The safe and continued functioning of critical infrastructures-such as electricity, natural gas, transportation, and water-is a social imperative. Yet the complex connections between these systems render them increasingly precarious. Furthermore, though we depend so heavily on interconnected infrastructures, we do not fully understand the risks involved in their failure.
Emery Roe and Paul R. Schulman argue that designs, policies, and laws often overlook the knowledge and experiences of those who manage these systems on the ground-reliability professionals who have vital insights that would be invaluable to planning. To combat this major blind spot, the athors construct a new theoretical perspective that reveals how to make sense of complex interconnected networks and improve reliability through management, regulation, and political leadership. To illustrate their approach in action, they present a multi-year case study of one of the world's most important "infrastructure crossroads," the San Francisco Bay-Delta. Reliability and Risk advances our understanding of what it takes to ensure the dependability of the intricate-and sometimes hazardous-systems on which we rely every day.
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
weitere Ausgaben werden ermittelt
Emery Roe is Senior Research Associate at University of California, Berkeley's Center for Catastrophic Risk Management.
Paul R. Schulman is Professor of Government at Mills College and a Senior Research Associate at University of California, Berkeley's Center for Catastrophic Risk Management.
Contents and Abstracts1The Infrastructure Society chapter abstractThis chapter introduces the book's argument about the central role critical infrastructures for providing clean water, communications, transportation, electricity, flood protection, financial services, and major emergency response, among other contemporary essentials, have in society and for individual well-being. The capabilities of humans to manage these complex and increasingly connected infrastructure systems are being stretched to their limits. Yet society insists these systems must have permanent continued and predictable operation at high levels of dependability and safety. This chapter reviews the literature on the pivotal role of infrastructures in present-day societies, discusses the major properties of these infrastructures, looks at the overarching priority that they be managed safely and continuously, and considers the risks from infrastructures being more and more interconnected and seemingly more and more vulnerable to large cross-system failure.
2The Interinfrastructure Challenge chapter abstractA great deal of policy and debate over interconnected infrastructures focuses on a subset of the major patterns and ways two or more infrastructures are interconnected. Cascading interinfrastructure failure, in which the failure of one triggers failure in another that is spatially near or otherwise functionally dependent on it, has received considered attention. However, at least five other types of interconnectivity in ICISs are of policy and management relevance, and these are introduced and implications drawn for subsequent chapters. The six ICISs are illustrated from our case study and through the secondary literature.
3High Reliability in Critical Infrastructures chapter abstractThe main concepts and features of high-reliability management in critical infrastructures are described. The chapter gives special attention to the precluded-events standard for reliability (i.e., certain events must never happen); the centrality of control rooms and their properties for high-reliability management in real time; the key role that reliability professionals have in this management, especially when confronting the inevitable surprise of unexpected events in a system of poor design, technology, and regulation; and the reliability-relevant stages of infrastructure operations-normal, disrupted, restored, failed, recovered, and new normal-with special attention to and a case study of the intensive interorganizational requirements recovery of major infrastructures that have failed.
4A Framework for ICIS Reliability Management chapter abstractThis chapter, and the next two, sets out the framework of the book, focusing on reliability management of ICISs. It begins by demonstrating how the dominant conceptualizations of interconnectivity fall short in their almost-exclusive attention on design and technology solutions to interinfrastructure failure and lack of attention to the management dimension necessary for real-time reliability. The chapter lays out the building blocks of a framework for reliable (and safe) operations at the ICIS level: the design-management continuum for reliability management, simple models and definitions of systems of one or more infrastructures, the pivotal concept of control variables shared by infrastructures, types of system resilience and their definition within an ICIS, four basic types of interconnectivity configurations and their shift points, the specific dimensions of interconnectivity, and management of latent interconnectivity. Examples are drawn throughout from the case study.
5A Framework for ICIS Risk Management chapter abstractIn the book's framework, risks follow from reliability: the standard of reliability chosen, the special skills of reliability professionals to manage the way they do (including managing the risks that come from managing reliably), and the special features of the control rooms these professionals work in and with. This chapter focuses on the risk side of reliability management and elaborates on the previous chapter's framework building blocks for reliability management at the ICIS level: unpredictabilities that must be managed for reliability purposes (risk, uncertainty, ambiguity, and unstudied conditions), the control room's comfort zone for these unpredictabilities, manifest versus latent risks and the implications of their difference for managing across four performance modes in the control room, and the importance of these building blocks and their implications for ICISs, including increased calls for coordination, innovation, and efficiency. Examples from the case study are used throughout.
6Our Framework in a Comparative Analytic Perspective chapter abstractCurrent models of ICISs often assume a cat's-cradle of interconnectivity, in which everything is connected to everything else. This chapter calls that assumption into question from the perspective of both the framework presented and the empirical evidence from managing reliability and risk at the ICIS level. A review of the literature shows that infrastructures are typically managed so as to prevent interinfrastructural cascades, and there are far fewer cascades than current models would lead us to expect. The case study also supports that finding, and the chapter gives many examples of both positive and negative instances of interinfrastructural connectivity. One important implication from both the primary and the secondary research is that there is a fundamental difference between system-failure and system-normal operations in ICISs in terms of time and scale.
