I
Here’s my starting point on government regulation (from our 2016 Reliability and Risk):
. . .as long as infrastructure regulation is equated with what regulators do, society will have a very myopic understanding of how regulation functions for critical infrastructures. The regulation of infrastructures is not just what the regulators do; it is also what the infrastructures do in ways that their regulator of record could never do on its own.
Contrary to conventional wisdom, it is not a criticism of regulators to say they never have the same timely information as do those operating the critical infrastructures being regulated. It’s a statement of the obvious cast as a negative. Restate the obvious, but now as a positive: those who have the real-time information must fulfill regulatory functions that the official regulator cannot fulfill. How well they are fulfilling the regulatory functions depends on (1) the skills in real-time risk management of their reliability professionals and (2) where those professionals are located, which for our purposes means the infrastructure control rooms and their respective support units.
From our perspective, it makes little sense for critics to conclude that regulators are failing because formal regulations are not being complied with, if the infrastructures are managing in a highly reliable fashion and would not be doing so if they followed those regulations to the letter.
In practical terms, this means there is not just the risk of regulatory non-compliance by the infrastructure, there is also the infrastructure’s risk of compliance with defective regulations. Either way, the importance of time from discovery to correction of error reinforces the nature of dispersed regulatory functions: A shorter time to error discovery has the advantage of discovering errors that would have propagated into much larger ones if left uncorrected.
II
The upshot for the regulator of record?
If policymakers still insist that the regulator’s task is one of regulating the whole cycle of the infrastructure throughout its operational stages of normal, disrupted, failed, and recovered onwards, then it is better to say that at best the regulator of record is in permanent setback management. At worst, its own activities require the coping behavior we associate with emergency management during crises.
III
And yet the demands on government regulation are increasing at the same time. No one should doubt, for example, that the more interconnected the systems to be regulated and the more complex each system and its own regulations are, the more regulatory and inter-regulatory oversight will have to be given to latent interconnections, risks and the transition thresholds where they shift from latent to manifest.
Regulating ahead for latent interconnectivities is a very difficult task for even one regulator, let alone for something like “inter-regulatory oversight.” This too reinforces the need for a dispersed regulatory regime well beyond the regulator of record.
IV
It should go without saying that the regulatory functions of the infrastructure’s control room (if present) will differ from the health and safety regulations and approaches needed elsewhere in the critical infrastructure. This means we should not expect there to be a single set of procedural or supervisory approaches that can apply throughout the entire infrastructure, however committed it is to service reliability.
The challenge instead is to better understand the institutional niche of critical infrastructures, that is, how infrastructures themselves function in allocating, distributing, regulating and stabilizing that reliability and safety apart from, if not independently of, the respective government regulators of record. That this knowledge will always be for regulators partial and punctured by gaps and ignorance should go without saying.
There is, however, a serious asymmetry in the current design orientation for regulating infrastructure reliability (including safety) and the practice orientation of reliability professionals in and around control centers for the infrastructure. When reliability professionals express discomfort over a design orientation, regulators and others insist that this has to be expressed in terms of formal analysis, where the burden of proof is on the reliability professional to show what in this design orientation is not reliable. That burden of proof, we believe, is the responsibility of the regulator; it is not a regulatory function of the infrastructure, when real-time service reliability matters.
WHEN COMPLEX IS AS SIMPLE AS IT GETS 