via a real‐world case study, will be of interest to managers of complex systems, such as supply chains and large‐scale infrastructure networks.     

Inherent Costs and Interdependent Impacts of Infrastructure Network Resilience

Recent studies in system resilience have proposed metrics to understand the ability of systems to recover from a disruptive event, often offering a qualitative treatment of resilience. This work provides a quantitative treatment of resilience and focuses specifically on measuring resilience in infrastructure networks. Inherent cost metrics are introduced: loss of service cost and total network restoration cost. Further, “costs” of network resilience are often shared across multiple infrastructures and industries that rely upon those networks, particularly when such networks become inoperable in the face of disruptive events. As such, this work integrates the quantitative resilience approach with a model describing the regional, multi‐industry impacts of a disruptive event to measure the interdependent impacts of network resilience. The approaches discussed in this article are deployed in a case study of an inland waterway transportation network, the Mississippi River Navigation System.     

Stochastic Measures of Network Resilience: Applications to Waterway Commodity Flows

Given the ubiquitous nature of infrastructure networks in today's society, there is a global need to understand, quantify, and plan for the resilience of these networks to disruptions. This work defines network resilience along dimensions of reliability, vulnerability, survivability, and recoverability, and quantifies network resilience as a function of component and network performance. The treatment of vulnerability and recoverability as random variables leads to stochastic measures of resilience, including time to total system restoration, time to full system service resilience, and time to a specific α% resilience. Ultimately, a means to optimize network resilience strategies is discussed, primarily through an adaption of the Copeland Score for nonparametric stochastic ranking. The measures of resilience and optimization techniques are applied to inland waterway networks, an important mode in the larger multimodal transportation network upon which we rely for the flow of commodities. We provide a case study analyzing and planning for the resilience of commodity flows along the Mississippi River Navigation System to illustrate the usefulness of the proposed metrics.     

On “Black Swans” and “Perfect Storms”: Risk Analysis and Management When Statistics Are Not Enough

Two images, “black swans” and “perfect storms,” have struck the public's imagination and are used—at times indiscriminately—to describe the unthinkable or the extremely unlikely. These metaphors have been used as excuses to wait for an accident to happen before taking risk management measures, both in industry and government. These two images represent two distinct types of uncertainties (epistemic and aleatory). Existing statistics are often insufficient to support risk management because the sample may be too small and the system may have changed. Rationality as defined by the von Neumann axioms leads to a combination of both types of uncertainties into a single probability measure—Bayesian probability—and accounts only for risk aversion. Yet, the decisionmaker may also want to be ambiguity averse. This article presents an engineering risk analysis perspective on the problem, using all available information in support of proactive risk management decisions and considering both types of uncertainty. These measures involve monitoring of signals, precursors, and near‐misses, as well as reinforcement of the system and a thoughtful response strategy. It also involves careful examination of organizational factors such as the incentive system, which shape human performance and affect the risk of errors. In all cases, including rare events, risk quantification does not allow “prediction” of accidents and catastrophes. Instead, it is meant to support effective risk management rather than simply reacting to the latest events and headlines.     

Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks

This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]     

基于资源共享与子系统交互的两阶段DEA评价方法——兼对我国“一流大学”科研绩效的评价

由于复杂的竞争环境,共享资源下的交互系统组织形式变得越来越普遍,因此有必要开发一种新的方法来衡量这些系统与子系统的效率。针对复杂系统的绩效评价问题,本文提出资源共享与子系统交互的两阶段DEA评价方法予以应对。该方法在测定系统总效率的基础上,运用Stackelberg博弈方法构建模型求解出唯一的子系统(阶段)效率。最后,将该方法应用于我国40所“一流大学”科研系统绩效评价中,评价结果反映出一定的科研系统特征,并验证了该方法的有效性。     

Reframing Resilience: Equitable Access to Essential Services

We urgently need to put the concept of resilience into practice if we are to prepare our communities for climate change and exacerbated natural hazards. Yet, despite the extensive discussion surrounding community resilience, operationalizing the concept remains challenging. The dominant approaches for assessing resilience focus on either evaluating community characteristics or infrastructure functionality. While both remain useful, they have several limitations to their ability to provide actionable insight. More importantly, the current conceptualizations do not consider essential services or how access is impaired by hazards. We argue that people need access to services such as food, education, health care, and cultural amenities, in addition to water, power, sanitation, and communications, to get back some semblance of normal life. Providing equitable access to these types of services and quickly restoring that access following a disruption are paramount to community resilience. We propose a new conceptualization of community resilience that is based on access to essential services. This reframing of resilience facilitates a new measure of resilience that is spatially explicit and operational. Using two illustrative examples from the impacts of Hurricanes Florence and Michael, we demonstrate how decisionmakers and planners can use this framework to visualize the effect of a hazard and quantify resilience-enhancing interventions. This “equitable access to essentials” approach to community resilience integrates with spatial planning, and will enable communities not only to “bounce back” from a disruption, but to “bound forward” and improve the resilience and quality of life for all residents.     