7The Full Cycle of Infrastructure Operations chapter abstractThis chapter expands the discussion of how time and scale interact with risk when managing infrastructures for reliability. The whole cycle of infrastructure operations ranges from normal to disrupted, restored, failed, recovered, and new normal. Risks vary by the stage of the cycle, and each stage is managed for reliability differently. Thus, a disruption in one infrastructure of an ICIS requires not only zooming down to determine root causes but also zooming up to determine its impact on the entire infrastructure as a system and zooming across to determine how these impacts affect infrastructures interconnected with it. Two examples-the 2010 San Bruno gas explosion and the major nexus of infrastructure on an island in the Delta-illustrate how risk analysis is to be undertaken in the ICIS setting.
8Managing Interconnected Control Variables: A Case of Electricity and Water chapter abstractThis chapter presents a detailed case study of control variables shared across critical infrastructures, the framework's core concept, and what this implies for reliability and risk management at the ICIS level. The input-output interconnectivity between water flows at the Banks pumps of the State Water Project near Tracy and electricity flows from the transmission grid to power those pumps is examined. Using a unique multiyear dataset and statistical analysis, the chapter shows how changes in electricity flows to the Banks pumps, an extremely important element in the State Water Project, affect changes in water flows through those pumps and what the implications are for resilience in each infrastructure's operations.
9Interinfrastructural Innovation and Its Control Room Impacts: A Case Study of CAISO and MRTU chapter abstractControl rooms occupy center stage in the book's framework for ICIS reliability and risk because of their unique organizational niche and special features and capacities when it comes to ensuring high reliability in critical services. This chapter presents a case study of the Market Redesign and Technology Upgrade (MRTU), a software innovation. This technological change affected real-time reliability in the control room of California's electricity transmission manager, the California Independent System Operator (CAISO). The chapter brings together the concepts of performance modes, comfort zones, the whole cycle of operations, and precursor resilience.
10Interconnected Infrastructure Systems as a Complex Policy Problem chapter abstractThe book's findings and framework call for a rethinking of critical infrastructures as a policy problem in two major respects. First, this chapter reconsiders the many criticisms of leadership and regulation with respect to infrastructure performance. Second, the chapter asks, regarding another policy issue that the framework itself highlights, is there an ICIS-a system of infrastructure systems-to lead, evaluate, and regulate?
11Toward Multiple Reliability Standards for Interconnected Infrastructure Systems chapter abstractThe book's framework and analysis demonstrate that the high reliability of individual infrastructures is increasingly at its limits in an interconnected setting. Loss of service in one infrastructure cannot be precluded by another infrastructure that depends on it, which means that the standards for reliability within an ICIS setting are no longer those of only high reliability and its precluded-events standard. Other standards of reliability are also at work-where the focus is on avoided, inevitable, or compensable events-and this chapter discusses them. The types of risks to manage arise from the standards of reliability being followed (deciding the trade-offs among risks does not necessarily lead to reliability). Policy makers, legislators, regulators, and the public must better understand the implications of the real choices being made.
"This book engages a critical domain with an unusually acute level of empirical and conceptual nuance. It significantly extends the discussion of reliability and risk assessment, issuing strong challenges to practitioners and offering pointed implications for operational and regulatory leaders. An important, demanding work." -- Todd R. LaPorte, University of California * Berkeley * "When critical infrastructures become operational, they come with a degree of risk. Interdependency was not an issue when most of the Delta infrastructure, described in this book, was first constructed. But, it has become a major challenge for the Bay Area. Reliability and Risk describes how highly trained professionals have dramatically improved our ability to manage in this new environment, drawing out lessons that will be indispensable for regions around the globe." -- Don Boland * California Utilities Emergency Association * "This brilliant and provocative analysis translates complex interorganizational dependencies into accessible images and manageable practices. Complexity on this scale has been largely neglected because it is so difficult to register. But that has not deterred Roe and Schulman. Their argument coheres and is strengthened by a consistent focus on managers who bring agency to technical and physical systems. This important book will have enduring impact at a time when reliability and resilience across vulnerable infrastructures is becoming a dominant issue." -- Karl E. Weick * co-author of <i>Managing the Unexpected</i>, Third Edition * "In this wonderful book, Roe and Schulman sound the alarm: the critical infrastructures on which society depends are at risk. System operators may no longer be able to keep these risks at bay. This book explains in clear prose what we need to understand to keep those critical systems working." -- Arjen Boin * Leiden University * "In this important book, Schulman and Roe take us on an eye-opening journey through the hidden difficulties of managing our critical infrastructures. By examining the realities faced by a range of professionals, these two leading thinkers develop a rich and innovative account of the nature of reliability and resilience. Reframing some of our most fundamental assumptions about risk and safety, this book will be of enormous use to practitioners, policymakers, and researchers who seek to understand complex systems." -- Carl Macrae * University of Oxford and author of <i>Close Calls: Managing Risk and Resilience in Airline Flight Safety</i> *
Dewey Decimal Classfication (DDC)