The weakest point in risk and uncertainty management by critical infrastructures operating under high reliability mandates is any assumption that the infrastructures aim to ensure their users need no longer worry about risk, uncertainty and failure scenarios for the service provided.
Why? Because the considerable strengths of control rooms are at the same time blind-spots for society’s expectations of them.
Yes, control rooms represent unique system knowledge, but that real-time knowledge is difficult to convey to or distill for the public, let alone experts committed to checklists and protocols. Yes, their skills and requirements are so knowledge-intensive as to make control operators professionals in their own right, but that also means they cannot be expected to know the requirements of other control rooms with the same degree of breadth and depth. Yes, reliability professionals are virtuosi in managing real time (and it is true that professionals who cannot manage the short-term should not be expected to manage for the long term), but reliability professionals are the first to recognize the need for more long term planning and analysis.
Yes, the evolutionary advantage of control room operators to operationally redesign defective technology and regulation so as to ensure system reliability in real time is often under-recognized, but this does not make reliability professionals experts in altogether repurposing infrastructures when it comes to adding new services or instituting new infrastructures to provide the same service. Yes, control rooms are central to intra- and interinfrastructural reliability, but some critical infrastructures under very real mandates for high reliability do not have control rooms.
Yes, there is that sense in which a control room is like the weather vane taking all those lightning strikes to protect the house underneath, but that means control operators must be able to absorb the shocks and be protected in doing so. This protection—along with the longer term perspective and interinfrastructural oversight responsibilities—is what we expect from leaders, regulators and policymakers. Paul Schulman and I have highlighted control rooms as unique organizational formations and social institutions in their own right, meriting society protection, even during (especially during) continued attack.
 Oops. “As the economist Gary Gorton has put it, banking does for the nonexpert in finance what the electricity grid does for the nonexpert in electricity: . . .enabling most who ultimately bear the risk not to have to worry about it on a day-to-day basis. But as we discovered once the [2008 financial] crisis broke, it was not just nonexperts who had stopped worrying about risk on a day-to-day basis. Most professional investors had also gotten into the habit of not worrying about it either. . . Before we rail against their stupidity, we should remember that not worrying about risk is precisely what a modern banking system enables its customers to do. That the lack of worrying had gone too far is now undeniable, but it happened precisely because of how impressively the modern banking system works when it is working well.” (Paul Seabright in Foreign Policy accessed online on May 26, 2018 at http://foreignpolicy.com/2011/01/03/the-imaginot-line/).