Page 28 - Read Online
P. 28
Clédel et al. J Surveill Secur Saf 2020;1:11939 I http://dx.doi.org/10.20517/jsss.2020.08 Page 129 of 139
this event, the conditional probability of this solution to be activated and the conditional probability of the
system to recover once resilience mechanisms are engaged.
Once all undesired events are determined, resilience of a system is the sum, for all these events, of the probabil-
ity of occurrence of each event multiplied by a resilience factor [15] . The resilience factor is system specific and
event specific, as described in Section 4.1. For this metric, resilience factors are weighted with a fragility func-
tion that corresponds to a probability function of system failure. This fragility function is also event specific.
On top of that, probabilities of the occurrence of events is combined with an entropy factor that represents the
uncertainty of these probability distributions.
Thompsonetal. [33] presentedresilienceasthemaintenanceofasecuritylevelandresilienceisachievedinthree
steps: detection, containment, and resolution. According to this description, a metric based on these three
capacitiesisproposed [45] . Foradeterminedsecuritybreach, aprobabilityisassignedtoeachofthesecapacities
and represents the probability that the breach is detected, contained, or resolved. The authors argued that three
events can lead to the restoration of the expected security state: (1) the breach is detected, then contained, and
finally resolved; (2) the breach is detected and resolved without containment; and (3) the breach is resolved
without detection or containment. As these events are independent, resilience is the probability that one of
these events occurs.
Dynamic Bayesian networks are used [46] to represent a system. The resilience of a system to a disruption
is expressed as the joint probability of the occurrence of the disruption and of the three resilient capacities:
the probability to absorb, adapt to, and recover from the disruption. The authors described a nuclear plant,
Fukushima Daiichi, as a set of eleven components such as Process Control System, Cooling System, Sea Wall,
etc. These components contribute to at least one of the three resilience capacities, and the contribution of
a component to one capacity is represented by a failure probability. Thus, 1–3 failure probabilities can be
associatedtoeachcomponent. Nevertheless,ascomponentscanbeinvolvedinmorethanoneresilientcapacity,
thethreeresilientcapacitiesarenotindependentandBayesianNetworksareusedtomodelthesedependencies.
The result of the application of this model is the time-dependent probability function of the resilience of a
system to a determined disruption.
4.3. Fuzzy models
Fuzzy sets are a generalization of conventional set theory that were introduced by Zadeh [47] as a mathematical
aswellasnaturalwaytodealwithproblemsinwhichthesourceofimprecisionistheabsenceofsharplydefined
criteria. They play an important role in human thinking such as determining if someone is tall or if something
belongs to the class of animals. For example, while dogs are clearly classified as animals, it is more ambiguous
concerning bacteria, plankton, etc. The articles given in this section use fuzzy sets and membership functions
to build metrics for resilience.
According to Francis and Bekera [15] , resilience is a designed and engineered property of a system. More-
over, Muller [48] proposed to separately evaluate system architectures through attributes such as redundancy,
adaptivity, robustness, etc, for which numerous metrics already exist. To accommodate differences amongst
metrics, system architectures are thus represented with fuzzy membership functions associated with evaluated
resilience attributes. Using these membership functions, resilience attributes are combined using fuzzy rules
to obtain a measure of resilience from a resilience membership function. An example of fuzzy rule is:
IF adaptability is moderate AND robustness is high THEN resilience is high
Toevaluateorganizationalresilience, Aleksic etal. [49] proposedtoconsiderasystemasanetworkofprocesses.
Processes have many resilience potentials, divided into three categories: (1) internal factors such as quality,
human factors, or planning strategies; (2) external factors that are external capacities and capabilities; and (3)