Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems

Natural and human‐induced disasters affect organizations in myriad ways because of the inherent interconnectedness and interdependencies among human, cyber, and physical infrastructures, but more importantly, because organizations depend on the effectiveness of people and on the leadership they provide to the organizations they serve and represent. These human–organizational–cyber–physical infrastructure entities are termed systems of systems. Given the multiple perspectives that characterize them, they cannot be modeled effectively with a single model. The focus of this article is: (i) the centrality of the states of a system in modeling; (ii) the efficacious role of shared states in modeling systems of systems, in identification, and in the meta‐modeling of systems of systems; and (iii) the contributions of the above to strategic preparedness, response to, and recovery from catastrophic risk to such systems. Strategic preparedness connotes a decision‐making process and its associated actions. These must be: implemented in advance of a natural or human‐induced disaster, aimed at reducing consequences (e.g., recovery time, community suffering, and cost), and/or controlling their likelihood to a level considered acceptable (through the decisionmakers’ implicit and explicit acceptance of various risks and tradeoffs). The inoperability input‐output model (IIM), which is grounded on Leontief's input/output model, has enabled the modeling of interdependent subsystems. Two separate modeling structures are introduced. These are: phantom system models (PSM), where shared states constitute the essence of modeling coupled systems; and the IIM, where interdependencies among sectors of the economy are manifested by the Leontief matrix of technological coefficients. This article demonstrates the potential contributions of these two models to each other, and thus to more informative modeling of systems of systems schema. The contributions of shared states to this modeling and to systems identification are presented with case studies.     

Operational Networks: Adaptation to Extreme Events in China

Natural hazards pose an increasing challenge to public administrators, as the frequency, costs, and consequences of extreme events escalate in a complex, interdependent, world. This study examines organizational networks as instruments for mobilizing collective response to extreme events, but effective design has been elusive. Governments have focused on planned networks to anticipate risk before hazards occur; communities have formed emergent networks as voluntary efforts after the event. Using a framework of complex adaptive systems, we identify operational networks that adapt to their immediate context in real time, using technologies to support the search, exchange, and feedback of information to enable informed, collective action. Applying mixed research methods—documentary analysis of laws, policies, and procedures; content analysis of news articles; onsite observation; and semistructured interviews with experienced personnel—we document operational networks as a distinct form of multiorganizational response to urgent events that combines the structure of designated authority with the flexibility of information technologies. The integration of planned and emergent organizational forms into operational networks is measured through External/Internal (E/I) index analysis, based on empirical data collected on response systems that formed following the 2008 Wenchuan and 2013 Lushan earthquakes in the centralized administrative context of China. Findings show that planned networks provide the organizational structure and initial legitimacy essential for operational networks to form, but ready access to information technology—cell phones, short-wave radio systems, internet access—enables rapid communication and exchange of information essential for flexible adaptation in real time to meet urgent needs.     

Systems‐Based Guiding Principles for Risk Modeling,Planning, Assessment,Management, and Communication

This article is grounded on the premise that the complex process of risk assessment, management, and communication, when applied to systems of systems, should be guided by universal systems‐based principles. It is written from the perspective of systems engineering with the hope and expectation that the principles introduced here will be supplemented and complemented by principles from the perspectives of other disciplines. Indeed, there is no claim that the following 10 guiding principles constitute a complete set; rather, the intent is to initiate a discussion on this important subject that will incrementally lead us to a more complete set of guiding principles. The 10 principles are as follows: First Principle: Holism is the common denominator that bridges risk analysis and systems engineering. Second Principle: The process of risk modeling, assessment, management, and communication must be systemic and integrated. Third Principle: Models and state variables are central to quantitative risk analysis. Fourth Principle: Multiple models are required to represent the essence of the multiple perspectives of complex systems of systems. Fifth Principle: Meta‐modeling and subsystems integration must be derived from the intrinsic states of the system of systems. Sixth Principle: Multiple conflicting and competing objectives are inherent in risk management. Seventh Principle: Risk analysis must account for epistemic and aleatory uncertainties. Eighth Principle: Risk analysis must account for risks of low probability with extreme consequences. Ninth Principle: The time frame is central to quantitative risk analysis. Tenth Principle: Risk analysis must be holistic, adaptive, incremental, and sustainable, and it must be supported with appropriate data collection, metrics with which to measure efficacious progress, and criteria on the basis of which to act. The relevance and efficacy of each guiding principle is demonstrated by applying it to the U.S. Federal Aviation Administration complex Next Generation (NextGen) system of systems.     

