On the Complex Definition of Risk: A Systems-Based Approach

The premise of this article is that risk to a system, as well as its vulnerability and resilience, can be understood, defined, and quantified most effectively through a systems-based philosophical and methodological approach, and by recognizing the central role of the system states in this process. A universally agreed-upon definition of risk has been difficult to develop; one reason is that the concept is multidimensional and nuanced. It requires an understanding that risk to a system is inherently and fundamentally a function of the initiating event, the states of the system and of its environment, and the time frame. In defining risk, this article posits that: (a) the performance capabilities of a system are a function of its state vector; (b) a system's vulnerability and resilience vectors are each a function of the input (e.g., initiating event), its time of occurrence, and the states of the system; (c) the consequences are a function of the specificity and time of the event, the vector of the states, the vulnerability, and the resilience of the system; (d) the states of a system are time-dependent and commonly fraught with variability uncertainties and knowledge uncertainties; and (e) risk is a measure of the probability and severity of consequences. The above implies that modeling must evaluate consequences for each risk scenario as functions of the threat (initiating event), the vulnerability and resilience of the system, and the time of the event. This fundamentally complex modeling and analysis process cannot be performed correctly and effectively without relying on the states of the system being studied.     

On Some Recent Definitions and Analysis Frameworks for Risk,Vulnerability, and Resilience

Recently, considerable attention has been paid to a systems‐based approach to risk, vulnerability, and resilience analysis. It is argued that risk, vulnerability, and resilience are inherently and fundamentally functions of the states of the system and its environment. Vulnerability is defined as the manifestation of the inherent states of the system that can be subjected to a natural hazard or be exploited to adversely affect that system, whereas resilience is defined as the ability of the system to withstand a major disruption within acceptable degradation parameters and to recover within an acceptable time, and composite costs, and risks. Risk, on the other hand, is probability based, defined by the probability and severity of adverse effects (i.e., the consequences). In this article, we look more closely into this approach. It is observed that the key concepts are inconsistent in the sense that the uncertainty (probability) dimension is included for the risk definition but not for vulnerability and resilience. In the article, we question the rationale for this inconsistency. The suggested approach is compared with an alternative framework that provides a logically defined structure for risk, vulnerability, and resilience, where all three concepts are incorporating the uncertainty (probability) dimension.     

Toward Disaster‐Resilient Cities: Characterizing Resilience of Infrastructure Systems with Expert Judgments

Resilient infrastructure systems are essential for cities to withstand and rapidly recover from natural and human‐induced disasters, yet electric power, transportation, and other infrastructures are highly vulnerable and interdependent. New approaches for characterizing the resilience of sets of infrastructure systems are urgently needed, at community and regional scales. This article develops a practical approach for analysts to characterize a community's infrastructure vulnerability and resilience in disasters. It addresses key challenges of incomplete incentives, partial information, and few opportunities for learning. The approach is demonstrated for Metro Vancouver, Canada, in the context of earthquake and flood risk. The methodological approach is practical and focuses on potential disruptions to infrastructure services. In spirit, it resembles probability elicitation with multiple experts; however, it elicits disruption and recovery over time, rather than uncertainties regarding system function at a given point in time. It develops information on regional infrastructure risk and engages infrastructure organizations in the process. Information sharing, iteration, and learning among the participants provide the basis for more informed estimates of infrastructure system robustness and recovery that incorporate the potential for interdependent failures after an extreme event. Results demonstrate the vital importance of cross‐sectoral communication to develop shared understanding of regional infrastructure disruption in disasters. For Vancouver, specific results indicate that in a hypothetical M7.3 earthquake, virtually all infrastructures would suffer severe disruption of service in the immediate aftermath, with many experiencing moderate disruption two weeks afterward. Electric power, land transportation, and telecommunications are identified as core infrastructure sectors.     

Risk Analysis for Critical Asset Protection

This article proposes a quantitative risk assessment and management framework that supports strategic asset-level resource allocation decision making for critical infrastructure and key resource protection. The proposed framework consists of five phases: scenario identification, consequence and criticality assessment, security vulnerability assessment, threat likelihood assessment, and benefit-cost analysis. Key innovations in this methodology include its initial focus on fundamental asset characteristics to generate an exhaustive set of plausible threat scenarios based on a target susceptibility matrix (which we refer to as asset-driven analysis) and an approach to threat likelihood assessment that captures adversary tendencies to shift their preferences in response to security investments based on the expected utilities of alternative attack profiles assessed from the adversary perspective. A notional example is provided to demonstrate an application of the proposed framework. Extensions of this model to support strategic portfolio-level analysis and tactical risk analysis are suggested.     

