Identifying and reducing technological contributions to end-user vulnerability

Essential life-needs are commonly supplied to end-users by complex and heterogeneous technological systems that have many potential failure-points and hence contribute vulnerability. The vulnerabilities under consideration in this study are those arising from the length and complexity of the technological system used to bring these life-needs to the end-user. Public awareness of dependence is evidenced at the corporate and national level by the expenditure of time and effort on infrastructure hardening, and at the individual level by a range of self-sufficiency and personal preparedness movements. Although the awareness of such dependence is commonly described using a term such as vulnerability, this term is imprecisely defined, and a lack of quantifiable measures hampers assessment of the absolute and relative value of methods that are designed to decrease vulnerability. Published studies of infrastructure systems, supply chains, power distribution systems, communications and other networks have shown concern for system owners but little specific concern for the vulnerability of the end-user. Studies using network theory have considered homogeneous networks but these are not applicable to the heterogeneous technological systems that supply individuals. Risk analyses are highly dependent upon expert identifications of hazards and probabilities, and do not address situations in which there are intentional threats or long time-frames. A review of published material indicated a need to consider the vulnerability of individual urban-dwelling end-users, and particularly apartment-dwellers, to the essential services that are available only via technological systems. The research question "For goods or services delivered to end-users, what measure of vulnerability can be attributed to the technological systems that are currently used, and what reductions can be obtained by changes to the technological approach or configuration” was formulated to consider this need. A review of issues associated with the assessment of vulnerability also demonstrated the significance of the configuration of a technological system and a need to assess the contribution to vulnerability that is caused by heterogeneous technological systems. The number and the type of weaknesses in a technological system are shown to be a calculable property of the configuration of that technological system, and the metric of the number and type of weaknesses is well described by the term "exposure". The exposure metric is not dependent on the completeness of a brainstorming exercise to identify hazards, does not require any assessment of hazard probability and is shown to be a valid measure of the contribution of the technological system to the end-user's vulnerability with respect to that specific system. The research question is addressed by describing example cases in which services are delivered to a representative end-user. A number of possible examples were considered and six were chosen to represent a broad variety of goods and services, and a variety of technological systems used in the supply process. The exposure of the selected technological systems was examined. The investigations identified specific contributions to vulnerability and evaluated the effectiveness of possible approaches to reduce these vulnerabilities. Measurement of the exposure of the examples and the hypothesised changes to the examples showed that this approach was capable of identifying contributors to vulnerability and of quantifying the reductions offered by hypothetical changes. Issues that were examined as hypothetical changes to the technological systems included the development of open-standards for the specification of intermediate products (allowing alternative providers), the introduction of highly decentralised options for services that are currently highly centralised and the application of re-purposable components. Analysis showed that application of the exposure metric generated insights and options that were not identified by risk analysis approaches; hence, this metric contributes to both practice and the academic field. Hypothesised changes to the examples were assessed in terms of both effectiveness and nature. These changes were shown to offer significant reductions in vulnerability, achieved in some cases by reducing dependence on large and centralised systems and achieved in other cases by ensuring alternative sources for intermediate streams. Specific technological gaps, including the lack of power storage technology, were identified. This study has demonstrated the contribution of technological systems to users' vulnerability. The study has also quantified this contribution to vulnerability for a range of cases and shown approaches for reduction of vulnerability.

[1]  Enrico Zio,et al.  Assessing the Performance of a Classification-Based Vulnerability Analysis Model. , 2015, Risk analysis : an official publication of the Society for Risk Analysis.

[2]  Ake J Holmgren,et al.  Using Graph Models to Analyze the Vulnerability of Electric Power Networks , 2006, Risk analysis : an official publication of the Society for Risk Analysis.

[3]  Robert A. Freitas,et al.  Kinematic Self-Replicating Machines , 2004 .

[4]  E. Zio,et al.  Complex Networks Vulnerability: A Multiple-Objective Optimization Approach , 2007, 2007 Annual Reliability and Maintainability Symposium.

[5]  Sri Krishna Kumar,et al.  Minimisation of supply chain cost with embedded risk using computational intelligence approaches , 2010 .

[6]  James R. Martin,et al.  Technical Council on Lifeline Earthquake Engineering Monograph , 1999 .

[7]  Yuan Xue,et al.  Providing survivability against jamming attack for multi-radio multi-channel wireless mesh networks , 2011, J. Netw. Comput. Appl..

[8]  Mary C. Edson,et al.  A guide to systems research : philosophy, processes and practice , 2017 .