Health Risks of Energy Systems

Health risks from fossil, renewable and nuclear reference energy systems are estimated following a detailed impact pathway approach. Using a set of appropriate air quality models and exposure-effect functions derived from the recent epidemiological literature, a methodological framework for risk assessment has been established and consistently applied across the different energy systems, including the analysis of consequences from a major nuclear accident. A wide range of health impacts resulting from increased air pollution and ionizing radiation is quantified, and the transferability of results derived from specific power plants to a more general context is discussed.     

Decision‐Making Analytics Using Plural Resilience Parameters for Adaptive Management of Complex Systems

It is critical for complex systems to effectively recover, adapt, and reorganize after system disruptions. Common approaches for evaluating system resilience typically study single measures of performance at one time, such as with a single resilience curve. However, multiple measures of performance are needed for complex systems that involve many components, functions, and noncommensurate valuations of performance. Hence, this article presents a framework for: (1) modeling resilience for complex systems with competing measures of performance, and (2) modeling decision making for investing in these systems using multiple stakeholder perspectives and multicriteria decision analysis. This resilience framework, which is described and demonstrated in this article via a real‐world case study, will be of interest to managers of complex systems, such as supply chains and large‐scale infrastructure networks.     

System of Systems Engineering and Risk Management of Extreme Events: Concepts and Case Study

The domain of risk analysis is expanded to consider strategic interactions among multiple participants in the management of extreme risk in a system of systems. These risks are fraught with complexity, ambiguity, and uncertainty, which pose challenges in how participants perceive, understand, and manage risk of extreme events. In the case of extreme events affecting a system of systems, cause‐and‐effect relationships among initiating events and losses may be difficult to ascertain due to interactions of multiple systems and participants (complexity). Moreover, selection of threats, hazards, and consequences on which to focus may be unclear or contentious to participants within multiple interacting systems (ambiguity). Finally, all types of risk, by definition, involve potential losses due to uncertain events (uncertainty). Therefore, risk analysis of extreme events affecting a system of systems should address complex, ambiguous, and uncertain aspects of extreme risk. To accomplish this, a system of systems engineering methodology for risk analysis is proposed as a general approach to address extreme risk in a system of systems. Our contribution is an integrative and adaptive systems methodology to analyze risk such that strategic interactions among multiple participants are considered. A practical application of the system of systems engineering methodology is demonstrated in part by a case study of a maritime infrastructure system of systems interface, namely, the Straits of Malacca and Singapore.     

Emergent Marketing Strategies and Performance: The Effects of Market Uncertainty and Strategic Feedback Systems

Although many process‐based studies appear in the strategic management literature, little attention has been devoted to the formation process of marketing strategies. Drawing on enactment and information‐processing theories, this study views the external environment as a source of information (i.e. enacted) and organizations as information‐processing entities. We propose a conceptual framework of antecedents and market performance consequences of emergent marketing strategies and test it with a sample of 214 UK enterprises. The results suggest that dimensions of market uncertainty (i.e. dynamism and complexity) and strategic feedback systems influence the formation of emergent marketing strategy. Furthermore, the data reveal that market uncertainty aspects condition the association between emergent marketing strategies and market performance in different ways. These findings provide new insights into how emergent marketing strategies evolve and influence organizational outcomes.     

