Page 31 - Read Online
P. 31
Page 132 of 139 Clédel et al. J Surveill Secur Saf 2020;1:11939 I http://dx.doi.org/10.20517/jsss.2020.08
Resilience
Challenge Tolerance Trustworthiness
Disruption Quality of
Survivability Dependability
tolerance Service
Fault Reliability
tolerance Traffic Safety Security
tolerance
Figure 3. Disciplines of resilience from [21] .
sidered resilience as a super-set of numerous properties such as robustness, adaptiveness, survivability, and
fault-tolerance. Numerous disciplines contribute to the resilience of a system, but they have been developed
independently in different engineering domains [21] . Interconnections between these disciplines are shown in
Figure 3 and the Table 2.
5.1. Risk assessment
McDonald [17] described resilience as a capacity to anticipate and manage risk efficiently. However, resilience is
clearly distinguished from risk assessment [15,18] . While risk assessment determines potential undesired events,
their causal factors and negative consequences, and how to mitigate the exposure of the system to those events,
resilience focuses on the system abilities to face undesired events and does not put the emphasis on the events
themselves. In the domain of engineered system, safety and resilience are distinct but linked. According to
Francis and Bekera [15] , resilience aims to compensate poor system design in the case of unanticipated events.
As a consequence, resilience can be seen as an addition to safety since it brings the “ability to anticipate, cir-
cumvent and recover rapidly from events that threaten safety”. Comforting this distinction, the risk assessment
goal is situation awareness and diagnostics while “resilience is about the mitigation of unexpected rare extreme
failures” [25] that can necessitate extreme remedial actions such as partial or temporary outages in order to en-
sure the availability of critical services. Resilience is “essential when risk is incomputable” and is characterized
“by surprise, complexity, urgency and the necessity of adaptation” [55] . Moreover, historic data of such rare
events are out-of-date, uncertain, and biased, and it is not always pertinent to compare them with more recent
events [18] . Thus, resilience approaches are complementary to, but distinct from risk analysis approaches, or
from risk-aware approaches [62] .
On top of that, faults resulting from the cyber-environment and intelligent adversary are generally not consid-
ered while critical infrastructure are increasingly connected and cyber-physical systems become the norm [39] .
5.2. Robustness
Robustness, as described by Sterbenz et al. [21] , is a system property that corresponds to the behavior of a
system in face of challenges. It bridges the gap between the trustworthiness of a system, which consists in its
dependability, security, and quality of service, and the challenge tolerance of the system, which corresponds to
thesystemtolerancetofaults, disruptions, intrusion, etc. Whileresilienceandrobustnessaresimilaraccording
to Sterbenz et al., other authors make a clear distinction between these two notions.
According to Arghandeh et al. [25] , “robustness is the ability of a system to cope with a given set of distur-
bances and maintain its functionality”. Thus, robustness is centralized on stability and the handling specific
threats, whereas resilience is concerned with flexibility and unbounded perturbations. In other words, re-
silience tolerates a degradation of performance as it is the ability to recover an original level of performance
after a disruption, but, by definition, robustness does not tolerate degradation of performance [56] . The authors
of [34,63] compared robustness and resilience: the former is related to consequences and uncertainties given a
fixed harmful event while the latter is related to consequences and associated uncertainties but without con-
