Today, I gave the closing address at the RUSI conference, Protecting the Critical Infrastructure, in a session introduced by RUSI’s head of risk and resilience, Anthony McGee. From the introduction to the conference by RUSI’s head, Professor Michael Clarke:
Protecting the Critical National Infrastructure and ensuring the continuation of political, social and economic activity is vital to the UK. As a modern ‘just-in-time’ society is becoming increasingly dependent on goods and services distributed through critical infrastructure, so the potential consequences of disruption to that infrastructure become more serious.
However, the increasing importance of well protected, resilient infrastructure is matched by the growing complexities and interdependencies of a CNI which is spread across sectors and nation states. Relationships between stakeholders are somewhat disjointed, the ownership of risk is unclear and yet the consequences of failure are potentially catastrophic.
Most of the speakers got stuck into the nitty gritty of how infrastructure fails and why – with last summer’s catastrophic floods as exhibit A. My job, however, was to take a somewhat broader view of resilience at a time when the old ‘command and control’ paradigm is failing…
The talk draws heavily (of course) on my collaboration with Alex Evans, but also on work with the economist, David Bloom. Also there’s quite a overlap with these GD posts. Full text after the jump (or here as a pdf).
Looking Forward – how do we build resilience
Talk to the RUSI Conference on Critical National Infrastructure
David Steven, 17 April 2008
A few weeks ago, I was reading Damian O’Connor’s fascinating account of the influence RUSI exerted in the 19th century. According to Dr O’Connor, the Institute really came into its own in the 1860s, at a time of rapid and unsettling change in Britain’s security environment.
Back then, we had recently enjoyed one of those fleeting periods of hegemony. But then the American civil war, unification of Germany and expansion of Russia shook British complacency. Clearly more was needed than a defence policy that rested on what Dr O’Connor calls “the Nelson touch, backed up by Martello towers or their equivalents”.
In response, RUSI made three powerful arguments. First, the country needed to get serious about the consequences of technological change. Second, it needed a new, and broader, concept of security. And finally, a unified response had to be developed in the face of a changing set of international threats.
150 years later and the parallels are obvious. Once again, we – the West that is and not just the UK – have enjoyed a holiday from history. And then we’ve returned to a world where:
- Technology and the shifting balance of power are opening up new sources of insecurity. From terrorism to rising food prices, climate change to weapons proliferation, we’re faced by a palette of unfamiliar risks.
- Our institutions, meanwhile, have only just started the process of adjusting to the new reality. For governments, the challenge is how to deliver, what a recent UN high level panel, described as a “broader, more comprehensive concept of collective security“.
- And we’ve found that delivering against these risks requires new types of partnership – partnerships that don’t appear out of thin air, but rely on shared awareness, a deep consensus that stretches across networks of state and non-state actors.
That’s why it’s so important that RUSI is again trying to shape the security debate, and why the questions it is asking about resilience in the face of risk are such critical ones.
News from elsewhere
I am not here to talk about critical national infrastructure (CNI) – at least not directly. Faced by so many experts, it would be foolish to do so. Over the past couple of days, I have been fascinated by the depth and range of the discussion. Three themes in particular have struck me:
- The fact that threats evolve and that means our response must adapt as well. Last year’s conference, it seems, was very much focused on terrorism. This year, for understandable reasons, flooding has become a major theme. What will we be talking about next year?
- The need for what one speaker described as ‘maintaining agility’ against a ‘moving target’. In other words, we’re talking primarily about a way of thinking and behaving in the face of risk, not trying to develop rigid sets of processes, protocols and plans.
- Finally, something that most speakers have touched on at one point or another has been the role that citizens play in delivering resilience. We’ve heard lots of references to ‘human factors’ and ‘social engineering’, while it is clear from Sir Michael Pitt’s progress report on the urgent recommendations from his review of the 2007 floods, that public engagement remains the most thorny outstanding issue.
When Anthony asked me to speak, however, he told me he wanted to close the conference with some ‘news from elsewhere’. I am not a paid up member of the CNI tribe, so I am going to use the latitude Anthony has granted me to move away from:
- A national focus. Instead, I am going to looking up to the global level, but also down to a local one.
- A focus on our physical infrastructure – to explore resilience from a psychological and institutional perspective.
My argument is that:
- There’s a new ‘riskiness to risk‘ (to use Anthony Giddens’s phrase). Globalized systems may be exhilarating, but – as configured – they are inherently unstable. We’re yet to adjust to this fact.
- Resilience has to be distributed across these systems if we want to strengthen them. That means changing the way we think about government and what it should deliver; and rebooting the relationship between state and non-state actors.
- We focus far too much attention on obvious points of weakness and in planning responses to those threats we can predict and measure. In contrast, crucial human drivers are neglected – seen as too difficult to understand and predict.
