SlideShare une entreprise Scribd logo
1  sur  17
Télécharger pour lire hors ligne
©Caltech https://ctme.caltech.edu
Resiliency in Systems Engineering
Prepared for C-NO INCOSE Chapter – 18 August 2020
Rick Hefner, Ph.D.
California Institute of Technology
Center for Technology and Management Education
rhefner@caltech.edu, 626.395.4043
Resiliency in SE | Hefner 1
©Caltech https://ctme.caltech.edu
Background
 Resilience is the ability to provide required capabilities in the
face of adversity - any condition that may degrade the desired
capability of a system
 This presentation will discuss the characteristics of a resilient
system and its supporting design techniques
 Presentation is based on Systems Engineering courses at
Caltech Center for Technology and Management Education,
https://ctme.Caltech.edu
2Resiliency in SE | Hefner
©Caltech https://ctme.caltech.edu
Resilience
 Resilience is the ability to
provide required capability
in the face of adversity
 Adversity is any condition
that may degrade the
desired capability of a
system
• Environmental sources
• Normal failure
• Human sources - malicious or
accidental
Can the corporate network
function effectively under:
 Flood, earthquake
 Failure of any component
 Human error in configuration
 Cyber attack
Resiliency in SE | Hefner 3
©Caltech https://ctme.caltech.edu
Resiliency Emerging as a Major Design Consideration
4Resiliency in SE | Hefner
What is Resiliency Engineering?, Kazuo Furuta
©Caltech https://ctme.caltech.edu
Resiliency Challenges are Amplified in Systems of Systems
 Systems acquired at
different times, from
different providers
 Total system not
designed top-down, so
emergent behaviors may
be unknown
 Impact of individual
failures of system
performance
5Resiliency in SE | Hefner
©Caltech https://ctme.caltech.edu
Framing the Resiliency Problem
 The capability(s) of interest (note: a system may deliver several
capabilities each of which may have different levels of resilience)
• The measure(s) (and units) of the capability(s)
• The target value(s) of the capability(s), perhaps by level (e.g., nominal,
degraded mode, minimum useful, objective, threshold, etc.).
 System modes of operation (e.g., operational, training, exercise,
maintenance, update…)
 The adversity(s) being considered for this resilience scenario
• The ways that the adversity(s) affect(s) the system and how the system
reacts in terms of its ability to deliver capability
• The timeframe of interest
 The required resilience (performance) of the capability in the face of
each identified resilience scenario
• E.g., expected availability, maximum allowed degradation, maximum length
of degradation, etc.
• Note there may be several resilience goals (e.g., threshold, objective,
As Resilient as Practicable (ARAP))
6Resiliency in SE | Hefner
System Resilience, sebokwiki.org
©Caltech https://ctme.caltech.edu
Types of Disruptions
Type A – A disruption of input
• An unexpected or unknown
(to the designer)
phenomenon
• NY twin towers attack
• Tacoma Narrows bridge
• A change in environment
• Katrina hurricane and flood
Type B – A degradation in
function, capability or capacity
• Software error
• Human error (in the system)
• Nagoya
• Metrolink 111
• Component failure
• Challenger
• Interaction Between
Components
• Helios 522
• Mars Polar Lander
Resiliency in SE | Hefner 7
©Caltech https://ctme.caltech.edu
Failure States
Resiliency in SE | Hefner 8
©Caltech https://ctme.caltech.edu
Means of Achieving Resilience
 Avoiding – Keep the adversity from
happening or from effecting the system
• E.g., shielding, hardening
 Withstanding – Accept the adversity’s impact but continue
operating despite it (perhaps at a reduced level)
• E.g., redundancy
 Recovering – Accept the adversity’s impact and reconfigure
afterwards to continue operating
• E.g., serviceable system
 Evolving and adapting – Sense the approaching adversity and
adjust over time to lessen/eliminate it’s impact
• E.g., failure detection
System Resilience, sebokwiki.org
9Resiliency in SE | Hefner
©Caltech https://ctme.caltech.edu
Attributes of a Resilient System
Robustness
• Ability of a system to
withstand a threat in the
normal operating state
Adaptability
• Ability of a system that
allows it to restructure itself
in the face of a threat
Tolerance
• Ability of a system that
allows it to degrade
gracefully following an
encounter with adversity
Integrity
• Property of being whole or
cohesive
Jackson, S., & Ferris, T. (2013). Resilience Principles
for Engineered Systems. Systems Engineering, 16(2),
152-164. doi:10.1002/sys.21228.
Resiliency in SE | Hefner 10
©Caltech https://ctme.caltech.edu
Robustness
Ability of a system to withstand a threat in the
normal operating state
Design techniques:
 Absorption – Withstand a disturbance without a fundamental
breakdown in the system’s performance or structure
 Physical redundancy – Two or more independent and identical
components to perform critical tasks
 Functional redundancy – Two or
more different ways to perform
a critical task
Resiliency in SE | Hefner 11
©Caltech https://ctme.caltech.edu
Adaptability
Ability of a system that allows it to restructure
itself in the face of a threat
Design techniques:
 Restructuring
 Human in the loop
 Complexity avoidance – System no more complex than required
 Drift correction – System
senses an approaching failure
and takes corrective/
preventative action
Resiliency in SE | Hefner 12
©Caltech https://ctme.caltech.edu
Tolerance
Ability of a system that allows it to degrade
gracefully following an encounter with adversity
Design techniques:
 Modularity – Functionality is distributed through multiple nodes,
so if one node is damaged, others continue to function
 Loose coupling – Events in various elements can occur
independently
 Neutral state - System is put into neutral state, if possible,
following a disruption
 Reparability – System can be brought to partial or full capability,
over a specified period of time, in a specified environment
 Defense in depth – Two or more ways to address a vulnerability
Resiliency in SE | Hefner 13
©Caltech https://ctme.caltech.edu
Integrity
Property of being whole or cohesive (acting
as a unified whole in the face of a threat)
Design techniques:
 Internode interaction – Every node, or element, of a system
should be capable of communicating, cooperating, and
collaborating with every other node
 Reduce hidden infrastructures – Potentially harmful
interactions between nodes of the system are reduced
Resiliency in SE | Hefner 14
©Caltech https://ctme.caltech.edu
Other Perspectives
Engineering techniques
 adaptive response
 analytic monitoring
 coordinated defense
 deception
 distribution
 detection avoidance
 diversification
 dynamic positioning
 dynamic
representation
 effect tolerance
 non-persistence
 privilege restriction
Objectives
 Adapt
 Anticipate
 Understand
 Disaggregate
 Prepare
 Prevent
 Continue
 Constrain
 Redeploy
 Transform
 Re-architect
 proliferation
 protection
 realignment
 reconfiguring
 redundancy
 replacement
 segmentation
 substantiated
integrity
 substitution
 threat suppression
 unpredictability
Brtis, J. S., and McEvilley, M. A. (2019). Systems Engineering for Resilience, MITRE Technical Report
Resiliency in SE | Hefner 15
©Caltech https://ctme.caltech.edu
System Resilience Relationships
Resiliency in SE | Hefner 16
©Caltech https://ctme.caltech.edu
Summary
 System engineers must increasingly consider resiliency in
designing systems
 Multiple design principles exist – selecting and applying the
right one(s) requires experience and judgement
17Resiliency in SE | Hefner

