The weakest point in risk and uncertainty management by critical infrastructures operating under high reliability mandates is any assumption that the infrastructures aim to ensure their users need no longer worry about risk, uncertainty and failure scenarios for the service provided.
–Why? Because the considerable strengths of control rooms are at the same time blind-spots for society’s expectations of them.
Yes, control rooms represent unique system knowledge, but that real-time knowledge cannot be conveyed or distilled for the public, let alone for experts committed to checklists and protocols.
Yes, their skills and requirements are so knowledge-intensive as to make control operators professionals in their own right, but that means they also cannot be expected to know the requirements of other control rooms with in the same breadth and depth.
Yes, they are virtuosi in managing real time (and it is true that professionals who cannot manage the short-term should not be expected to manage for the long term), but reliability professionals are the first to recognize the need for longer term planning and analysis.
Yes, control rooms are central to intra- and interinfrastructural reliability, but some critical infrastructures under mandates for high reliability do not have control rooms.
–All this has at least one major implication:
Yes, the evolutionary advantage of control room operators is the operational redesign of inevitably defective technology and regulation so as to ensure system reliability in real time. This however does not make them experts in repurposing infrastructures when it comes to adding new services or creating new infrastructures to provide the same service.
There is tension between control operators for whom recovery means resumption of critical services to a new normal and leaders (including the regulators of record) for whom recovery occasions the major repurposing of infrastructures (with respect to new services or entirely new infrastructures for the same service).
–Equally major, the drive to repurposing can be totalizing. The prime minister of Japan during the Fukushima disaster concluded: “Experiencing the accident convinced me that the best way to make nuclear plants safe is not to rely on them, but rather to get rid of them”. And that is what Germany has done under its Energiewende, the energy transition (transformation?) from nuclear to renewable resources.
The question then is this: How to make any such transition highly reliable? If the aim is high reliability, answers must pivot around the respective real-time control room operators. No ifs, ands or buts here.