- A community like this one can, and should, be a powerful driver of resilience across society – but only if the CNI ‘tribe’ is open to outside influences and actively seeks to influence broader agendas.
When I consider vulnerability, I tend to look at it through four lenses.
First, shocks – those catastrophic insults that strike at the systems on which we depend.
As you all know, we’re more vulnerable to them than we were. 2004 and 2005 saw more than $150bn of hurricane damage. In part that was down to some bad storms, but the real driver was changes in the way we – or in this case Americans – live. At present, the loss in the US from a hurricane of the same force is doubling roughly every ten years. According to this calculation, a storm of the intensity of the Great Miami Hurricane of 1926 would cause $500bn of damage if it hit in the 2020s. That compares to around $80bn or so for Katrina.
Shocks are not always highly visible, of course. Take what I think of as Europe’s forgotten catastrophe – the heat wave in 2003, which caused thirty-five thousand deaths. This is one of Europe’s worst ever peacetime disasters, but we barely noticed it at the time and have forgotten it remarkably quickly.
Second, stresses – those slower burn pressures which can have no discernible effect over a long period, but then cause dramatic change as a threshold is hit and the system shifts to a new regime. We tend to react to this process with awe – always surprised when it happens, always caught out by the speed and scale of change.
As I speak, the world is just beginning to wake up to the fact that rising population, affluence and expectations are going to impose severe stress on global systems. This at a time when we’re running into scarcity problems with some highly strategic resources: energy, land, water, food and atmospheric space for emissions.
Life is going to be very different as we hit these crunch points. We’ve heard quite a bit from speakers about the need to think about climate change adaptation, but much less about mitigation. That is despite the fact that the UK appears to be prepared to attempt to decarbonise its economy in just 40 years and, along with its European partners, is committed to deep emissions cuts by 2020, whatever the outcome of the post-Bali climate talks. What impact is that going to have on our CNI through the next investment cycle?
We ignore these longer-term drivers at our peril.
Third, there is our vulnerability to deliberate disruption.
Others have covered this issue, so I won’t go into detail, apart from to make two points.
First, this is a global issue not a local one. Across the world, attacks on infrastructure are becoming increasingly sophisticated and are starting to be used systematically to weaken the state. This threatens our overall security environment and is likely to multiply scarcity pressures.
Second, there is the knowledge that adversaries are studying complex systems at the same time as we are and are thus becoming more sophisticated in their ability to find points of weakness.
It shouldn’t surprise you that Osama bin Laden quotes a British diplomat at Chatham House in his October 2004 address, The Towers of Lebanon. He used the diplomat’s remarks to boast about the return on investment from the 9/11 attack. This is also a theme that we repeatedly see in propaganda videos highlighting successful attacks on Iraq.
We are currently doing some work on how a new breed of insurgent might apply these lessons in Europe – with the aim of imposing maximum disruption with minimum cost – what we call a tax on living. For now, I’d just like to highlight one point. When we consider how the threat might evolve in a post-modern society, we may be wrong to expect a continuation of the pattern of a small number of high impact attacks. We believe a distributed campaign, with lower intensity and wider participation, would support a higher rate of innovation and be considerably more damaging, especially on a psychological level.
The final vulnerability is the way we weaken our own critical systems through our own neglect, ignorance or stupidity.
Globally, there is a desperate lack of investment in infrastructure. Globalization has led to a trade-off between efficiency and resilience, with global systems treading an increasingly perilous line between dividend and disaster. But this is not just about physical assets.
There is also the way we export risk across institutional and geographic borders with unpredictable results. Economists talk about ‘lemon economics‘, not to refer to the fruit, but to talk about the information problems that bedevil selling second-hand cars. If I sell you a second hand car, then I know more about its faults than you do. Whatever price I am prepared to accept, then, is almost certainly too much.
In recent years, our financial system has traded an awful lot of lemons. Those who understand a risk well have unloaded it to those who understand it less well, who then pass it down the chain. It will be sometime yet before the consequences of this unwind.
Finally, there is the question of the resilience of our civilizational values. Terror movements expect states to blunder in response to their actions. And blunder we have, inflicting what John Robb calls ‘systems disruption on ourselves.” Osama bin Laden again – “To some analysts and diplomats, it seems as if we and the White House are on the same team shooting at the United States’ own goal, despite our different intentions.”
Beyond command and control
In the face of these vulnerabilities, we currently work from a command and control paradigm, which assumes that:
It is possible to isolate individual components from the rest of a system and manage them.
- The high-level objective of managers should be to keep each component near an idealised equilibrium.
- Threats to this equilibrium can be predicted with a reasonable degree of certainty and mitigated.
- Experts have access to sufficient information to make effective management decisions.