Contenu connexe

Similaire à Resiliency in Systems Engineering

Resilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate ChangeResilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate Changeeu-circle
 
Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)eu-circle
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systemsAlan Tatourian
 
Performance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawPerformance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawKevin Brockhoff
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
 
Requirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsRequirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsKamalika Guha Roy
 
Resisting to The Shocks
Resisting to The ShocksResisting to The Shocks
Resisting to The ShocksStefano Fago
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance Systemprakashjjaya
 
European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...Global Risk Forum GRFDavos
 
Why resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudesWhy resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudesUwe Friedrichsen
 
Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]David Wilson
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012presNASAPMC
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery   student slides ver 1.0Module 4 disaster recovery   student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Aladdin Dandis
 
Resilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix worldResilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix worldRares Musina
 
Reliability Engineering and Terotechnology
Reliability Engineering and TerotechnologyReliability Engineering and Terotechnology
Reliability Engineering and TerotechnologyChristian Enoval
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesCMDLMS
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineeringDinis Cruz
 

Similaire à Resiliency in Systems Engineering (20)

Resilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate ChangeResilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate Change
 
Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systems
 
Performance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawPerformance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability Law
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems
 
slides.08.pptx
slides.08.pptxslides.08.pptx
slides.08.pptx
 
Requirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsRequirement Engineering for Dependable Systems
Requirement Engineering for Dependable Systems
 
Resisting to The Shocks
Resisting to The ShocksResisting to The Shocks
Resisting to The Shocks
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
 
European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...
 
