Increased rigor required in resilience engineering

Dec. 2, 2015

Organizations seeking resilience must monitor, respond, anticipate and learn.

Resilience is a property, or a set of attributes, that allows systems to withstand, respond and adapt to disruption, while continuing with critical functions. That’s not business as usual.

For example, say a disaster significantly compromises a drinking water system. Given how the world has changed since the water system was first brought online, a like-to-like asset replacement might not be appropriate. Instead, what’s needed is the kind of thinking that leads to smart grids or smart cities.

Smaller footprints and less energy intensiveness can lead to "resilience by design," where it is the system functionality, not the system itself, that is most important.

In October, Lloyd’s Register Foundation released its report "Foresight review of resilience engineering: Designing for the expected and unexpected." In summary, the review says organizations seeking resilience must monitor, respond, anticipate and learn. In other words, it’s about being flexible, not building a bunker.

While each element of an engineered system can be assessed for resilience by examining failures caused by events that exceed the design conditions using computer-simulation models, this approach can prove inadequate when working with complex legacy systems or in the context of impending, asymmetric natural or social phenomena.

Examine the situation

In a dangerous, fragile world, the need for resilient systems, including in water processes for public utilities and infrastructure, as well as in private industry, is widely evident. The most serious types of concerns arise from anything from external threats such as war or terrorism, mass population change or climate evolution, to internal political paralysis, social dysfunction or financial stagnation.

In fact, it can be a relief when someone’s most immediate concerns have to do with his or her own company’s organizational deficiencies. After all, at least in theory, we can do something about that. 

On the other hand, many different ways exist for the organization to fail.

To start, the organization might not think to or have the means to acquire the data needed to understand a threat. Perhaps it has the data but fails to understand its meaning. The inability to take in what the process-control system was telling operators played a significant role in the Deepwater Horizon disaster in the Gulf of Mexico. Alternately, like the U.S. executive prior to 9/11, it may have intelligence relative to a threat but fail to take action because of an inappropriate focus on other concerns.

Clearly, neither you nor your team want to be labelled as having knowledge of a threat but choosing to let it go.

Take a cross-discipline approach

The Lloyd’s Register review says that globalization and the kind of short-term focus associated with corporate capitalism add to the impending risk of both expected and unexpected events.

Of course, discerning between the expected and unexpected can be difficult. Who can say for sure how the probability of a disaster changes when weather itself is changing in ways that are not fully understood?

Clearly, however, engineers and contractors in the U.S. have changed how they size structures, and equipment used in water works and other infrastructure to account for a perceived increase in weather variability. Talk of doubling and tripling of potential loads is not uncommon.

Another traditional organizational roadblock that could inhibit effective resilience engineering is that doing it calls for a cross-discipline approach. When efforts, even important ones, call for bringing together disparate disciplines, it takes longer for solutions to emerge; longer to guarantee factions aren’t working at cross-purposes; and, most importantly, longer to correctly align incentives.

Resilience engineering takes in the natural, physical and social sciences as well as economics and public policy. The first point of agreement must be to define resilience engineering. To do that, it’s important to have a more certain grasp of the elements that characterize resilience.

As the Lloyd’s Register review reports, "any solution will include assessment and predictive capabilities that don’t presently exist, including identification, collection and analysis of relevant data." A final significant challenge mentioned is that solutions must be retrofitted onto a universe of widely disparate systems already in place. In fact, in industrial settings, the integration of disparate generations of technology has been a constant challenge

Where to look

The review authors said financial systems, communication and critical supply chains are both highly networked and interdependent. “Demographic change is unprecedented and human capacity more mobile than ever. Global companies can have more influence and impact on lives than governments," say professors Michael Bruno, Stevens Institute of Technology, and Richard Clegg, managing director at Lloyd’s Register Foundation. "Highly networked systems and societies are not well understood, and unexpected characteristics and features may emerge."

Ecological and physical systems have the potential to be resilient, as do complex systems such as supply chains as well as communities and organizations.

Some standards and guidelines already promulgated in this area include the British Standards Institution’s Guidance for Organizational Resilience (BS 65000) and the U.S. Presidential Policy Directive (PPD/21) on Critical Infrastructure Security and Resilience. In March 2015 the U.N. Office for Disaster Risk Reduction (UNISDR) began to implement a new ISO standard for resilient and sustainable cities, ISO 37120. Each has its own definition of resilience, which is indicative of continuing efforts to define a challenge that potentially impacts everyone.

