Affordable Resilience

Abstract

Cost-effective protection of complex systems and infrastructures from failures and disruptive has been a systems engineering design goal and a national imperative for well over a decade [1, 2]. Broadly speaking, this capability is called resilience. Resilience means different things in different domains (e.g., military, space, healthcare, energy). For example, in the military domain, resilience is defined as the ability of a system to adapt affordably and perform effectively across a wide range of operational contexts, where context is defined by mission, environment, threat, and force disposition [1]. In the healthcare domain, resilience depends on the magnitude and duration of the disruption (e.g., surge in patients). A short-term surge can be handled by people working overtime. A long-term surge is viewed as a trend and requires a more permanent response such as increase in personnel and capacity of facilities. A key issue in engineering resilient systems is the lengthy and costly upfront engineering process. As important, current approaches to resilient system design rely on ad hoc methods (e.g., safety nets) and piecemeal solutions when developing mechanisms to respond to disruptions and unanticipated system behaviors [3, 4]. In such approaches, observed high-level behaviors are compared to expected high-level behaviors. When the difference exceeds a certain threshold, the observed behavior is considered a problem, or a precursor to a problem. Such behaviors trigger a transition to a known safe state until the underlying problem is diagnosed and resolved. During the problem resolution, the system remains unusable. Furthermore, existing methods do not take into account the different states and modes of complex systems, nor do they address unprecedented disruptions that can occur at arbitrary times during complex system operation. They also do not address the time-dependent nature of disruptions and their impact on complex systems. In light of the foregoing, there is a pressing need for an overarching methodology for developing resilient systems, one that is preferably rooted in formal modeling approaches. The ideal formal modeling approach is one that has sufficient flexibility in its formalisms to accommodate uncertainty in system states that arise from partial observability of system behavior and unexpected disruptions. The models should also lend themselves to formal verification, and testing. And finally, the models should be able to learn from observations. To advance beyond the state of the art in model-based approaches, we need the ability to determine desired appropriate behaviors of complex systems. This is a challenge because a complex system invariably has a large state space, with some ``hidden'' states arising from complex interactions between the system elements and between the system and the environment. Exacerbating the problem is the fact that the state of the system is often not known because of partial observability of the system and environmental uncertainties. Additional complicating factors include incomplete understanding of system dependencies and environmental influences, likelihood of conflicts between local and global responses, and an increase in the number and types of human roles.