Infrastructure Vulnerability Assessment Model (I-VAM)

Quantifying vulnerability to critical infrastructure has not been adequately addressed in the literature. Thus, the purpose of this article is to present a model that quantifies vulnerability. Vulnerability is defined as a measure of system susceptibility to threat scenarios. This article asserts that vulnerability is a condition of the system and it can be quantified using the Infrastructure Vulnerability Assessment Model (I-VAM). The model is presented and then applied to a medium-sized clean water system. The model requires subject matter experts (SMEs) to establish value functions and weights, and to assess protection measures of the system. Simulation is used to account for uncertainty in measurement, aggregate expert assessment, and to yield a vulnerability (Omega) density function. Results demonstrate that I-VAM is useful to decisionmakers who prefer quantification to qualitative treatment of vulnerability. I-VAM can be used to quantify vulnerability to other infrastructures, supervisory control and data acquisition systems (SCADA), and distributed control systems (DCS).     

Developing a Broadly Applicable Measure of Risk Perception

Decades of research identify risk perception as a largely intuitive and affective construct, in contrast to the more deliberative assessments of probability and consequences that form the foundation of risk assessment. However, a review of the literature reveals that many of the risk perception measures employed in survey research with human subjects are either generic in nature, not capturing any particular affective, probabilistic, or consequential dimension of risk; or focused solely on judgments of probability. The goal of this research was to assess a multidimensional measure of risk perception across multiple hazards to identify a measure that will be broadly useful for assessing perceived risk moving forward. Our results support the idea of risk perception being multidimensional, but largely a function of individual affective reactions to the hazard. We also find that our measure of risk perception holds across multiple types of hazards, ranging from those that are behavioral in nature (e.g., health and safety behaviors), to those that are technological (e.g., pollution), or natural (e.g., extreme weather). We suggest that a general, unidimensional measure of risk may accurately capture one's perception of the severity of the consequences, and the discrete emotions that are felt in response to those potential consequences. However, such a measure is not likely to capture the perceived probability of experiencing the outcomes, nor will it be as useful at understanding one's motivation to take mitigation action.     

A Scale of Risk

This article proposes a conceptual framework for ranking the relative gravity of diverse risks. This framework identifies the moral considerations that should inform the evaluation and comparison of diverse risks. A common definition of risk includes two dimensions: the probability of occurrence and the associated consequences of a set of hazardous scenarios. This article first expands this definition to include a third dimension: the source of a risk. The source of a risk refers to the agents involved in the creation or maintenance of a risk and captures a central moral concern about risks. Then, a scale of risk is proposed to categorize risks along a multidimensional ranking, based on a comparative evaluation of the consequences, probability, and source of a given risk. A risk is ranked higher on the scale the larger the consequences, the greater the probability, and the more morally culpable the source. The information from the proposed comparative evaluation of risks can inform the selection of priorities for risk mitigation.     

Stochastic Measures of Network Resilience: Applications to Waterway Commodity Flows

Given the ubiquitous nature of infrastructure networks in today's society, there is a global need to understand, quantify, and plan for the resilience of these networks to disruptions. This work defines network resilience along dimensions of reliability, vulnerability, survivability, and recoverability, and quantifies network resilience as a function of component and network performance. The treatment of vulnerability and recoverability as random variables leads to stochastic measures of resilience, including time to total system restoration, time to full system service resilience, and time to a specific α% resilience. Ultimately, a means to optimize network resilience strategies is discussed, primarily through an adaption of the Copeland Score for nonparametric stochastic ranking. The measures of resilience and optimization techniques are applied to inland waterway networks, an important mode in the larger multimodal transportation network upon which we rely for the flow of commodities. We provide a case study analyzing and planning for the resilience of commodity flows along the Mississippi River Navigation System to illustrate the usefulness of the proposed metrics.     