However, this paradigm is not a good description of the world we live in:
- There are no borders in a networked world – one part of the system cannot be isolated from another. A $500bn hurricane is our problem here in Europe – nowhere in the world would be insulated from that threat.
- Natural and social systems are never at equilibrium (except when they’re dead). A complex adaptive system is dynamic and relies on the constant flow of energy and/or information to stay upright. Think of the difference between a tricycle and a bicycle.
- Systems evolve – moving from one stable state to another. This can occur quite suddenly, once a threshold is crossed. An idealised cycle: (i) rapid growth; leading to (ii) a maturity phase, where efficiency increases, but resilience is lost (an underappreciated trade-off); (iii) followed by a chaotic release, usually accompanied by a loss of complexity; (iv) leading finally to reorganization and a new growth phase.
- There isn’t one system – but many nested systems, each of which is interlinked with and embedded in others. Our CNI is a ‘system of systems’, but at another scale, it is one system in a larger socio-cultural system. Reorganization elsewhere can provide an impetus for innovation in the face of new challenges. Alternatively, failure can cascade across systems. The ‘perfect storm’ of which we are, rightly, afraid.
The resilience perspective
At this point, it is perhaps useful to turn to a classic definition of resilience: “the capacity of a system to absorb disturbance and reorganize while undergoing change so as to still retain essentially the same function, structure, identity and feedbacks”.
From this definition, we can see that resilience comes from a distributed response, where each level of the system contributes to its survival. In other words, we’re looking at a public good/public bad axis:
- High resilience: risk and response to that risk is shared throughout the system; individuals see their interests as compatible with the collective.
- Low resilience: risks felt disproportionately by some groups; responses over centralized; individuals pursue narrow self-interest; organisations do not ‘deliver’.
This should lead us to reverse our instinctive hierarchy for thinking about resilience, where we worry about ‘stuff’ first (because we can see it and think we can control and manage it). We need to worry about organisations if things keep going wrong (but see them as structures, rather ways of framing choices). And we never really think about cultural and value systems, or the role they play in increasing or decreasing adaptability.
Reversing the hierarchy
Let’s look at the hierarchy from the other direction.
First, the cultural and psychological level of resilience:
Resilience implies that our system maintains its identity in the face of threat. So it’s not about a rigid conservatism – a refusal to change under any circumstance, but instead an ability to flex and absorb threats, and to shift in response to them in a way that protects, reinterprets, fulfils our own identity. This can be summed up as follows: has a threat diminished us or not?
Then, the institutional level:
Here it is important to take a broad view of institutions and accept the challenge of building social capital. I like these two definitions:
- Douglass North – “the rules of the game in a society or, more formally, the humanly devised constraints that shape human interaction”.
- Robert Puttnam – benefits that “flow from the trust, reciprocity, information, and cooperation associated with social net works”.
The key institutional questions we face are:
- How to ‘connect the dots’. At the moment, there is worrying fragmentation across sectors, organisations, risks and time scales. Without greater shared awareness, resilience will undoubtedly prove elusive. There’s a new Demos programme with this title that you may find interesting [contact GD contributor, Charlie Edwards, for more details].
- The need to put ‘nanny state’ out of her misery. We need to move from a situation where government organisations crowd out community initiative to one where we create conditions where citizens do much more to protect themselves.
- But, in balance to this point, how we can increase our focus on providing better safety nets for the vulnerable – because the system will usually fail at its most vulnerable point.
- Finally, how we can do all this without drowning in complexity as threats multiply. We are, for example, living in a world where the state will be responsible for rationing carbon. Unprecedented institutional innovation will be needed to take on new responsibilities like this without imposing unsustainable levels of cost.
It is only in this context – cultural/psychological, then institutional – that we can really move to tackle the physical points of weakness that we’ve heard so much of at this conference.
So let me close with three reflections on how the perspective I have outlined might affect your work on CNI.
First, by focusing on the cultural and institutional factors, I don’t want to in any way under play the work of the CNI community. Quite the opposite, as I think the Pitt Review has shown, by starting with CNI and working upwards and outwards, I think you have the ability to drive a profoundly important debate about the future of our society.
However, my second point is to hope that I have convinced you of the need to keep opening up your own community to new perspectives. To return to the question about what will be on the agenda at next year’s conference, I hope you’ll be exploring a wider set of risks, and will be doing so by drawing on an increasingly international and cross-disciplinary perspective. Silos, we all know, are one of the quickest ways to narrow horizons and engineer in weakness.
For me, the final challenge is for a greater effort to put people at the centre of this issue, not just as a problem, but as an asset. The fundamental driver in the next forty years will be:
- More people
- Connected to each other in a growing number of diverse ways
Unpredicted properties will emerge from a system of this kind – and at a growing rate. If we fail to understand and grapple with them, our resilience will suffer. Dramatically.
Thank you very much.