Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems

A common problem in risk analysis is to characterize the overall security of a system of valuable assets (e.g., government buildings or communication hubs), and to suggest measures to mitigate any hazards or security threats. Currently, analysts typically rely on a combination of indices, such as resilience, robustness, redundancy, security, and vulnerability. However, these indices are not by themselves sufficient as a guide to action; for example, while it is possible to develop policies to decrease vulnerability, such policies may not always be cost-effective. Motivated by this gap, we propose a new index, defensibility. A system is considered defensible to the extent that a modest investment can significantly reduce the damage from an attack or disruption. To compare systems whose performance is not readily commensurable (e.g., the electrical grid vs. the water-distribution network, both of which are critical, but which provide distinct types of services), we defined defensibility as a dimensionless index. After defining defensibility quantitatively, we illustrate how the defensibility of a system depends on factors such as the defender and attacker asset valuations, the nature of the threat (whether intelligent and adaptive, or random), and the levels of attack and defense strengths and provide analytical results that support the observations arising from the above illustrations. Overall, we argue that the defensibility of a system is an important dimension to consider when evaluating potential defensive investments, and that it can be applied in a variety of different contexts.Comment: 36 pages; Keywords: Risk Analysis, Defensibility, Vulnerability, Resilience, Counter-terroris

Chronicle of a Pandemic Foretold. CEPS Policy Insights No 2020-05 / March 2020

In just a few weeks, COVID-19 appeared in China and quickly spread to the rest of the world, including Europe and the United States. Many have rushed to describe the outbreak as a ‘black swan’ – an unpredictable event with extremely severe consequences. However, COVID-19 was not only predictable ex post: it was amply predicted ex ante. This allows us to draw some preliminary lessons: • First, economic policy will need to shift from its current focus on efficiency, towards a greater emphasis on resilience and sustainability. • Second, a more centralised governance to address health emergencies is needed. • Third, Europe should create a centre for the prevention of large-scale risks. • Fourth, digital technologies, if handled with care, can be an important part of both a mitigation and a response strategy. • Fifth, Europe should improve its science advice and communication functions. Finally, there are many ways to pursue enhanced resilience and responsiveness, but not all of them are compatible with sustainability and democratic values. The challenge is to find an adequate policy mix, which safeguards individual rights and liberties, protects the economy, and at the same time strengthens government preparedness for cases of epidemics and pandemics

Beach users’ perceptions of coastal regeneration projects as an adaptation strategy in the western Mediterranean

Some coastal environments facing climate change risks are starting to be managed with nature-based solutions (NBS). Strategies based on the rehabilitation of green infrastructures in coastal municipalities, such as renaturalization of seafronts, are considered adaptive to the effects of climate change but may cause misconceptions that could lead to social conflicts between the tourist sector and the society. A survey was carried out to study user perceptions on the effects of climate change, preferences for adaptation strategies, and the assessment of projects of dune reconstruction. We find that while beach users recognize the benefits of NBS for environmental conservation and storm protection, they show little concern about possible effects of climate change on recreational activity and have limited understanding about the protective capacity of NBS. Thus, a greater effort must be made to better explain the effects of climate change and the potential benefits of NBS in coastal risk management.Peer ReviewedPostprint (author's final draft

Becoming Rasuwa Relief: Practices of Multiple Engagement in Post-Earthquake Nepal

In this article, we reflect on the multiple nature of our engagements in the wake of the 7.8m earthquake that struck Nepal on April 25th 2015. Specifically, we trace the events, experiences, decisions, positions, and processes that constituted our work with a post-earthquake volunteer initiative we helped to form, called Rasuwa Relief. Using the concept of multiplicity (cf. Mol 2002), we consider the uncertain process by which Rasuwa Relief began to cohere, as a collective of diverse efforts, interventions, projects, and commitments, and how Rasuwa Relief was continually and multiply enacted through practices of engagement. As a collaborative effort that coordinated and consolidated many of our post-earthquake interventions over a period of two years, Rasuwa Relief was always in a state of becoming. This process of becoming, we suggest, indexed and informed the multiple ways that we participated and intervened in the aftermath of the earthquake—as accidental humanitarians or ‘relief workers’, as early-career scholars, and as people attempting to balance diverse personal, academic, and ethical commitments within and beyond Nepal. Based on a reflexive analysis of these multiple engagements, we also present an embedded critique of ‘humanitarian reason’ (Fassin 2012), inclusive of our own decisions and actions, alongside a selfcritical analysis of the affective factors that shaped our own ‘need to help’ (Malkki 2015)

Resilience in Critical infrastructure within the energy sector of Norway

Master's thesis in Cyber security (IS507)This thesis investigates what are the characteristics of resilience within the energy sector, as well as what are the "best” known practices being used to increase awareness of the employees. By looking at the existing literature and finding differences between how the energy sector in Norway vs other nations approaches resilience. There is a difference in Norway's more decentralized power grid, where many smaller power stations supply energy, compared to other nation with single large power station. This influences how they will approach resilience. The study uses a qualitative research approach, with semi-structured interviews to gather data from several organizations within the energy sector of Norway. The results are then analyzed, and compared to existing research, to achieve a theoretical understanding of the result. The study identifies what are the characteristics that can be used to define resilience within the energy sector. And defines how these characteristics can be used to achieve resilience within an organization. Furniture more this study analyzes what constitutes “Best-practices” and if they truly are “best,” before investigating how such practices are used to increase awareness of resilience to the employee of the energy sector

Making cyber security more resilient: adding social considerations to technological fixes

How can a focus on socio-technical vulnerability and uncertainty make cyber security more resilient? In this article, we provide a conceptual discussion of how to increase cyber resilience. First, we show how cyber security and resilience thinking co-evolved through their connection to critical infrastructures, and how the ensuing dominant technical focus inevitably always falls short due to the diverse societal values that underpin their critical social functions. We argue that a sole focus on aggregate systems neglects the important differences in how cyber threats are experienced and dealt with by individuals. Second, we draw on insights from social resilience and disaster management literature to establish a better link between individuals and cyber systems. We focus on two key aspects of cyber security that highlight its social nature: vulnerability and uncertainty. Instead of thinking of cyber security as a “technical problem + humans,” we suggest cyber security should be conceptualized as a “social problem + technology.” We conclude by highlighting three ways forward for researchers, policymakers, and practitioners: interdisciplinary research, public debate about a set of normative questions, and the need for an uncertainty discourse in politics and policymaking