Page 29 - Read Online
P. 29
Page 130 of 139 Clédel et al. J Surveill Secur Saf 2020;1:11939 I http://dx.doi.org/10.20517/jsss.2020.08
enablingresiliencefactorssuchasdetectionandemergencyresponse. Thesepotentialsarerepresentedbyfuzzy
attributes and are given a value defined within [0, 1]. Uncertainties’ attributes, such as the relative importance
of resilience potentials for a specific process, are also considered and are given a similar value. Then, values
assigned to all these fuzzy attributes, resilience potentials, and uncertainties are combined using membership
functions to produce an estimation of the system resilience .
Azadeh et al. [50] used nine resilient factors/potentials contributing to a complex system resilience. While six
of them were described [18] and used by Shirali et al. in a semi-quantitative metric [43] , the authors added
three factors: teamwork, redundancy, and fault-tolerance. Because these nine factors depend on each other,
fuzzy cognitive maps are used to represent their interconnections and evaluate their contribution to system
resilience. Following Aleksic et al. [49] , membership functions are associated with each factor in order to
evaluate the system resilience.
Clédel etal. [51] provided a framework tocompare the resilience potential of different systems or configurations
of the same system. The described model and metric cannot be used to determine if a system is resilient to
a specific threat but it is used to determine if a system has more resilience potential than another one. A sys-
tem is represented as a network of components. Components are service users of their previous components
in the network and service providers of their next components. Services are represented through a partially
ordered set of attributes, called data dimensions. Components inputs are fuzzy values associated with some
dimensions. A value assigned to a dimension corresponds to the likelihood of this dimension to be exter-
nally consistent [52,53] . The article shows how these fuzzy values can be aggregated and manipulated so that
components output fuzzy values associated with a set of data dimensions. Resilience is evaluated as follows:
some nodes are the system client and their input values are fuzzy values for some expected dimensions. These
expected dimensions correspond to services expected to be provided by the system, and their corresponding
values are the likelihood for these services to be provided.
4.4. Frameworks
Some articles do not provide metrics or methods to evaluate the current resilience of a system. In place, they
proposemethodologies,guidelines,andgoodpracticesthataretobefollowedtodesign,maintain,andenhance
the resilience of a system.
A framework for resilience, based on PAR risk assessment model [54] was proposed by Arghandeh et al. [25] .
They claimed that, contrary to a risk assessment framework, the temporal dimension of disturbances and re-
sponse time of remedies are to be considered in a resilience framework. Moreover, probabilities of occurrence
of disturbance are not crucial except if the system has not yet recovered from a previous disturbance. A re-
silient system life cycle consists in three steps: (1) system identification, which is the establishment of network
topology, physical characteristics, system behaviors, etc. (2) vulnerability analysis, which is basically an ongo-
ing risk analysis taking into consideration the temporal aspect of the disruptions; and (3) resilience operations,
which define new settings to improve recovery and absorbing potentials of the system. Once these changes
have been made, a new identification phase begins.
Linkov et al. [55,56] provided a 4 × 4 matrix of resilience metrics. Each cell of the matrix corresponds to one of
the four stages of event management cycle and one of the four system domains. Domains are different system
layers: physical, information, cognitive, and social, and the stages correspond to one pre-event phase (Prepare)
and three event handling phases (Absorb, Recover, and Adapt). Instead of providing a metric for resilience, the
authors proposed to use cells of thematrix as guidelines to build metrics that, oncecombined, allow measuring
the overall system resilience.