Why resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudesWhy resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudes
 
Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery   student slides ver 1.0Module 4 disaster recovery   student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
 
Resilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix worldResilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix world
 
Reliability Engineering and Terotechnology
Reliability Engineering and TerotechnologyReliability Engineering and Terotechnology
Reliability Engineering and Terotechnology
 
PACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best PracticesPACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best Practices
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slides
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineering
 
Fault tolerance
Fault tolerance Fault tolerance
Fault tolerance
 

Plus de Caltech

Career Development Tips for Business Analysts
Career Development Tips for Business AnalystsCareer Development Tips for Business Analysts
Career Development Tips for Business AnalystsCaltech
 
Systems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial IntelligenceSystems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial IntelligenceCaltech
 
Systems Thinking: Applications to Space Systems
Systems Thinking:Applications to Space SystemsSystems Thinking:Applications to Space Systems
Systems Thinking: Applications to Space SystemsCaltech
 
Why Can't Johnny Improve?
Why Can't Johnny Improve?Why Can't Johnny Improve?
Why Can't Johnny Improve?Caltech
 
Identifying and Overcoming Roadblocks to Change
Identifying and Overcoming Roadblocks to ChangeIdentifying and Overcoming Roadblocks to Change
Identifying and Overcoming Roadblocks to ChangeCaltech
 
Inttoducing and Sustaining Change
Inttoducing and Sustaining ChangeInttoducing and Sustaining Change
Inttoducing and Sustaining ChangeCaltech
 
Leading Change without Authority
Leading Change without AuthorityLeading Change without Authority
Leading Change without AuthorityCaltech
 
Methods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
Methods to Sustain the Change: Measurment Systems, Rewards, and ReinforcementMethods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
Methods to Sustain the Change: Measurment Systems, Rewards, and ReinforcementCaltech
 
Core Skills for Change Agents
Core Skills for Change AgentsCore Skills for Change Agents
Core Skills for Change AgentsCaltech
 
Rightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project SuccessRightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project SuccessCaltech
 

Plus de Caltech (10)

Career Development Tips for Business Analysts
Career Development Tips for Business AnalystsCareer Development Tips for Business Analysts
Career Development Tips for Business Analysts
 
Systems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial IntelligenceSystems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial Intelligence
 
Systems Thinking: Applications to Space Systems
Systems Thinking:Applications to Space SystemsSystems Thinking:Applications to Space Systems
Systems Thinking: Applications to Space Systems
 
Why Can't Johnny Improve?
Why Can't Johnny Improve?Why Can't Johnny Improve?
Why Can't Johnny Improve?
 
Identifying and Overcoming Roadblocks to Change
Identifying and Overcoming Roadblocks to ChangeIdentifying and Overcoming Roadblocks to Change
Identifying and Overcoming Roadblocks to Change
 
Inttoducing and Sustaining Change
Inttoducing and Sustaining ChangeInttoducing and Sustaining Change
Inttoducing and Sustaining Change
 
Leading Change without Authority
Leading Change without AuthorityLeading Change without Authority
Leading Change without Authority
 
Methods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
Methods to Sustain the Change: Measurment Systems, Rewards, and ReinforcementMethods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
Methods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
 
Core Skills for Change Agents
Core Skills for Change AgentsCore Skills for Change Agents
Core Skills for Change Agents
 
Rightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project SuccessRightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project Success
 

Dernier

Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxSUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxNaveenVerma126
 
How to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfHow to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfRedhwan Qasem Shaddad
 
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptxVertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptxLMW Machine Tool Division
 
Phase noise transfer functions.pptx
Phase noise transfer      functions.pptxPhase noise transfer      functions.pptx
Phase noise transfer functions.pptxSaiGouthamSunkara
 
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchrohitcse52
 
Modelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsModelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsYusuf Yıldız
 
Mohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptxMohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptxKISHAN KUMAR
 
A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationA Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationMohsinKhanA
 
