Improvisations within and across interconnected critical infrastructures
I
We spent considerable time in our 2008 High Reliability Management describing the important role and assembly of just-in-time improvisations in maintaining ongoing operations of a major transmission grid. Our 2016 Reliability and Risk continued and extended that discussion to interconnected infrastructures under normal and temporarily disrupted conditions. Our latest research on large socio-technical systems in failure, especially the interconnected backbone infrastructures of water, electricity, roads and telecoms, has also underscored the criticality of improvisations.
How so? Both these can be called improvisations: the staff in a power plant working with what is at hand to bring back into operations a generator that suddenly went off line and the water treatment plant reaching out for mobile generators, including those from the power company, in order to get the plant back in operations.
The two are, however, different improvisations when in the former the water treatment plant didn’t experience a disruption in service from the power company (e.g., the power company was managing to an n-1 contingency), while in the latter. disruption and worse was being experienced by the water treatment plant. They differ in degree and kind because of the different shifts in interconnectivity and system control variables (electricity frequency and water pressure) taking place.
II
A huge category mistake thus exists in thinking the workarounds within an infrastructure to ensure ongoing operations and the workarounds improvised post-disaster are similar, i.e., thinking only that both involve flexible, creative behavior and are interinfrastructural by definition.
To think that way is to obscure an essential demarcation in infrastructure operations taking place via interconnectivity shifts, namely, those occasions where: Improvisations jointly undertaken by two or more infrastructures around their shared or overlapping control variables become themselves a primary mode of operation.
That said, improvisational behavior beforehand can pose a benchmark for improvisation later on. “What does success look like?” a senior state emergency manager asked rhetorically, and answered: “Success in every disaster is that you didn’t have to get improvisational immediately. You can rely on prior relationships and set up a framework for improvisation and creativity.” Success, in other words, is when base-level interconnectivity does not altogether disappear, however much it is reconfigured later on.
Rethinking pre-disaster mitigations for critical infrastructures
I
How do you choose which bridges to retrofit now and just ahead, when so many major ones here could fail in the next big earthquake?
That question is misformulated and its answers accordingly misleading.
II
Retrofitting a bridge pre-disaster isn’t a chancy wager on what might or might not happen to the bridge later. Retrofitting is managing latent interconnectivities between bridges and other infrastructures that become manifest during and immediately after the disaster. That inter-infrastructural connections will shift and these shifts will involve bridges is far more predictable than this or that bridge will fail, unless retrofitted.
This means attention is crucial to the track record in retrofitting bridges before and after disasters, here and elsewhere. Note the implication: Retrofitting has to occur in order to have a track record to monitor and learn from.
Since there are real material and cognitive limits on controlling inter-infrastructural connectivity at any point in time, doing more by way of managing the pre-disaster latency of interconnectivities is elemental. An interviewee with engineering and management experience told us their city water infrastructure was behind the electricity utility in the adoption of automatic shut-off valves. Bringing water systems up to power’s better practices is a way of managing latent interconnectivity in advance of disaster.
III
In other words, the question we should be asking is more akin to: “What have we learned, here or under like conditions elsewhere, that actually works in better managing latent interconnectivity for post-disaster response and recovery?”
Five points in regard to emergency management for critical infrastructures
(1) The partisans and champions of requisite variety for matching right-now demands with right-now resources must reflect the inter-infrastructural, i.e., they are to be found not only in the emergency management agencies but as prominently in the backbone infrastructures and control rooms of interconnected water, energy, and telecommunications.
Nor is this wider catchment just to increase the partisans and champions. It’s also to compensate for professional blind-spots. “Emergency management is an old game,” an interviewee told us, adding: “We still see a lot of the old guard in this. . .working against innovation even if it’s not intentional on their part”.
(2) Any notion that, if established, a post-disaster normal will necessarily repopulate sequential interconnectivities between and among infrastructures back to a pre-disaster baseline, should be checked.
Consider a city’s building code. Viewed one way, it is an instance of sequential interconnectivity (do this-now and then-that). But if cities view their respective building codes also as the means to bring structures up to or better than seismic standards, then the code becomes a focal mechanism for pooled interconnectivity among developers and builders.
(3) The other side of “everything’s connected” is “nothing can be completely reduced to something else.” To paraphrase one interviewee: It would be crazy for the regulator to do the work of the utilities, when the latter are the experts. “We can’t tell them where to de-energize lines,” the regulator said by way of example.
Things are connected, but more often loosely so than some would prefer.
(4) “Who’s available and what’s left to work with?” applies to both sides of a major emergency.
This means that the focus on continuity of operations and management skills, along with changes in delegating authority and duties during incidents, isn’t only understandable. It’s a huge priority and attention sink. Ensuring both pre-disaster and post-disaster continuity of operations is an imperative for monitoring the performance of prior mitigations and placement of precautions.
(5) From the above perspective, “cascading failure across infrastructures” should be disaggregated into different interconnectivity configurations and their respective system control variables (frequency for electricity, water pressure for potable and wastewater systems).
This must be done before assuming anything like cascades are instantaneous and unmanageable. Some documented cascades have been more granular with respect to duration and open to management than typically assumed in formal modeling and planning processes.
Time, but not timelines, in emergency response
For all that clarity, logic and urgency of emergency response, “it’s almost impossible” to reconstruct after-the-fact the welter of timelines and organizational scrambling during immediate response, underscored an experienced wastewater coordinator and planner.
In fact, it’s by no means clear how some response actually happened. “How did that work? Great question,” said a state emergency preparedness official to us before trying to explain.
Also, it is unlikely in the US setting that senior politicians and government officials–committed as they are to immediate restoration of backbone services–will stay out of the way of infrastructure operators and emergency managers doing the needful. Timelines of interventions are the least of real-time worries.
WHEN COMPLEX IS AS SIMPLE AS IT GETS 