By Dr. Massoud Amin, Professor – University of Minnesota and Cofounder/Past Chairman – Cyber Security Summit
June 18, 2020
The Why: Complexity, systems dynamics and interdependencies
Around 1600, John Donne, an English poet and preacher, delivered a sermon that began: “No man is an island.” Today, a less poetic, but more politically and technologically correct, version of this sentiment might be: “All human beings are interconnected through complex interactive dynamic networks and systems.”
As our society, enterprises and industries, and the world, grow more interconnected, we are becoming surrounded by complex networked systems. These systems consist of numerous components interlinked in complicated webs. Because of the number of components and their intricate interconnections, and within this on-going transformation, there are significant challenges at nearly every level of the enterprise. However, ultimately “leadership” sets the tone, and despite these challenges, understanding complex networked systems is becoming critical, and is an essential enabler for success and progress.
We are at a time where leadership is needed, especially in the cyber realms, as information systems are increasingly connected to not just IT networks but also operational technologies (OT), which control all kinds of complex dynamic systems that affect our lives, businesses, security, quality of life, and well-being.
The Who: Leadership
In many complex networks, the human participants themselves are both the most susceptible to failure and the most adaptable in the management of recovery. There are clearly many opportunities for modeling, simulation, and the use of data-driven evidence-based AI and Machine Learning in this area. Modeling these networks, especially their economic and financial aspects, will require modeling the bounded rationality of actual human thinking, unlike that of a hypothetical “expert” human as in most applications of AI.
Effective and strategic management in all such networks, foresight, and prevention of undesirable outcomes throughout and between networks, require a basic understanding of true system dynamics, rather than mere linear projections or sequences of steady-state operations. Effective, intelligent, distributed control is required that would enable parts of the networks to remain operational and even automatically re-configure in the event of local failures or even threats of failure. All this also includes “coopetition” – competitive and cooperative – strategies for proactive course, resource, and velocity adjustments and re-configuration to avoid or recover from failure(s).
• In short, what are we trying to do/solve?
• Internal and external analyses, best practices (beyond lists and audits), and a lot more.
• What are the assets, performance metrics, gaps/issues, challenges/opportunities, associated risks/benefits, costs/ROI, and over what time horizon?
• The issues of distributed versus centralized control, especially the information available, required, and desired at each node in each case.
• Consider how to achieve robust and secure systems, even at the expense of optimization. The problem is how to design the trade-off between security, resilience and optimality so that the system will slide smoothly among these goals when failures or other unexpected events occur.
• In the case of human-operated systems (which most are), there is the problem of how to make systems “human error tolerant” without killing human creativity, especially creativity in responding to the unexpected.
• Early/precursor detection and proactive security: How can we tell when a situation is getting out of hand? We need an “expert system” that is capable of analyzing the effect of the particular combination of parameters that is currently out of normal range.
• It is necessary to plan and re-plan, i.e.: restart the planning process repeatedly, beginning from the present state of the system. While this is going on, how should non-critical information be handled? Another issue is how to deal with a situation where we are trying to recover from a fault, but a planned change is also occurring.
• How much can we expect of pre-attentive processing on the part of the key units/personnel? [Reference: “Development and Leadership of Research Consortia: Lessons learned and possible road ahead for continued innovation”]
In conclusion, our reliance on total interconnections comes with so many benefits, however there are downsides that must be addressed by leaders. This IS ultimately a key part of a leader’s very own core responsibilities, even if he/she has delegated it to others. John Donne recognized this long ago when he ended that same sermon on an ominous note: “Never send to know for whom the bell tolls; it tolls for thee.”
For more information, please see:
Dr. Massoud Amin, IEEE and ASME Fellow, is a professor of electrical & computer engineering (ECE), and a University Distinguished Teaching Professor Award Recipient, at the University of Minnesota. He is widely credited as being the father of the smart electric power grid (https://tli.umn.edu/tli-blog/inspiration-behind-smart-grid-series-defining-moments), and a cyber-physical security leader, who directed all security-related R&D for all North American utilities after the 9/11 tragedies… full bio