Probabilistic Multiple Hazard Resilience Model of an Interdependent Infrastructure System

Multiple hazard resilience is of significant practical value because most regions of the world are subject to multiple natural and technological hazards. An analysis and assessment approach for multiple hazard spatiotemporal resilience of interdependent infrastructure systems is developed using network theory and a numerical analysis. First, we define multiple hazard resilience and present a quantitative probabilistic metric based on the expansion of a single hazard deterministic resilience model. Second, we define a multiple hazard relationship analysis model with a focus on the impact of hazards on an infrastructure. Subsequently, a relationship matrix is constructed with temporal and spatial dimensions. Further, a general method for the evaluation of direct impacts on an individual infrastructure under multiple hazards is proposed. Third, we present an analysis of indirect multiple hazard impacts on interdependent infrastructures and a joint restoration model of an infrastructure system. Finally, a simplified two‐layer interdependent infrastructure network is used as a case study for illustrating the proposed methodology. The results show that temporal and spatial relationships of multiple hazards significantly influence system resilience. Moreover, the interdependence among infrastructures further magnifies the impact on resilience value. The main contribution of the article is a new multiple hazard resilience evaluation approach that is capable of integrating the impacts of multiple hazard interactions, interdependence of network components (layers), and restoration strategy.     

Assessing Engineering Resilience for Systems with Multiple Performance Measures

Recently, efforts to model and assess a system's resilience to disruptions due to environmental and adversarial threats have increased substantially. Researchers have investigated resilience in many disciplines, including sociology, psychology, computer networks, and engineering systems, to name a few. When assessing engineering system resilience, the resilience assessment typically considers a single performance measure, a disruption, a loss of performance, the time required to recover, or a combination of these elements. We define and use a resilient engineered system definition that separates system resilience into platform and mission resilience. Most complex systems have multiple performance measures; this research proposes using multiple objective decision analysis to assess system resilience for systems with multiple performance measures using two distinct methods. The first method quantifies platform resilience and includes resilience and other “ilities” directly in the value hierarchy, while the second method quantifies mission resilience and uses the “ilities” in the calculation of the expected mission performance for every performance measure in the value hierarchy. We illustrate the mission resilience method using a transportation systems‐of‐systems network with varying levels of resilience due to the level of connectivity and autonomy of the vehicles and platform resilience by using a notional military example. Our analysis found that it is necessary to quantify performance in context with specific mission(s) and scenario(s) under specific threat(s) and then use modeling and simulation to help determine the resilience of a system for a given set of conditions. The example demonstrates how incorporating system mission resilience can improve performance for some performance measures while negatively affecting others.     

Secondary Risk Theory: Validation of a Novel Model of Protection Motivation

Protection motivation theory states individuals conduct threat and coping appraisals when deciding how to respond to perceived risks. However, that model does not adequately explain today's risk culture, where engaging in recommended behaviors may create a separate set of real or perceived secondary risks. We argue for and then demonstrate the need for a new model accounting for a secondary threat appraisal, which we call secondary risk theory. In an online experiment, 1,246 participants indicated their intention to take a vaccine after reading about the likelihood and severity of side effects. We manipulated likelihood and severity in a 2 × 2 between‐subjects design and examined how well secondary risk theory predicts vaccination intention compared to protection motivation theory. Protection motivation theory performed better when the likelihood and severity of side effects were both low (R² = 0.30) versus high (R² = 0.15). In contrast, secondary risk theory performed similarly when the likelihood and severity of side effects were both low (R² = 0.42) or high (R² = 0.45). But the latter figure is a large improvement over protection motivation theory, suggesting the usefulness of secondary risk theory when individuals perceive a high secondary threat.     

Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management

Risk assessors and managers face many difficult challenges related to novel cyber systems. Among these challenges are the constantly changing nature of cyber systems caused by technical advances, their distribution across the physical, information, and sociocognitive domains, and the complex network structures often including thousands of nodes. Here, we review probabilistic and risk-based decision-making techniques applied to cyber systems and conclude that existing approaches typically do not address all components of the risk assessment triplet (threat, vulnerability, consequence) and lack the ability to integrate across multiple domains of cyber systems to provide guidance for enhancing cybersecurity. We present a decision-analysis-based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data.     

