This paper examines a set of abstract, top-level principles and subprinciples collected from the literature to determine their usefulness in enabling the avoidance, survival, and recovery from disruptions caused by threats of various sources. The principles are compared to concrete solutions recommended by domain experts in various case studies and to the actual events in those case studies. Also examined are the limitations, conflicts, and vulnerabilities that may be apparent when concrete solutions are created from these principles. The systems considered are physical, organizational, and procedural systems. Examples include cases from fire protection, aviation, railways, and power distribution domains. Threats examined include terrorist attacks, natural disasters, and human and design error. Each principle is found to apply to different phases of the disruption cycle surrounding an encounter with a threat. It is found that principles, in general, cannot be applied singly to a system but must be combined with other principles to enable resilience. System developers in various domains can use the principles to create concrete solutions to characterize a particular system, model that solution, and determine the degree of recovery of the system from a specified threat. ©2012 Wiley Periodicals, Inc. Syst Eng 16
[1]
David Woods,et al.
Resilience Engineering: Concepts and Precepts
,
2006
.
[2]
Jennifer Maxwell,et al.
Observations of the Resilience Architecture of the Firefighting and Emergency Response Infrastructure
,
2009
.
[3]
Scott Jackson,et al.
Architecting Resilient Systems: Accident Avoidance and Survival and Recovery from Disruptions
,
2008
.
[4]
Gladys C. Hansen,et al.
Denial of Disaster
,
1989
.
[5]
Nancy G. Leveson,et al.
A New Approach To System Safety Engineering
,
2005
.
[6]
D. L. Simms,et al.
Normal Accidents: Living with High-Risk Technologies
,
1986
.
[7]
Azad M. Madni,et al.
Towards a Conceptual Framework for Resilience Engineering
,
2009,
IEEE Systems Journal.