CSR Managerial Round Questions and answers.pptx
CSR Managerial Round Questions and answers.pptxCSR Managerial Round Questions and answers.pptx
CSR Managerial Round Questions and answers.pptxssusera0771e
 
News web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experienceNews web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experienceAkashJha84
 
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....santhyamuthu1
 
Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Bahzad5
 
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratoryدليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide LaboratoryBahzad5
 
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Ame3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Akarthi keyan
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical SensorTanvir Moin
 
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabuscloud computing notes for anna university syllabus
cloud computing notes for anna university syllabusViolet Violet
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesDIPIKA83
 

Dernier (20)

Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxSUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
 
Lecture 2 .pdf
Lecture 2                           .pdfLecture 2                           .pdf
Lecture 2 .pdf
 
How to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfHow to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdf
 
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptxVertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
Vertical- Machining - Center - VMC -LMW-Machine-Tool-Division.pptx
 
Phase noise transfer functions.pptx
Phase noise transfer      functions.pptxPhase noise transfer      functions.pptx
Phase noise transfer functions.pptx
 
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
 
Modelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsModelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovations
 
Présentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdfPrésentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdf
 
Mohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptxMohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptx
 
A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationA Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software Simulation
 
CSR Managerial Round Questions and answers.pptx
CSR Managerial Round Questions and answers.pptxCSR Managerial Round Questions and answers.pptx
CSR Managerial Round Questions and answers.pptx
 
News web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experienceNews web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experience
 
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
 
Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)
 
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratoryدليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
 
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Ame3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part A
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical Sensor
 
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabuscloud computing notes for anna university syllabus
cloud computing notes for anna university syllabus
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display Devices
 