Assessing Engineering Resilience for Systems with Multiple Performance Measures

Recently, efforts to model and assess a system's resilience to disruptions due to environmental and adversarial threats have increased substantially. Researchers have investigated resilience in many disciplines, including sociology, psychology, computer networks, and engineering systems, to name a few. When assessing engineering system resilience, the resilience assessment typically considers a single performance measure, a disruption, a loss of performance, the time required to recover, or a combination of these elements. We define and use a resilient engineered system definition that separates system resilience into platform and mission resilience. Most complex systems have multiple performance measures; this research proposes using multiple objective decision analysis to assess system resilience for systems with multiple performance measures using two distinct methods. The first method quantifies platform resilience and includes resilience and other “ilities” directly in the value hierarchy, while the second method quantifies mission resilience and uses the “ilities” in the calculation of the expected mission performance for every performance measure in the value hierarchy. We illustrate the mission resilience method using a transportation systems‐of‐systems network with varying levels of resilience due to the level of connectivity and autonomy of the vehicles and platform resilience by using a notional military example. Our analysis found that it is necessary to quantify performance in context with specific mission(s) and scenario(s) under specific threat(s) and then use modeling and simulation to help determine the resilience of a system for a given set of conditions. The example demonstrates how incorporating system mission resilience can improve performance for some performance measures while negatively affecting others.     

Risk and Systems Theory

The last few decades have seen increasingly widespread use of risk assessment and management techniques as aids in making complex decisions. However, despite the progress that has been made in risk science, there still remain numerous examples of risk-based decisions and conclusions that have caused great controversy. In particular, there is a great deal of debate surrounding risk assessment: the role of values and ethics and other extra-scientific factors, the efficacy of quantitative versus qualitative analysis, and the role of uncertainty and incomplete information. Many of the epistemological and methodological issues confronting risk assessment have been explored in general systems theory, where techniques exist to manage such issues. However, the use of systems theory and systems analysis tools is still not widespread in risk management. This article builds on the Alachlor risk assessment case study of Brunk, Haworth, and Lee to present a systems-based view of the risk assessment process. The details of the case study are reviewed and the authors' original conclusions regarding the effects of extra-scientific factors on risk assessment are discussed. Concepts from systems theory are introduced to provide a mechanism with which to illustrate these extra-scientific effects The role of a systems study within a risk assessment is explained, resulting in an improved view of the problem formulation process The consequences regarding the definition of risk and its role in decision making are then explored.     

On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism

This article highlights the complexity of the quantification of the multidimensional risk function, develops five systems‐based premises on quantifying the risk of terrorism to a threatened system, and advocates the quantification of vulnerability and resilience through the states of the system. The five premises are: (i) There exists interdependence between a specific threat to a system by terrorist networks and the states of the targeted system, as represented through the system's vulnerability, resilience, and criticality‐impact. (ii) A specific threat, its probability, its timing, the states of the targeted system, and the probability of consequences can be interdependent. (iii) The two questions in the risk assessment process: “What is the likelihood?” and “What are the consequences?” can be interdependent. (iv) Risk management policy options can reduce both the likelihood of a threat to a targeted system and the associated likelihood of consequences by changing the states (including both vulnerability and resilience) of the system. (v) The quantification of risk to a vulnerable system from a specific threat must be built on a systemic and repeatable modeling process, by recognizing that the states of the system constitute an essential step to construct quantitative metrics of the consequences based on intelligence gathering, expert evidence, and other qualitative information. The fact that the states of all systems are functions of time (among other variables) makes the time frame pivotal in each component of the process of risk assessment, management, and communication. Thus, risk to a system, caused by an initiating event (e.g., a threat) is a multidimensional function of the specific threat, its probability and time frame, the states of the system (representing vulnerability and resilience), and the probabilistic multidimensional consequences.     

Decision analysis and risk models for land development affecting infrastructure systems

Coordination and layering of models to identify risks in complex systems such as large-scale infrastructure of energy, water, and transportation is of current interest across application domains. Such infrastructures are increasingly vulnerable to adjacent commercial and residential land development. Land development can compromise the performance of essential infrastructure systems and increase the costs of maintaining or increasing performance. A risk-informed approach to this topic would be useful to avoid surprise, regret, and the need for costly remedies. This article develops a layering and coordination of models for risk management of land development affecting infrastructure systems. The layers are: system identification, expert elicitation, predictive modeling, comparison of investment alternatives, and implications of current decisions for future options. The modeling layers share a focus on observable factors that most contribute to volatility of land development and land use. The relevant data and expert evidence include current and forecasted growth in population and employment, conservation and preservation rules, land topography and geometries, real estate assessments, market and economic conditions, and other factors. The approach integrates to a decision framework of strategic considerations based on assessing risk, cost, and opportunity in order to prioritize needs and potential remedies that mitigate impacts of land development to the infrastructure systems. The approach is demonstrated for a 5,700-mile multimodal transportation system adjacent to 60,000 tracts of potential land development.     