[9]  Ilker Akgun,et al.  Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism , 2010, Expert Syst. Appl..

[10]  Cameron A MacKenzie,et al.  Summarizing Risk Using Risk Measures and Risk Indices , 2014, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  Sybil Derrible,et al.  The complexity and robustness of metro networks , 2010 .

[12]  Peide Liu,et al.  Investigation into Evaluation of Agriculture Informatization Level Based on Two-Tuple , 2011 .

[13]  Ke Xu,et al.  Enhancing the robustness of scale-free networks , 2009, ArXiv.

[14]  Enrico Zio,et al.  Foundational Issues in Risk Assessment and Risk Management , 2012, Risk analysis : an official publication of the Society for Risk Analysis.

[15]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[16]  Kalanithy Vairavamoorthy,et al.  A New Approach of Risk Analysis for Complex Infrastructure Systems under Future Uncertainties: A Case of Urban Water Systems , 2011 .

[17]  Leon Hirsch Catastrophe Risk And Response , 2016 .

[18]  Elise Miller-Hooks,et al.  Resilience Framework for Ports and Other Intermodal Components , 2010 .

[19]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[20]  Salim Hariri,et al.  Design and evaluation of resilient infrastructures systems for smart cities , 2016, 2016 IEEE International Smart Cities Conference (ISC2).

[21]  D.H. Rhodes,et al.  Empirical Validation of Design Principles for Survivable System Architecture , 2008, 2008 2nd Annual IEEE Systems Conference.

[22]  Ana R. Cavalli,et al.  An Attack-Tolerant Framework for Web Services , 2017, 2017 IEEE International Conference on Services Computing (SCC).

[23]  T. Thrall Work redesign. , 2003, Hospitals & health networks.

[24]  T. Aven,et al.  On the Concept and Definition of Terrorism Risk , 2015, Risk analysis : an official publication of the Society for Risk Analysis.

[25]  Li Li,et al.  Enhancing the Robustness and Efficiency of Scale-free Network with Limited Link Addition , 2012, KSII Trans. Internet Inf. Syst..

[26]  Yuhai Tu,et al.  How robust is the Internet? , 2000, Nature.

[27]  J. Yorke,et al.  Chaos: An Introduction to Dynamical Systems , 1997 .

[28]  David J. LePoire,et al.  Technology and the hydra of terrorism , 2007 .

[29]  OpenDocument Schema Information technology — Open Document Format for Office Applications (OpenDocument) v1.2 — , 2015 .

[30]  Hongzhong Deng,et al.  Vulnerability of complex networks under intentional attack with incomplete information , 2007 .

[31]  Tom Petersen,et al.  Importance and Exposure in Road Network Vulnerability Analysis , 2006 .

[32]  John Doyle,et al.  Contrasting Views of Complexity and Their Implications For Network-Centric Infrastructures , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[33]  Jian Guan,et al.  A digraph model for risk identification and mangement in SCADA systems , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[34]  Duan Manyin Vulnerability assessment of bulk power grid based on weighted directional graph and complex network theory , 2009 .

[35]  Yaneer Bar-Yam,et al.  Vulnerability Analysis of High Dimensional Complex Systems , 2010, SSS.

[36]  John Doucette,et al.  Dual-failure availability analysis for multi-flow shared backup path protected mesh networks , 2016, 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM).

[37]  Terje Aven,et al.  Foundational Issues in Risk Assessment and Risk Management , 2012, Risk analysis : an official publication of the Society for Risk Analysis.

[38]  Adrian V. Gheorghe,et al.  Towards QVA – Quantitative Vulnerability Assessment: a generic practical model , 2004 .

[39]  J. Diamond Collapse: How Societies Choose to Fail or Succeed , 2005 .

[40]  S. Low,et al.  The "robust yet fragile" nature of the Internet. , 2005, Proceedings of the National Academy of Sciences of the United States of America.

[41]  Dimitrina S Dimitrova,et al.  Modeling Finite-Time Failure Probabilities in Risk Analysis Applications. , 2015, Risk analysis : an official publication of the Society for Risk Analysis.

[42]  Tamzen K. Stringham,et al.  Catastrophic Thresholds: A Synthesis of Concepts, Perspectives, and Applications , 2010 .

[43]  Beom Jun Kim,et al.  Attack vulnerability of complex networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[44]  Y. Haimes,et al.  Leontief-Based Model of Risk in Complex Interconnected Infrastructures , 2001 .

[45]  J. Wacker A definition of theory: research guidelines for different theory-building research methods in operations management , 1998 .