How to measure

The writers of the Lloyd’s Register review confess that most published work to date on resilience engineering is qualitative in nature. To remedy the situation, they call for a common language, underlying theory and quantitative rigor, particularly when describing the stochastic nature of resilience along a time domain.

(When behavior is stochastic, it implies a random probability distribution or pattern that can be analyzed statistically but not predicted precisely.)

In fact, given the many different kinds of contingencies that could attack a system’s resiliency, what we have is a kind of engineering that is as much art as science. At the end of day then, does imparting resilience remain dependent on the call-to-action slogans of "monitor, respond, learn and anticipate?"

The answer is no. Planning can begin by assessing "the probability that the system will reach the lowest point of the critical functionality profile," say the review’s authors. Engineered systems are components of complex, interconnected, interdependent socio-technical systems. True resilience engineering would account for all contributing and impacted influences, with consideration given to the natural, social, human, built and financial components.

"What matters is preserving and even enhancing critical functionality, not the pre-existing system," says Erik Hollnagel, Ph.D., Linkoping University, Sweden, an editor of Resilience Engineering: Concepts and Precepts.

Future agenda

The authors of the Lloyd’s Register Foundation report note the significant advances made in system risk assessment in the 1960s and 1970s. They now look for development of supporting technologies and techniques for systematic identification of vulnerabilities to natural and man-made events. This will allow quantification processes to be launched for measuring associated network resilience and risk. The final result would be the means to objectively achieve a resilient system.

The resulting solutions, say the review’s authors, must be less about minimizing the risk of failure and more about creating systems that are higher performing under both normal and unanticipated conditions. This has been characterized as the transition from "safety 1," which addresses risk via prevention, elimination and constraints, and "safety 2," which aims at success even under adverse events.

As Hollnagel points out, most events are due to system component failure. Therefore, what’s important is how a system succeeds, and not so much how it fails.

The example addressing the challenge of aging infrastructure is taken from the water industry. Eidenger and Davis, in a report to the Water Research Foundation on the implication of recent earthquakes on U.S. water utilities, note that it is impractical for both financial and technical reasons to upgrade all aging parts of a water system to withstand all levels of future earthquakes or other hazards with no damage.

A more pragmatic approach is to identify and prioritize those facilities most prone to suffering damage that would result in a risk to the facilities and the community they serve. For other elements of the system, a certain amount of damage would be expected. A formal classification system of facility elements will clarify to the situation.

Final note

The review authors point out that it’s commonly thought that human error is a ruling factor in many disasters. They say this isn’t the case and that "people are the resource for flexibility and resilience" that allows for continuing service amidst wide-scale disruptions.

At the end of day, though, this reliance on humans’ intuitive insight into fast-changing environments leads back again to the realization that the art of safety and security is far from being science.

The authors envision "a global, open, modeling and simulation platform that accepts models of physical phenomena, human behavior, economic impact, enterprise, financial decision making, structural engineering, climate change and others that allow them to interact."

They look forward to visualization and virtualization technologies that allow what-if scenarios and real-time data streams. After that, we can hope for better communications from systems and sub-systems down to the point where, again, informed individuals make better decisions.

The Foresight review in resilience engineering is the fourth in a series from the Lloyd’s Register Foundation and can be downloaded from the foundation’s website.

The Lloyd’s Register Foundation is a U.K. charity, established in 2012, which funds the advancement of engineering-related education and research and supports work that enhances safety of life at sea, on land and in the air. For more information, visit

Sponsored Recommendations

NFPA 70B a Step-by-Step Guide to Compliance

NFPA 70B: A Step-by-Step Guide to Compliance

MV equipment sustainability depends on environmentally conscious design values

Medium- and low voltage equipment manufacturers can prepare for environmental regulations now by using innovative MV switchgear design that eliminates SF6 use.

Social Distancing from your electrical equipment?

Using digital tools and apps for nearby monitoring and control increases safety and reduces arc flash hazards since electrical equipment can be operated from a safer distance....

Meet the future of MV switchgear

SureSeT new-generation metal-clad. Smarter. Smaller. Stronger.