How a System Backfires: Dynamics of Redundancy Problems in Security

Increasing attention is being paid to reliability, safety, and security issues in social systems. Scott Sagan examined why more security forces (a redundancy solution) may lead to less security.⁽ 1 ⁾ He discussed how such a solution can backfire due to three major issues (i.e., “common‐mode error,”“social shirking,” and “overcompensation”). In this article, using Sagan's hypotheses, we simulate and analyze a simple and generic security system as more guards are added to the system. Simulation results support two of Sagan's hypotheses. More specifically, the results show that “common‐mode error” causes the system to backfire, and “social shirking” leads to an inefficient system while exacerbating the common‐mode error's effect. Simulation results show that “overcompensation” has no effect of backfiring, but it leads the system to a critical state in which it can easily be affected by the common‐mode error. Furthermore, the simulation results make us question the importance of the initial power of adversaries (e.g., terrorists) as the results show that, for any exogenous level of adversary power, the system endogenously overcompensates to a level that makes the system more susceptible to being attacked.     

The Concept of Antifragility and its Implications for the Practice of Risk Analysis

Nassim Taleb's antifragile concept has been shown considerable interest in the media and on the Internet recently. For Taleb, the antifragile concept is a blueprint for living in a black swan world (where surprising extreme events may occur), the key being to love variation and uncertainty to some degree, and thus also errors. The antonym of “fragile” is not robustness or resilience, but “please mishandle” or “please handle carelessly,” using an example from Taleb when referring to sending a package full of glasses by post. In this article, we perform a detailed analysis of this concept, having a special focus on how the antifragile concept relates to common ideas and principles of risk management. The article argues that Taleb's antifragile concept adds an important contribution to the current practice of risk analysis by its focus on the dynamic aspects of risk and performance, and the necessity of some variation, uncertainties, and risk to achieve improvements and high performance at later stages.     

Design and Assessment Methodology for System Resilience Metrics

By providing objective measures, resilience metrics (RMs) help planners, designers, and decisionmakers to have a grasp of the resilience status of a system. Conceptual frameworks establish a sound basis for RM development. However, a significant challenge that has yet to be addressed is the assessment of the validity of RMs, whether they reflect all abilities of a resilient system, and whether or not they overrate/underrate these abilities. This article covers this gap by introducing a methodology that can show the validity of an RM against its conceptual framework. This methodology combines experimental design methods and statistical analysis techniques that provide an insight into the RM's quality. We also propose a new metric that can be used for general systems. The analysis of the proposed metric using the presented methodology shows that this metric is a better indicator of the system's abilities compared to the existing metrics.     

On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism

This article highlights the complexity of the quantification of the multidimensional risk function, develops five systems‐based premises on quantifying the risk of terrorism to a threatened system, and advocates the quantification of vulnerability and resilience through the states of the system. The five premises are: (i) There exists interdependence between a specific threat to a system by terrorist networks and the states of the targeted system, as represented through the system's vulnerability, resilience, and criticality‐impact. (ii) A specific threat, its probability, its timing, the states of the targeted system, and the probability of consequences can be interdependent. (iii) The two questions in the risk assessment process: “What is the likelihood?” and “What are the consequences?” can be interdependent. (iv) Risk management policy options can reduce both the likelihood of a threat to a targeted system and the associated likelihood of consequences by changing the states (including both vulnerability and resilience) of the system. (v) The quantification of risk to a vulnerable system from a specific threat must be built on a systemic and repeatable modeling process, by recognizing that the states of the system constitute an essential step to construct quantitative metrics of the consequences based on intelligence gathering, expert evidence, and other qualitative information. The fact that the states of all systems are functions of time (among other variables) makes the time frame pivotal in each component of the process of risk assessment, management, and communication. Thus, risk to a system, caused by an initiating event (e.g., a threat) is a multidimensional function of the specific threat, its probability and time frame, the states of the system (representing vulnerability and resilience), and the probabilistic multidimensional consequences.     

