Fred størseth. new strains of society hidden, dynamic and emergent vulnerabilities

SINTEF Technology and Society

NordForsk Conference

New trends in societal security research in the Nordic countries

26-27 November 2014, Stockholm

1

Tor Olav Grøtan

Senior Research Scientist

Dpt of Safety Research

[email protected]

SAMRISK II project:

New Strains of Society – Hidden, Dynamic and Emergent Vulnerabilities

mailto:[email protected]


• Participants

• SINTEF Technology and Society, Safety Research

• The Norwegian University of Science and Technology (NTNU)

• University of Tulsa, USA

• Forsvarets Forskningsinstitutt (FFI)

• …..

• Budget: 7MNOK from SAMRISK II

• Duration: 2014-17

• Project management SINTEF

• Fred Størseth ([email protected])

2

The project

mailto:[email protected]


• Adressing vulnerabilities that may be "unknown" in any sense:

• Ignored – forgotten - never contemplated - impossible to identify - misunderstood or underestimated – stemming from emergence, rupture, discontinuity, variability, etc -

• Presumed impact; society (as a whole) under enormous strain

• Will the (beliefs in the) institutions endure the strain?

• The deafening silence from missing answers – or unrealistic assumptions?

• Will the public still be comforted by "we will revise our routines"?

• Armed police in Norway November 2014 – of course (?)

• Drivers, e.g.,

• New forms of crime - safety & security – climate change , ++

• Dependencies, dynamics and dynamism between systems and domains

• Need for new foci, e.g.

• From threat pictures to threat landscapes

• Vulnerability patterns

3

New Strains of Society – Hidden, Dynamic and Emergent Vulnerabilities


• A "shrinking" world

• Where are the boundaries between society and systems? How do multiple systems cohere? How can vulnerabilities be identified? Can we see it as an "ecology"? E.g.

• Safety/security "mindsets" as "industrial enclaves" in an open/dynamic society?

• 9/11 signifies a crossroad, a new epoch, a rupture/discontinuity

• Malicious, intended action; terror: A continual, persistent but unspecified threat

• What is the impact on society, what is the strain?

• ICT as a central analytical dimension: "the world connected through it"

• Vulnerabilities when ICT fail

• Failure, breakdown, disturbance (maintenance), virus/hacking etc etc

• Vulnerabilities when ICT function as intended (ICT as prime mediator of interaction)

• ICT as re-presentation technology, as organ-izing technology

• Shared awareness and understanding? A matter of modelling?

• Vertbatim vs gist; different (native) languages; Conditions for sensemaking?

• Intensified potential for vulnerability: The "state of the world" as well as thethreats and risks defined, transfused and understood by and through ICT

4

Some ideas and presumptions


• New threats against society produce new patterns of risk and vulnerability

• The recognition of this may imply the challenging of some core principles

• The idea of distinct roles and clear responsibilities: Somebody must "own" (at least part of) the problem

• What if the distinct roles cannot be identified?

• What if there are no clear areas of responsibility?

• New threats can "play out" in ways that influence an array of systems

• The idea of control:

• The prevalent imperative of identifying and "translating" risk into cintrollableparameters

• How can we identfy and act on risks that are constantly changing, crossingand traversing system boundaries, affecting a number of parties ?

• We must acknowldge the fact that the "standard toolbox" and approaches areinsufficient

• New threats demand new thinking and new methods – for vulnerability as well as risk

5

New Strains: Foundations


• Out point of departure is what we actually have (predominantly from industrial safety)

• Methods, theoretical foundations, views and contemplations

• The aim is however not just to "re-contextualize" into the societal context.

• We will approach the borderlines and the impasses – where methods stalemate , where understanding stops

• We will explore how existing methods and principles can be related to, developed and translated into addressing complex landscapes of threats that

• involve multiple systems in interplay

• is imprinted by substantial uncertainty , e.g., related to

• Extent, potential of escalation, degree of danger, vulnerability by coupling

• can imply generation, transfer and relocation of risk

• We will build "landscapes" of threat and vulnerability within different areas, e.g.:

• Offshore activity in sensitive areas

• Pandemic

• Critical infrastructure integrated with ICT (incl. "ICT as mediator")

6

New Strains; Approach


• Develop an analytical framework for understanding and managing new threats and vulnerabilities towards society

• The objective is not to generate more knowledge to reduce uncertainty, but

• to establish new principles for contemplation and approach, and

• new ways to acknowledge and explore the new strains

• Point of departure; existing methods and theory, with a special focus on:

• Risk analysis

• Barrier management

• Resilience

• Stress-testing

• Intention: to put ourselves (safety science, practice) to the test

• Establish borderlines and limitations of existing/prevalent approaches

• Objective: to identifiy how approaches and methods must be developed in order to adress the societal threats we will face, including

• Where it stops – where "control", methods and tools can promise no more

• Including the new & "promising", e.g. resilience (engineering)

7

New Strains; Defined targets


1. The potential of development related to stress-testing as a specific method (e.g., simulated barrier breakdown) to address societal threats

2. Stress-testing in a wider sense, as a principle or metaphor:

• We intend to "stress-teste" our inventory of approaches and methods – in order to identify where and when our "tools" stop working

• INCLUDING the recent advances,

• e.g., resilience (engineering)

8

Stress-testing; a double meaning

SINTEF Technology and Society 9

David D. Woods, 2014

Hidden, dynamic and emergent vulnerabilities

"STRESS-TESTING 2"

Creating, constructing, conditioning…

Society…

Regulator….

Company….


New safety

ApproachesKnowledge

domain 2 (KD2)

10

Prevalent safety approachesKnowledge domain 1 (KD1)

New risk

management

Approaches(KD2)

Prevalent risk management approachesKnowledge domain 1 (KD1)

Stable/known systems Increasingly complex and dynamic systems

PuRER

"TORC"Compliance vs Resilience

Emergent risksGeneric risk drivers

Sensitization to local conditions

"Safety as done"

EXAMPLE. "Pulse of Risk ExploreR" (PuRER): Project proposal Saf€ra (call.safera.eu) 2014


"expansion": occasions to extend the analytical horizon

"contraction": RA revisions Selected horizons

"flow": (re)-organized attentionsensitivity to work as done

Outcome:

Approaches & methods providing increased sensitivity to emerging risks.

Improved risk management

Example:

Exploring "The Pulse of Risk"


"expansion": occasions to extend the analytical horizon

"contraction": RA revisions Selected horizons

"flow": (re)-organized attentionsensitivity to work as done

Outcome:

Approaches & methods providing increased sensitivity to emerging risks.

Improved risk management

PuRER: Abductive research process

Theoretical inventory/resources

+ + "Drift into failure" + + + + + + + (TORC)

Company / regulator practices and prospects

Main metaphor

iNTeg-Risk KD2 KD1= STRESS-TEST!!


• Hermeneutical ideal

• Continuous exchange

• Part vs whole

• Pre-understanding Understanding ….

• "Safety" or "security" ?

• Build/understand landscapes of threats

• Analyse, stress-test our methods & approaches

13

Ambition: "Zoom In/Out" in large ("infinite") systems

SINTEF Technology and Society 14

"Mantra"

Forget your perfect offering

There's a crack in everything

That's where the light gets in

Leonard Cohen (Anthem)