–To insist that “there are hundreds and hundreds of organizations having oversight responsibility for [fill in name the region]” misses the fact that interconnectivity becomes a focus only with respect to specific failure/accident scenarios. Changing the scenario focus over what are the important manifest interconnections means having also changing the focus over what are the latent ones of concern.
–What are latent interconnections? To answer that, we have first to describe latent and manifest risk. If manifest risk is where the probability of failure (Pf) and the consequences of failure (Cf) are known or estimated, “latent risk” is when uncertainty over Pf or over Cf exists. Once the missing estimate is provided, what was latent becomes manifest risk.
High reliability management recognizes that management of latent risk—the management of nonmeasurable uncertainty—should be ahead of the risk becoming manifest. (Think of measurable risk as associated with professionals’ skills in pattern recognition across a run of cases and nonmeasurable uncertainty as associated with their skills when it comes to a one-off, what-if scenario formulation.)
Minimally, this management-ahead is to forestall the realization of risk-with-respect-to scenarios that would decrease options and/or increase volatility of reliability professionals. In other cases, the management-ahead is to help realize risk-with-respect-to scenarios that would manifestly increase options and/or decrease volatility.
–Now to implications for and about latent and manifest interconnectivity. In complex, interconnected systems where high reliability (including high safety) matter as an existential priority, four inter-related factors move center-stage for the managing-ahead of latency:
- Analytic modeling uncertainties become a major consideration. Not only do analytic models differ in terms of their uncertainties—electricity modeling appears to be better than levee modeling. Even more important, the more interconnected the infrastructures, the more latent risks to be managed in light of input and output variables as well as their joint their control variables, which modelers often miss or do not understand (e.g., waterflows central to real-time services of key interconnected infrastructures).
- The evolutionary advantage of each control room’s ability to operationally (re)design workarounds to compensate for (emerging) defects in hardware and software under interconnectivity take on added prominence in real time.
- A key latency—but one often ignored or not recognized outside the infrastructure control room by regulators and legislators—centers around small change/large impact scenarios. For example, the November 2006 disconnection of a single power cable in northern Germany triggered regional blackouts as far away as Portugal. True, but: How many times were such small changes managed before so as not to lead to huge impacts (the disasters averted) and would subsequent “remedies” undermine this prior ability to manage reliably, had the remedies been instituted earlier?
- A focus on the classic common-mode failure around spatially collocated elements of different infrastructures, such as a shared utility corridor, is misleading when the chokepoints of the respective systems are physically located elsewhere. A chokepoint of one infrastructure tripping over into disrupted or failed operations is profoundly more important if collocated next or adjacent to the chokepoint of another infrastructure with which it is also functionally interconnected.