A General Framework for the Assessment of Power System Vulnerability to Malicious Attacks

The protection and safe operations of power systems heavily rely on the identification of the causes of damage and service disruption. This article presents a general framework for the assessment of power system vulnerability to malicious attacks. The concept of susceptibility to an attack is employed to quantitatively evaluate the degree of exposure of the system and its components to intentional offensive actions. A scenario with two agents having opposing objectives is proposed, i.e., a defender having multiple alternatives of protection strategies for system elements, and an attacker having multiple alternatives of attack strategies against different combinations of system elements. The defender aims to minimize the system susceptibility to the attack, subject to budget constraints; on the other hand, the attacker aims to maximize the susceptibility. The problem is defined as a zero‐sum game between the defender and the attacker. The assumption that the interests of the attacker and the defender are opposite makes it irrelevant whether or not the defender shows the strategy he/she will use. Thus, the approaches “leader–follower game” or “simultaneous game” do not provide differences as far as the results are concerned. The results show an example of such a situation, and the von Neumann theorem is applied to find the (mixed) equilibrium strategies of the attacker and of the defender.     

Integrating Risk and Resilience Approaches to Catastrophe Management in Engineering Systems

Recent natural and man‐made catastrophes, such as the Fukushima nuclear power plant, flooding caused by Hurricane Katrina, the Deepwater Horizon oil spill, the Haiti earthquake, and the mortgage derivatives crisis, have renewed interest in the concept of resilience, especially as it relates to complex systems vulnerable to multiple or cascading failures. Although the meaning of resilience is contested in different contexts, in general resilience is understood to mean the capacity to adapt to changing conditions without catastrophic loss of form or function. In the context of engineering systems, this has sometimes been interpreted as the probability that system conditions might exceed an irrevocable tipping point. However, we argue that this approach improperly conflates resilience and risk perspectives by expressing resilience exclusively in risk terms. In contrast, we describe resilience as an emergent property of what an engineering system does, rather than a static property the system has. Therefore, resilience cannot be measured at the systems scale solely from examination of component parts. Instead, resilience is better understood as the outcome of a recursive process that includes: sensing, anticipation, learning, and adaptation. In this approach, resilience analysis can be understood as differentiable from, but complementary to, risk analysis, with important implications for the adaptive management of complex, coupled engineering systems. Management of the 2011 flooding in the Mississippi River Basin is discussed as an example of the successes and challenges of resilience‐based management of complex natural systems that have been extensively altered by engineered structures.     

Toward General Principles for Resilience Engineering

Maintaining the performance of infrastructure-dependent systems in the face of surprises and unknowable risks is a grand challenge. Addressing this issue requires a better understanding of enabling conditions or principles that promote system resilience in a universal way. In this study, a set of such principles is interpreted as a group of interrelated conditions or organizational qualities that, taken together, engender system resilience. The field of resilience engineering identifies basic system or organizational qualities (e.g., abilities for learning) that are associated with enhanced general resilience and has packaged them into a set of principles that should be fostered. However, supporting conditions that give rise to such first-order system qualities remain elusive in the field. An integrative understanding of how such conditions co-occur and fit together to bring about resilience, therefore, has been less clear. This article contributes to addressing this gap by identifying a potentially more comprehensive set of principles for building general resilience in infrastructure-dependent systems. In approaching this aim, we organize scattered notions from across the literature. To reflect the partly self-organizing nature of infrastructure-dependent systems, we compare and synthesize two lines of research on resilience: resilience engineering and social-ecological system resilience. Although some of the principles discussed within the two fields overlap, there are some nuanced differences. By comparing and synthesizing the knowledge developed in them, we recommend an updated set of resilience-enhancing principles for infrastructure-dependent systems. In addition to proposing an expanded list of principles, we illustrate how these principles can co-occur and their interdependencies.     

Productivity measurement in a large organization with multi-performance objectives: A case study

A model to measure productivity of a multi-performance objective system based on the concept of Management by Objectives (MBO) and systems theory is presented. The multi-attribute utility theory and “goal programming” are applied to evaluate the performance objectives. The approach, termed as the PO–P approach to measure productivity, provides a methodology to determine the productivity index of the plant considering it as a system and it is useful for monitoring and control of performance. Application of the approach is illustrated with a case study.     

基于“硬件/软件”平台产品性能改进的定价策略与激励合同研究

构建了一个“硬件/软件”平台，平台一边是互补内容或服务的提供商，一边是购买平台产品和内容的最终消费者。在刻画平台产品和内容之间互补网络效应的基础上，考虑平台产品性能改进，运用博弈论方法，揭示了平台产品定价、内容定价、平台收费及平台产品性能水平决策的内在机理，并进一步探索了优化平台产品性能的激励合同设计。研究结果表明：(1)在一定条件下平台产品可以亏本销售，但内容必须具有盈利性。(2)互补性网络效应越强、平台产品性能改进效率越高或敏感系数越小将促使平台提高产品性能并制定更高的平台接入费，同时内容价格也会提高。但平台产品性能水平与其价格的变化并不总是保持一致。(3)数量折扣和固定转移支付合同的组合合同可以实现双边市场系统的协调并进一步优化平台产品性能水平，且当固定转移费用在一定范围内时，实现平台和内容提供商利润的帕累托改进。     