An Integrated Approach for Modeling Sustainability Risks in Freight Transportation Systems

Integrating sustainability into freight transportation systems (FTSs) is a complex and challenging task due to the sheer number of inherent sustainability risks. Sustainability risks disrupt the economic, social and environmental objectives of freight operations and act as impediments in the development of sustainable freight transportation systems. The area of sustainability risk management is still unexplored and immature in the operational research domain. This study addresses these research gaps and contributes in a threefold manner. First, a total of 36 potential sustainability risks related to FTSs are identified and uniquely classified into seven categories using a rigourous approach. Second, the research proposes two prominent perspectives, namely, ontological and epistemological perspectives to understand risks and develops a novel framework for managing sustainability risks in FTSs. Third, a novel approach by integrating fuzzy evidential reasoning algorithm (FERA) with expected utility theory is developed to quantitatively model and profile sustainability risk for different risk preferences, namely, risk-averse, risk-neutral, and risk-taking scenarios. The proposed FERA is a flexible and robust approach, which transforms the experts’ inputs into belief structures and aggregates them using the evidence combination rule proposed in Dempster–Shafer theory to overcome the problem of imprecise results caused by average scoring in existing models. A sensitivity analysis is conducted to demonstrate the robustness of the proposed model. Unlike conventional perception, our study suggests that most of the high priority sustainability risks are behaviorally and socially induced rather than financially driven. The results provide significant managerial implications including a focus on skills development, and on social and behavioral dimensions while managing risks in FTSs.     

Risk and the Five Hard Problems of Cybersecurity

This perspectives article addresses risk in cyber defense and identifies opportunities to incorporate risk analysis principles into the cybersecurity field. The Science of Security (SoS) initiative at the National Security Agency seeks to further and promote interdisciplinary research in cybersecurity. SoS organizes its research into the Five Hard Problems (5HP): (1) scalability and composability; (2) policy‐governed secure collaboration; (3) security‐metrics–driven evaluation, design, development, and deployment; (4) resilient architectures; and (5) understanding and accounting for human behavior. However, a vast majority of the research sponsored by SoS does not consider risk and when it does so, only implicitly. Therefore, we identify opportunities for risk analysis in each hard problem and propose approaches to address these objectives. Such collaborations between risk and cybersecurity researchers will enable growth and insight in both fields, as risk analysts may apply existing methodology in a new realm, while the cybersecurity community benefits from accepted practices for describing, quantifying, working with, and mitigating risk.     

Methodology for the Calculation of Annualized Incremental Risks in Systems of Dams

In the past few years, the field of dam safety has approached risk informed methodologies throughout the world and several methodologies and programs are appearing to aid in the systematization of the calculations. The most common way of implementing these calculations is through the use of event trees, computing event probabilities, and incremental consequences. This methodology is flexible enough for several situations, but its generalization to the case of systems of several dams is complex and its implementation in a completely general calculation methodology presents some problems. Retaining the event tree framework, a new methodology is proposed to calculate incremental risks. The main advantage of this proposed methodology is the ease with which it can be applied to systems of several dams: with a single risk model that describes the complete system and with a single calculation the incremental risks of the system can be obtained, being able to allocate the risk of each dam and of each failure mode. The article shows how both methodologies are equivalent and also applies them to a case study.     

On the Complex Definition of Risk: A Systems-Based Approach

The premise of this article is that risk to a system, as well as its vulnerability and resilience, can be understood, defined, and quantified most effectively through a systems-based philosophical and methodological approach, and by recognizing the central role of the system states in this process. A universally agreed-upon definition of risk has been difficult to develop; one reason is that the concept is multidimensional and nuanced. It requires an understanding that risk to a system is inherently and fundamentally a function of the initiating event, the states of the system and of its environment, and the time frame. In defining risk, this article posits that: (a) the performance capabilities of a system are a function of its state vector; (b) a system's vulnerability and resilience vectors are each a function of the input (e.g., initiating event), its time of occurrence, and the states of the system; (c) the consequences are a function of the specificity and time of the event, the vector of the states, the vulnerability, and the resilience of the system; (d) the states of a system are time-dependent and commonly fraught with variability uncertainties and knowledge uncertainties; and (e) risk is a measure of the probability and severity of consequences. The above implies that modeling must evaluate consequences for each risk scenario as functions of the threat (initiating event), the vulnerability and resilience of the system, and the time of the event. This fundamentally complex modeling and analysis process cannot be performed correctly and effectively without relying on the states of the system being studied.     