Risk Management and the Precautionary Principle: A Fuzzy Logic Model

The aim of this article is to illustrate a procedure for applying the precautionary principle within a strategy for reducing the possibility of underestimating the effective risk caused by a phenomenon, product, or process, and of adopting insufficient risk reduction measures or overlooking their need. We start by simply defining risk as the product between the numerical expression of the adverse consequences of an event and the likelihood of its occurrence or the likelihood that such consequences will occur. Uncertainty in likelihood estimates and several key concepts inherent to the precautionary principle, such as sufficient certainty, prevention, and desired level of protection, are represented as fuzzy sets. The strategy described may be viewed as a simplified example of a precautionary decision process that has been chiefly conceived as a theoretical contribution to the debate concerning the precautionary principle, the quantification of its application, and the formal approach to such problems.     

Risk based facility location by using fault tree analysis in disaster management

Determining the locations of facilities for prepositioning supplies to be used during a disaster is a strategic decision that directly affects the success of disaster response operations. Locating such facilities close to the disaster-prone areas is of utmost importance to minimize response time. However, this is also risky because the facility may be disrupted and hence may not support the demand point(s). In this study, we develop an optimization model that minimizes the risk that a demand point may be exposed to because it is not supported by the located facilities. The purpose is to choose the locations such that a reliable facility network to support the demand points is constructed. The risk for a demand point is calculated as the multiplication of the (probability of the) threat (e.g., earthquake), the vulnerability of the demand point (the probability that it is not supported by the facilities), and consequence (value or possible loss at the demand point due to threat). The vulnerability of a demand point is computed by using fault tree analysis and incorporated into the optimization model innovatively. To our knowledge, this paper is the first to use such an approach. The resulting non-linear integer program is linearized and solved as a linear integer program. The locations produced by the proposed model are compared to those produced by the p-center model with respect to risk value, coverage distance, and covered population by using several test problems. The model is also applied in a real problem. The results indicate that taking the risk into account explicitly may create significant differences in the risk levels.     

Evolutionary Resilience and Strategies for Climate Adaptation

The aim of this study is to develop a framework by drawing on three broad perspectives on resilience, engineering, ecological and evolutionary, and to use this framework to critically examine the approach adopted by the draft London climate change adaptation strategy. The central argument of the study is that the Strategy's emergency planning-centred approach to climate adaptation veers between a standard ecological understanding of resilience and the more rigid engineering model. Its emphasis is on identifying ‘exposure’ and ‘vulnerability’ to risk from climate events and on bouncing back from the consequences of such exposures to a normal state, rather than on the dynamic process of transformation to a more desirable trajectory. The study concludes that fostering resilience involves planning for not only recovery from shocks but also cultivating preparedness, and seeking potential transformative opportunities which emerge from change.     

The Effects of Expectation Disconfirmation on Appraisal,Affect, and Behavioral Intentions

People's risk perceptions can have powerful effects on their outcomes, yet little is known about how people respond to risk information that disconfirms a prior expectation. We experimentally examined the affective, cognitive, and behavioral consequences of expectation disconfirmation in the context of risk perceptions. Participants were randomly assigned and then prompted toward either a high or low personal risk estimate regarding a fictitious health threat. All participants then received the same risk feedback, which presented either a negative disconfirmation experience (i.e., worse than expected) in the high‐risk estimate condition or a positive disconfirmation experience (i.e., better than expected) in the low‐risk estimate condition. Participants who experienced the negative disconfirmation reported stronger intentions to prevent the threat in the future compared to participants who experienced the positive disconfirmation. This effect was mediated by both disappointment about the risk feedback and perceptions of the severity of the threat. These findings have implications for risk communication, suggesting that the provision of objective risk information may improve or diminish the likelihood of behavior change depending on people's initial expectations and their emotional and cognitive reactions to the information.     

Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems

Natural and human‐induced disasters affect organizations in myriad ways because of the inherent interconnectedness and interdependencies among human, cyber, and physical infrastructures, but more importantly, because organizations depend on the effectiveness of people and on the leadership they provide to the organizations they serve and represent. These human–organizational–cyber–physical infrastructure entities are termed systems of systems. Given the multiple perspectives that characterize them, they cannot be modeled effectively with a single model. The focus of this article is: (i) the centrality of the states of a system in modeling; (ii) the efficacious role of shared states in modeling systems of systems, in identification, and in the meta‐modeling of systems of systems; and (iii) the contributions of the above to strategic preparedness, response to, and recovery from catastrophic risk to such systems. Strategic preparedness connotes a decision‐making process and its associated actions. These must be: implemented in advance of a natural or human‐induced disaster, aimed at reducing consequences (e.g., recovery time, community suffering, and cost), and/or controlling their likelihood to a level considered acceptable (through the decisionmakers’ implicit and explicit acceptance of various risks and tradeoffs). The inoperability input‐output model (IIM), which is grounded on Leontief's input/output model, has enabled the modeling of interdependent subsystems. Two separate modeling structures are introduced. These are: phantom system models (PSM), where shared states constitute the essence of modeling coupled systems; and the IIM, where interdependencies among sectors of the economy are manifested by the Leontief matrix of technological coefficients. This article demonstrates the potential contributions of these two models to each other, and thus to more informative modeling of systems of systems schema. The contributions of shared states to this modeling and to systems identification are presented with case studies.     

Tiered Approach to Resilience Assessment

Regulatory agencies have long adopted a three‐tier framework for risk assessment. We build on this structure to propose a tiered approach for resilience assessment that can be integrated into the existing regulatory processes. Comprehensive approaches to assessing resilience at appropriate and operational scales, reconciling analytical complexity as needed with stakeholder needs and resources available, and ultimately creating actionable recommendations to enhance resilience are still lacking. Our proposed framework consists of tiers by which analysts can select resilience assessment and decision support tools to inform associated management actions relative to the scope and urgency of the risk and the capacity of resource managers to improve system resilience. The resilience management framework proposed is not intended to supplant either risk management or the many existing efforts of resilience quantification method development, but instead provide a guide to selecting tools that are appropriate for the given analytic need. The goal of this tiered approach is to intentionally parallel the tiered approach used in regulatory contexts so that resilience assessment might be more easily and quickly integrated into existing structures and with existing policies.     

Sequential Hazards Resilience of Interdependent Infrastructure System: A Case Study of Greater Toronto Area Energy Infrastructure System

Coupled infrastructure systems and complicated multihazards result in a high level of complexity and make it difficult to assess and improve the infrastructure system resilience. With a case study of the Greater Toronto Area energy system (including electric, gas, and oil transmission networks), an approach to analysis of multihazard resilience of an interdependent infrastructure system is presented in the article. Integrating network theory, spatial and numerical analysis methods, the new approach deals with the complicated multihazard relations and complex infrastructure interdependencies as spatiotemporal impacts on infrastructure systems in order to assess the dynamic system resilience. The results confirm that the effects of sequential hazards on resilience of infrastructure (network) are more complicated than the sum of single hazards. The resilience depends on the magnitude of the hazards, their spatiotemporal relationship and dynamic combined impacts, and infrastructure interdependencies. The article presents a comparison between physical and functional resilience of an electric transmission network, and finds functional resilience is always higher than physical resilience. The multiple hazards resilience evaluation approach is applicable to any type of infrastructure and hazard and it can contribute to the improvement of infrastructure planning, design, and maintenance decision making.     

Social Amplification of Wildfire Risk: The Role of Social Interactions and Information Sources

Wildfire is a persistent and growing threat across much of the western United States. Understanding how people living in fire‐prone areas perceive this threat is essential to the design of effective risk management policies. Drawing on the social amplification of risk framework, we develop a conceptual model of wildfire risk perceptions that incorporates the social processes that likely shape how individuals in fire‐prone areas come to understand this risk, highlighting the role of information sources and social interactions. We classify information sources as expert or nonexpert, and group social interactions according to two dimensions: formal versus informal, and generic versus fire‐specific. Using survey data from two Colorado counties, we empirically examine how information sources and social interactions relate to the perceived probability and perceived consequences of a wildfire. Our results suggest that social amplification processes play a role in shaping how individuals in this area perceive wildfire risk. A key finding is that both “vertical” (i.e., expert information sources and formal social interactions) and “horizontal” (i.e., nonexpert information and informal interactions) interactions are associated with perceived risk of experiencing a wildfire. We also find evidence of perceived “risk interdependency”—that is, homeowners’ perceptions of risk are higher when vegetation on neighboring properties is perceived to be dense. Incorporating social amplification processes into community‐based wildfire education programs and evaluating these programs’ effectiveness constitutes an area for future inquiry.