–Here’s my starting point on government regulation (from our 2016 Reliability and Risk):
. . .as long as infrastructure regulation is equated with what regulators do, society will have a very myopic understanding of how regulation functions for critical infrastructures. The regulation of infrastructures is not just what the regulators do; it is also what the infrastructures do in ways that their regulator of record could never do on its own.
Contrary to conventional wisdom, it is not a criticism of regulators to say they never have the same timely information as do those operating the critical infrastructures being regulated. It’s a statement of the obvious cast as a negative. Restate the obvious, but now as a positive: those who have the real- time information must fulfill regulatory functions that the official regulator cannot fulfill. How well they are fulfilling the regulatory functions depends on (1) the skills in real-time risk management of their reliability professionals and (2) where those professionals are located, which for our purposes means the infrastructure control rooms and their respective support units.
From our perspective, it makes little sense for critics to conclude that regulators are failing because formal regulations are not being complied with, if the infrastructures are managing in a highly reliable fashion and would not be doing so if they followed those regulations to the letter.
To summarize, of course regulations, once published, need to be altered in light of emerging better practice; otherwise, they’d be a wheelbarrow without handles, hardly fit for purpose.
–Several inter-related points follow, I believe:
- The regulator of record ideally searches for those (emerging) practices that enable infrastructure control rooms to avoid moving into their respective precursor zones of potential failure or, if already there, exiting these zones quickly and safely. In this way, regulators of record are the guardians of real-time operational redesign and learning from setbacks in control room reliability management. The specific mandate of the regulator of record here would be to mitigate the need for prolonged just-for-now performance of the regulated infrastructure.
- The twofold nature of regulating for high reliability becomes clearer from the perspective of the regulated infrastructure: (1) To what extent does regulation by the regulator increase control operator options and reduce volatility for the critical infrastructure and (2) to what extent is any regulation of that regulator, which inadvertently reduces operational options or increases real-time volatility for the control rooms, corrected by the regulator of record as soon as possible?
- There is not just the risk of regulatory non-compliance by the infrastructure, there is also the infrastructure’s risk of compliance with defective regulations. That importance of time from discovery to correction of error reinforces a process of dispersed regulatory functions: Unless otherwise proven, the shorter the better. A shorter time to error discovery has the advantage of discovering errors that would have propagated into much larger ones if left uncorrected.
- In all the talk about the need for systemic risk regulation (e.g., macroprudential regulation of the financial services sector), few seem to have understood that the larger and more complex the critical infrastructure to be regulated, the less the management of known or expected risk will take center attention in that regulation. Management attention will unavoidably be consumed by trying to address the new surprises and unknown unknowns well outside frequency distributions and worst-case scenarios that come with increased system complexity. Indeed, to equate system uncertainties with “systemic risk” is a disaster to forestall rather than inadvertently hasten by the regulator of record.
- Inter-regulatory activities might be better directed to identifying and ensuring the efficacy of better practices and regulations that prevent cross-infrastructure failure cascades, especially in cases where (1) each infrastructure’s reliability management cannot prevent being pulled into its respective precursor zone of potential failure, but where (2) the infrastructures must manage together so as not to be pulled across their respective edges into joint, interconnected conditions of few options and high task volatility.
Note the issue here is about the regulator knowing specifics about the real-time systemwide management by the infrastructure regulated. The truism that the regulator of record can never be on top of all that the regulated infrastructure does is, as a criticism, rather wide of the mark.
–All that said, an open question remains: What are the jointly shared standards of reliability, if any, to be managed to (and regulated for) when it comes to shared control variables?
It is easy enough to imagine one infrastructure’s precluded events standard conflicting with another infrastructure’s avoided event’s standard, both of which are interconnected in real time by shared control variables: Emergency water releases from dams in order to prevent their breaching (a precluded event) threaten reliability mandates downriver for levees, water supplies, hydropower, and waterway shipping, which can only seek to better avoid consequences of releases it can’t prevent. High reliability management with respect to shared, interinfrastructural control variables remains a very important research topic for regulators as well.
While that question cannot be answered a priori and must be settled case-by-case, our framework suggests it would be better that joint field inspections (by infrastructures and by their regulators) be directed, as a matter of priority, to those sites where the chokepoints of individual infrastructures are collocated.