[46]  Pamela Baxter,et al.  Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers , 2008 .

[47]  Adrian V. Gheorghe,et al.  Quantitative Vulnerability Assessment of Critical Infrastructures: watching for hidden faults , 2008, Int. J. Crit. Infrastructures.

[48]  Liu Hong,et al.  Vulnerability analysis of interdependent infrastructure systems: A methodological framework , 2012 .

[49]  James P. Crutchfield,et al.  The Hidden Fragility of Complex Systems— Consequences of Change, Changing Consequences , 2020, 2003.11153.

[50]  Bharat K. Bhargava,et al.  Extending Attack Graph-Based Security Metrics and Aggregating Their Application , 2012, IEEE Transactions on Dependable and Secure Computing.

[51]  Albert-László Barabási,et al.  Error and attack tolerance of complex networks , 2000, Nature.

[52]  Kenneth J. Schlager,et al.  Systems engineering-key to modern development , 1956, IRE Transactions on Engineering Management.

[53]  J. Menken,et al.  A Study of History , 1935, Nature.

[54]  T. Homer-Dixon The Upside of Down: Catastrophe, Creativity and the Renewal of Civilization , 2006 .

[55]  B. Drossel,et al.  Positive complexity-stability relations in food web models without foraging adaptation. , 2009, Journal of theoretical biology.

[56]  Liangzhong Yao,et al.  Vulnerability assessment for cascading failures in electric power systems , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[57]  Barry Charles Ezell,et al.  Infrastructure Vulnerability Assessment Model (I‐VAM) , 2007, Risk analysis : an official publication of the Society for Risk Analysis.

[58]  Kathleen M. Eisenhardt,et al.  Developing Theory Through Simulation Methods , 2006 .

[59]  Sven Ove Hansson,et al.  Is Risk Analysis Scientific? , 2014, Risk analysis : an official publication of the Society for Risk Analysis.

[60]  Erik Hollnagel,et al.  Resilience Engineering in Practice: A Guidebook , 2012 .

[61]  Yacov Y Haimes,et al.  On the Definition of Vulnerabilities in Measuring Risks to Infrastructures , 2006, Risk analysis : an official publication of the Society for Risk Analysis.

[62]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[63]  M.W. Ludema,et al.  Reliable and invulnerable supply networks , 2006, 2006 IEEE International Conference on Service Operations and Logistics, and Informatics.

[64]  Ernesto Estrada,et al.  Food webs robustness to biodiversity loss: the roles of connectance, expansibility and degree distribution. , 2007, Journal of theoretical biology.

[65]  Irene Eusgeld,et al.  "System-of-systems" approach for interdependent critical infrastructures , 2011, Reliab. Eng. Syst. Saf..

[66]  Michelle Dunbar,et al.  On the quantification of operational supply chain resilience , 2015 .

[67]  D. L. Simms,et al.  Normal Accidents: Living with High-Risk Technologies , 1986 .

[68]  Geoffrey C. Poole,et al.  Ecology and Society , 2006 .

[69]  A. Maslow A Theory of Human Motivation , 1943 .

[70]  John A. Gambatese,et al.  Qualitative Research: Application of the Delphi Method to CEM Research , 2010 .

[71]  Leonardo Dueñas-Osorio,et al.  Optimisation-based decision-making for complex networks in disastrous events , 2011 .

[72]  Yacov Y. Haimes,et al.  On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism , 2011, Risk analysis : an official publication of the Society for Risk Analysis.

[73]  Gregory Levitin,et al.  Survivability of series-parallel systems with multilevel protection , 2005, Reliab. Eng. Syst. Saf..

[74]  Mikael Gidlund,et al.  Future research challenges of secure heterogeneous industrial communication networks , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).

[75]  AkgunIlker,et al.  Fuzzy integrated vulnerability assessment model for critical facilities in combating the terrorism , 2010 .

[76]  Marvin Rausand,et al.  An Approach to Vulnerability Analysis of Complex Industrial Systems , 1998 .

[77]  Maria Alaranta,et al.  Combining theory-testing and theory-building analyses of case study data , 2006, ECIS.

[78]  S. Long Socioanalytic Methods: Discovering the Hidden in Organisations and Social Systems , 2013 .

[79]  Marwan Bikdash,et al.  Critical infrastructure interdependency modeling: Using graph models to assess the vulnerability of smart power grid and SCADA networks , 2011, 2011 8th International Conference & Expo on Emerging Technologies for a Smarter World.

[80]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .

[81]  I. A. Nazarova Models and methods for solving the problem of network vulnerability , 2006 .

[82]  Albert-László Barabási,et al.  Scale-free networks , 2008, Scholarpedia.

[83]  Rebekah R. Brown,et al.  Working towards sustainable urban water management: the vulnerability blind spot. , 2011, Water science and technology : a journal of the International Association on Water Pollution Research.

[84]  Victoria L. Crittenden,et al.  Ruminations about making a theoretical contribution , 2011 .

[85]  Uwe Starossek,et al.  Disproportionate Collapse: Terminology and Procedures , 2010 .

[86]  M. L. Carreño,et al.  A disaster risk management performance index , 2007 .

[87]  J. Zhang,et al.  Eternal 5D data storage by ultrafast laser writing in glass , 2016, SPIE LASE.

[88]  Nam P. Nguyen,et al.  Exploiting the Robustness on Power-Law Networks , 2011, COCOON.

[89]  Ken E. Giller,et al.  Application of Fuzzy Cognitive Mapping in Livelihood Vulnerability Analysis , 2011 .

[90]  S. A. Timashev,et al.  Entropy Approach to Risk-Analysis of Critical Infrastructures Systems , 2011 .

[91]  Hui-Huang Chen,et al.  Complex Network Characteristics and Invulnerability Simulating Analysis of Supply Chain , 2012, J. Networks.

[92]  L. Robertson From societal fragility to sustainable robustness: Some tentative technology trajectories , 2010 .

[93]  Naim Afgan,et al.  Sustainable resilience of hydrogen energy system , 2012 .

[94]  Lindu Zhao,et al.  Research on measuring method of supply chain resilience based on biological cell elasticity theory , 2011, 2011 IEEE International Conference on Industrial Engineering and Engineering Management.

[95]  Lutz Lowis,et al.  Vulnerability Analysis in SOA-Based Business Processes , 2011, IEEE Transactions on Services Computing.

[96]  Kathleen M. Eisenhardt,et al.  Theory Building From Cases: Opportunities And Challenges , 2007 .

[97]  Harry Eugene Stanley,et al.  Catastrophic cascade of failures in interdependent networks , 2009, Nature.

[98]  M. Khouja The single-period (news-vendor) problem: literature review and suggestions for future research , 1999 .

[99]  S.D. Wolthusen,et al.  Analysis and Statistical Properties of Critical Infrastructure Interdependency Multiflow Models , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[100]  Axel W. Krings,et al.  A Resilient Real-Time Traffic Control System , 2015, 2015 IEEE 18th International Conference on Intelligent Transportation Systems.

[101]  Michel Raynal,et al.  Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12 , 2007 .

[102]  B. McCullough,et al.  Measurement Theory and Practice: The World Through Quantification , 2005 .

[103]  Eric Châtelet,et al.  An efficient process to reduce infrastructure vulnerabilities facing malevolence , 2009, Reliab. Eng. Syst. Saf..

[104]  Frank L. Lewis,et al.  Heterogeneous Multi-Agent Systems: Reduced-Order Synchronization and Geometry , 2016, IEEE Transactions on Automatic Control.

[105]  Paul Jeffrey,et al.  Applying Network Theory to Quantify the Redundancy and Structural Robustness of Water Distribution Systems , 2012 .

[106]  Stefano Panzieri,et al.  Agent-based input-output interdependency model , 2010, Int. J. Crit. Infrastructure Prot..

[107]  Robert L. Wears,et al.  Resilience Engineering: Concepts and Precepts , 2006, Quality and Safety in Health Care.

[108]  A. Goldberg General System Theory: Foundations, Development, Applications. , 1969 .

[109]  Tri Giang Phan,et al.  Fabricating low cost and high performance elastomer lenses using hanging droplets. , 2014, Biomedical optics express.

[110]  V. Arnold Dynamical systems V. Bifurcation theory and catastrophe theory , 1994 .

[111]  Thomas E. Potok,et al.  Managing secure survivable critical infrastructures to avoid vulnerabilities , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[112]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .

[113]  Paul Jeffrey,et al.  Resilience enhancing expansion strategies for water distribution systems: A network theory approach , 2011, Environ. Model. Softw..

[114]  F. Sibel Salman,et al.  Assessing the reliability and the expected performance of a network under disaster risk , 2011, OR Spectr..

[115]  Derek K. Hitchins,et al.  Systems Engineering: A 21st Century Systems Methodology , 2007 .

[116]  John Doyle,et al.  Understanding robust control theory via stick balancing , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).