Topological Performance Measures as Surrogates for Physical Flow Models for Risk and Vulnerability Analysis for Electric Power Systems

Critical infrastructure systems must be both robust and resilient in order to ensure the functioning of society. To improve the performance of such systems, we often use risk and vulnerability analysis to find and address system weaknesses. A critical component of such analyses is the ability to accurately determine the negative consequences of various types of failures in the system. Numerous mathematical and simulation models exist that can be used to this end. However, there are relatively few studies comparing the implications of using different modeling approaches in the context of comprehensive risk analysis of critical infrastructures. In this article, we suggest a classification of these models, which span from simple topologically‐oriented models to advanced physical‐flow‐based models. Here, we focus on electric power systems and present a study aimed at understanding the tradeoffs between simplicity and fidelity in models used in the context of risk analysis. Specifically, the purpose of this article is to compare performance estimates achieved with a spectrum of approaches typically used for risk and vulnerability analysis of electric power systems and evaluate if more simplified topological measures can be combined using statistical methods to be used as a surrogate for physical flow models. The results of our work provide guidance as to appropriate models or combinations of models to use when analyzing large‐scale critical infrastructure systems, where simulation times quickly become insurmountable when using more advanced models, severely limiting the extent of analyses that can be performed.     

Exploring Risk Judgments in a Trade Dispute Using Bayesian Networks

Bayesian networks (BNs) are graphical modeling tools that are generally recommended for exploring what‐if scenarios, visualizing systems and problems, and for communication between stakeholders during decision making. In this article, we investigate their potential for exploring different perspectives in trade disputes. To do so, we draw on a specific case study that was arbitrated by the World Trade Organization (WTO): the Australia‐New Zealand apples dispute. The dispute centered on disagreement about judgments contained within Australia's 2006 import risk analysis (IRA). We built a range of BNs of increasing complexity that modeled various approaches to undertaking IRAs, from the basic qualitative and semi‐quantitative risk analyses routinely performed in government agencies, to the more complex quantitative simulation undertaken by Australia in the apples dispute. We found the BNs useful for exploring disagreements under uncertainty because they are probabilistic and transparently represent steps in the analysis. Different scenarios and evidence can easily be entered. Specifically, we explore the sensitivity of the risk output to different judgments (particularly volume of trade). Thus, we explore how BNs could usefully aid WTO dispute settlement. We conclude that BNs are preferable to basic qualitative and semi‐quantitative risk analyses because they offer an accessible interface and are mathematically sound. However, most current BN modeling tools are limited compared with complex simulations, as was used in the 2006 apples IRA. Although complex simulations may be more accurate, they are a black box for stakeholders. BNs have the potential to be a transparent aid to complex decision making, but they are currently computationally limited. Recent technological software developments are promising.     

中国金融市场系统复杂性的演化机理与管理研究

已有的实证结果表明中国金融市场这一复杂系统在发展过程中表现出相关性、非线性和适应性.本文以货币、证券及外汇三个主要子市场及构成的整体金融市场为对象,探究其在结构、作用和功能方面的演化机理与管理问题.具体提出了金融市场复杂性特征与演化机理间的表征关系,对各演化机理建立了模型框架,并依此应用分析股票市场中的泡沫现象.其中,针对相关性提出三体"束缚"模型,以描述各子市场间的复杂关系;针对非线性提出基于朗之万方程的动力学模型,以划分内生演进及外生随机两类非线性作用;针对适应性提出动态反馈模式,以反映不同非线性作用下金融市场演化的路径及动态适应的能力.进而结合宏观市场的时空演变结构,从金融系统的环境、组成、关联、演化、稳定、风险各方面构建起应对复杂性的宏观管理框架.