Resiliency in Systems Engineering

  • 1. ©Caltech https://ctme.caltech.edu Resiliency in Systems Engineering Prepared for C-NO INCOSE Chapter – 18 August 2020 Rick Hefner, Ph.D. California Institute of Technology Center for Technology and Management Education rhefner@caltech.edu, 626.395.4043 Resiliency in SE | Hefner 1
  • 2. ©Caltech https://ctme.caltech.edu Background  Resilience is the ability to provide required capabilities in the face of adversity - any condition that may degrade the desired capability of a system  This presentation will discuss the characteristics of a resilient system and its supporting design techniques  Presentation is based on Systems Engineering courses at Caltech Center for Technology and Management Education, https://ctme.Caltech.edu 2Resiliency in SE | Hefner
  • 3. ©Caltech https://ctme.caltech.edu Resilience  Resilience is the ability to provide required capability in the face of adversity  Adversity is any condition that may degrade the desired capability of a system • Environmental sources • Normal failure • Human sources - malicious or accidental Can the corporate network function effectively under:  Flood, earthquake  Failure of any component  Human error in configuration  Cyber attack Resiliency in SE | Hefner 3
  • 4. ©Caltech https://ctme.caltech.edu Resiliency Emerging as a Major Design Consideration 4Resiliency in SE | Hefner What is Resiliency Engineering?, Kazuo Furuta
  • 5. ©Caltech https://ctme.caltech.edu Resiliency Challenges are Amplified in Systems of Systems  Systems acquired at different times, from different providers  Total system not designed top-down, so emergent behaviors may be unknown  Impact of individual failures of system performance 5Resiliency in SE | Hefner
  • 6. ©Caltech https://ctme.caltech.edu Framing the Resiliency Problem  The capability(s) of interest (note: a system may deliver several capabilities each of which may have different levels of resilience) • The measure(s) (and units) of the capability(s) • The target value(s) of the capability(s), perhaps by level (e.g., nominal, degraded mode, minimum useful, objective, threshold, etc.).  System modes of operation (e.g., operational, training, exercise, maintenance, update…)  The adversity(s) being considered for this resilience scenario • The ways that the adversity(s) affect(s) the system and how the system reacts in terms of its ability to deliver capability • The timeframe of interest  The required resilience (performance) of the capability in the face of each identified resilience scenario • E.g., expected availability, maximum allowed degradation, maximum length of degradation, etc. • Note there may be several resilience goals (e.g., threshold, objective, As Resilient as Practicable (ARAP)) 6Resiliency in SE | Hefner System Resilience, sebokwiki.org
  • 7. ©Caltech https://ctme.caltech.edu Types of Disruptions Type A – A disruption of input • An unexpected or unknown (to the designer) phenomenon • NY twin towers attack • Tacoma Narrows bridge • A change in environment • Katrina hurricane and flood Type B – A degradation in function, capability or capacity • Software error • Human error (in the system) • Nagoya • Metrolink 111 • Component failure • Challenger • Interaction Between Components • Helios 522 • Mars Polar Lander Resiliency in SE | Hefner 7
  • 9. ©Caltech https://ctme.caltech.edu Means of Achieving Resilience  Avoiding – Keep the adversity from happening or from effecting the system • E.g., shielding, hardening  Withstanding – Accept the adversity’s impact but continue operating despite it (perhaps at a reduced level) • E.g., redundancy  Recovering – Accept the adversity’s impact and reconfigure afterwards to continue operating • E.g., serviceable system  Evolving and adapting – Sense the approaching adversity and adjust over time to lessen/eliminate it’s impact • E.g., failure detection System Resilience, sebokwiki.org 9Resiliency in SE | Hefner
  • 10. ©Caltech https://ctme.caltech.edu Attributes of a Resilient System Robustness • Ability of a system to withstand a threat in the normal operating state Adaptability • Ability of a system that allows it to restructure itself in the face of a threat Tolerance • Ability of a system that allows it to degrade gracefully following an encounter with adversity Integrity • Property of being whole or cohesive Jackson, S., & Ferris, T. (2013). Resilience Principles for Engineered Systems. Systems Engineering, 16(2), 152-164. doi:10.1002/sys.21228. Resiliency in SE | Hefner 10
  • 11. ©Caltech https://ctme.caltech.edu Robustness Ability of a system to withstand a threat in the normal operating state Design techniques:  Absorption – Withstand a disturbance without a fundamental breakdown in the system’s performance or structure  Physical redundancy – Two or more independent and identical components to perform critical tasks  Functional redundancy – Two or more different ways to perform a critical task Resiliency in SE | Hefner 11
  • 12. ©Caltech https://ctme.caltech.edu Adaptability Ability of a system that allows it to restructure itself in the face of a threat Design techniques:  Restructuring  Human in the loop  Complexity avoidance – System no more complex than required  Drift correction – System senses an approaching failure and takes corrective/ preventative action Resiliency in SE | Hefner 12
  • 13. ©Caltech https://ctme.caltech.edu Tolerance Ability of a system that allows it to degrade gracefully following an encounter with adversity Design techniques:  Modularity – Functionality is distributed through multiple nodes, so if one node is damaged, others continue to function  Loose coupling – Events in various elements can occur independently  Neutral state - System is put into neutral state, if possible, following a disruption  Reparability – System can be brought to partial or full capability, over a specified period of time, in a specified environment  Defense in depth – Two or more ways to address a vulnerability Resiliency in SE | Hefner 13
  • 14. ©Caltech https://ctme.caltech.edu Integrity Property of being whole or cohesive (acting as a unified whole in the face of a threat) Design techniques:  Internode interaction – Every node, or element, of a system should be capable of communicating, cooperating, and collaborating with every other node  Reduce hidden infrastructures – Potentially harmful interactions between nodes of the system are reduced Resiliency in SE | Hefner 14
  • 15. ©Caltech https://ctme.caltech.edu Other Perspectives Engineering techniques  adaptive response  analytic monitoring  coordinated defense  deception  distribution  detection avoidance  diversification  dynamic positioning  dynamic representation  effect tolerance  non-persistence  privilege restriction Objectives  Adapt  Anticipate  Understand  Disaggregate  Prepare  Prevent  Continue  Constrain  Redeploy  Transform  Re-architect  proliferation  protection  realignment  reconfiguring  redundancy  replacement  segmentation  substantiated integrity  substitution  threat suppression  unpredictability Brtis, J. S., and McEvilley, M. A. (2019). Systems Engineering for Resilience, MITRE Technical Report Resiliency in SE | Hefner 15
  • 16. ©Caltech https://ctme.caltech.edu System Resilience Relationships Resiliency in SE | Hefner 16
  • 17. ©Caltech https://ctme.caltech.edu Summary  System engineers must increasingly consider resiliency in designing systems  Multiple design principles exist – selecting and applying the right one(s) requires experience and judgement 17Resiliency in SE | Hefner