Rethinking Resilience Analytics

The concept of “resilience analytics” has recently been proposed as a means to leverage the promise of big data to improve the resilience of interdependent critical infrastructure systems and the communities supported by them. Given recent advances in machine learning and other data‐driven analytic techniques, as well as the prevalence of high‐profile natural and man‐made disasters, the temptation to pursue resilience analytics without question is almost overwhelming. Indeed, we find big data analytics capable to support resilience to rare, situational surprises captured in analytic models. Nonetheless, this article examines the efficacy of resilience analytics by answering a single motivating question: Can big data analytics help cyber–physical–social (CPS) systems adapt to surprise? This article explains the limitations of resilience analytics when critical infrastructure systems are challenged by fundamental surprises never conceived during model development. In these cases, adoption of resilience analytics may prove either useless for decision support or harmful by increasing dangers during unprecedented events. We demonstrate that these dangers are not limited to a single CPS context by highlighting the limits of analytic models during hurricanes, dam failures, blackouts, and stock market crashes. We conclude that resilience analytics alone are not able to adapt to the very events that motivate their use and may, ironically, make CPS systems more vulnerable. We present avenues for future research to address this deficiency, with emphasis on improvisation to adapt CPS systems to fundamental surprise.     

Probabilistic Multiple Hazard Resilience Model of an Interdependent Infrastructure System

Multiple hazard resilience is of significant practical value because most regions of the world are subject to multiple natural and technological hazards. An analysis and assessment approach for multiple hazard spatiotemporal resilience of interdependent infrastructure systems is developed using network theory and a numerical analysis. First, we define multiple hazard resilience and present a quantitative probabilistic metric based on the expansion of a single hazard deterministic resilience model. Second, we define a multiple hazard relationship analysis model with a focus on the impact of hazards on an infrastructure. Subsequently, a relationship matrix is constructed with temporal and spatial dimensions. Further, a general method for the evaluation of direct impacts on an individual infrastructure under multiple hazards is proposed. Third, we present an analysis of indirect multiple hazard impacts on interdependent infrastructures and a joint restoration model of an infrastructure system. Finally, a simplified two‐layer interdependent infrastructure network is used as a case study for illustrating the proposed methodology. The results show that temporal and spatial relationships of multiple hazards significantly influence system resilience. Moreover, the interdependence among infrastructures further magnifies the impact on resilience value. The main contribution of the article is a new multiple hazard resilience evaluation approach that is capable of integrating the impacts of multiple hazard interactions, interdependence of network components (layers), and restoration strategy.     

Physical–cyber–human framework-based resilience evaluation toward urban power system: Case study from China

Because the increased frequency, intensity, and duration of extreme weather events have significantly challenged power systems, there has been an increased interest in resilient power systems. This article establishes a multicriteria resilience evaluation framework for urban power systems from a physical–cyber–human system perspective, in which the two principal elements responsible for power system function degradation are described, the three major domains comprising urban power systems are explained, four core capacities that positively contribute to power system resilience are proposed, and 15 (11 objective and four subjective) power system resilience evaluation indicators are identified. Fuzzy hesitant judgment and a Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) aggregation method are employed to minimize the expert divergence and maximize the group consensus. A validation method is designed and a comparison with commonly applied performance-based and attributes-based evaluation methods is conducted. The applicability of the evaluation framework is verified using data from four Chinese municipalities: Shanghai, Beijing, Chongqing, and Tianjin. It was found that Shanghai's resilience was the best, and Chongqing's physical resistance disadvantages would result in the greatest difficulties in coping with extreme event disturbances. Physical, cyber, and human domain resilience enhancement strategies are given for different cities separately. This study provides a practical tool to evaluate, compare, and enhance power system resilience for governments and public utilities.     

An Entropy Measure of Flow Dominance for Predicting Operations Performance

The flow of jobs within a system is an important operating characteristic that influences system performance. While the majority of previous studies on manufacturing performance consider product flows only as an implicit parameter of the design, we introduce an explicit measure of flow dominance based on entropy and test its efficacy in predicting the performance of manufacturing systems. In computing entropy flow dominance (EFD), we aggregate information embedded in the routings of all products within a system into a single measure. EFD is designed to indicate on a 0–1 scale the level of flow dominance, where 1 represents a pure flow shop and 0 represents a pure job shop. The result is a simple measure that provides managers a way to explain and predict complex phenomena. Our experimental results indicate that EFD is a statistically significant determinant of manufacturing system performance. Furthermore, the model including EFD as an independent variable accurately predicts manufacturing system performance as measured by job flow time, flow time standard deviation, and work in process. We note that the same results can also apply to service systems, such as the “back‐room” low‐contact type systems, that have similar characteristics as manufacturing systems.