SlideShare ist ein Scribd-Unternehmen logo

Resiliency in Systems Engineering

Caltech
Caltech

Resiliency in systems engineering refers to the ability of a system to continue operating as intended despite disruptions or failures. The presentation discusses characteristics of resilient systems like robustness, adaptability, and tolerance. It provides techniques to achieve resilience such as redundancy, modularity, and loose coupling. System engineers must consider resilience when designing systems to withstand various types of adversities like component failures, human errors, and environmental disruptions.

Ingenieurwesen
1 von 17
Downloaden Sie, um offline zu lesen
©Caltech https://ctme.caltech.edu Resiliency in Systems Engineering Prepared for C-NO INCOSE Chapter – 18 August 2020 Rick Hefner, Ph.D. California Institute of Technology Center for Technology and Management Education rhefner@caltech.edu, 626.395.4043 Resiliency in SE | Hefner 1
©Caltech https://ctme.caltech.edu Background  Resilience is the ability to provide required capabilities in the face of adversity - any condition that may degrade the desired capability of a system  This presentation will discuss the characteristics of a resilient system and its supporting design techniques  Presentation is based on Systems Engineering courses at Caltech Center for Technology and Management Education, https://ctme.Caltech.edu 2Resiliency in SE | Hefner
©Caltech https://ctme.caltech.edu Resilience  Resilience is the ability to provide required capability in the face of adversity  Adversity is any condition that may degrade the desired capability of a system • Environmental sources • Normal failure • Human sources - malicious or accidental Can the corporate network function effectively under:  Flood, earthquake  Failure of any component  Human error in configuration  Cyber attack Resiliency in SE | Hefner 3
©Caltech https://ctme.caltech.edu Resiliency Emerging as a Major Design Consideration 4Resiliency in SE | Hefner What is Resiliency Engineering?, Kazuo Furuta
©Caltech https://ctme.caltech.edu Resiliency Challenges are Amplified in Systems of Systems  Systems acquired at different times, from different providers  Total system not designed top-down, so emergent behaviors may be unknown  Impact of individual failures of system performance 5Resiliency in SE | Hefner
©Caltech https://ctme.caltech.edu Framing the Resiliency Problem  The capability(s) of interest (note: a system may deliver several capabilities each of which may have different levels of resilience) • The measure(s) (and units) of the capability(s) • The target value(s) of the capability(s), perhaps by level (e.g., nominal, degraded mode, minimum useful, objective, threshold, etc.).  System modes of operation (e.g., operational, training, exercise, maintenance, update…)  The adversity(s) being considered for this resilience scenario • The ways that the adversity(s) affect(s) the system and how the system reacts in terms of its ability to deliver capability • The timeframe of interest  The required resilience (performance) of the capability in the face of each identified resilience scenario • E.g., expected availability, maximum allowed degradation, maximum length of degradation, etc. • Note there may be several resilience goals (e.g., threshold, objective, As Resilient as Practicable (ARAP)) 6Resiliency in SE | Hefner System Resilience, sebokwiki.org
©Caltech https://ctme.caltech.edu Types of Disruptions Type A – A disruption of input • An unexpected or unknown (to the designer) phenomenon • NY twin towers attack • Tacoma Narrows bridge • A change in environment • Katrina hurricane and flood Type B – A degradation in function, capability or capacity • Software error • Human error (in the system) • Nagoya • Metrolink 111 • Component failure • Challenger • Interaction Between Components • Helios 522 • Mars Polar Lander Resiliency in SE | Hefner 7
©Caltech https://ctme.caltech.edu Failure States Resiliency in SE | Hefner 8
©Caltech https://ctme.caltech.edu Means of Achieving Resilience  Avoiding – Keep the adversity from happening or from effecting the system • E.g., shielding, hardening  Withstanding – Accept the adversity’s impact but continue operating despite it (perhaps at a reduced level) • E.g., redundancy  Recovering – Accept the adversity’s impact and reconfigure afterwards to continue operating • E.g., serviceable system  Evolving and adapting – Sense the approaching adversity and adjust over time to lessen/eliminate it’s impact • E.g., failure detection System Resilience, sebokwiki.org 9Resiliency in SE | Hefner
©Caltech https://ctme.caltech.edu Attributes of a Resilient System Robustness • Ability of a system to withstand a threat in the normal operating state Adaptability • Ability of a system that allows it to restructure itself in the face of a threat Tolerance • Ability of a system that allows it to degrade gracefully following an encounter with adversity Integrity • Property of being whole or cohesive Jackson, S., & Ferris, T. (2013). Resilience Principles for Engineered Systems. Systems Engineering, 16(2), 152-164. doi:10.1002/sys.21228. Resiliency in SE | Hefner 10
©Caltech https://ctme.caltech.edu Robustness Ability of a system to withstand a threat in the normal operating state Design techniques:  Absorption – Withstand a disturbance without a fundamental breakdown in the system’s performance or structure  Physical redundancy – Two or more independent and identical components to perform critical tasks  Functional redundancy – Two or more different ways to perform a critical task Resiliency in SE | Hefner 11
©Caltech https://ctme.caltech.edu Adaptability Ability of a system that allows it to restructure itself in the face of a threat Design techniques:  Restructuring  Human in the loop  Complexity avoidance – System no more complex than required  Drift correction – System senses an approaching failure and takes corrective/ preventative action Resiliency in SE | Hefner 12
©Caltech https://ctme.caltech.edu Tolerance Ability of a system that allows it to degrade gracefully following an encounter with adversity Design techniques:  Modularity – Functionality is distributed through multiple nodes, so if one node is damaged, others continue to function  Loose coupling – Events in various elements can occur independently  Neutral state - System is put into neutral state, if possible, following a disruption  Reparability – System can be brought to partial or full capability, over a specified period of time, in a specified environment  Defense in depth – Two or more ways to address a vulnerability Resiliency in SE | Hefner 13
©Caltech https://ctme.caltech.edu Integrity Property of being whole or cohesive (acting as a unified whole in the face of a threat) Design techniques:  Internode interaction – Every node, or element, of a system should be capable of communicating, cooperating, and collaborating with every other node  Reduce hidden infrastructures – Potentially harmful interactions between nodes of the system are reduced Resiliency in SE | Hefner 14
©Caltech https://ctme.caltech.edu Other Perspectives Engineering techniques  adaptive response  analytic monitoring  coordinated defense  deception  distribution  detection avoidance  diversification  dynamic positioning  dynamic representation  effect tolerance  non-persistence  privilege restriction Objectives  Adapt  Anticipate  Understand  Disaggregate  Prepare  Prevent  Continue  Constrain  Redeploy  Transform  Re-architect  proliferation  protection  realignment  reconfiguring  redundancy  replacement  segmentation  substantiated integrity  substitution  threat suppression  unpredictability Brtis, J. S., and McEvilley, M. A. (2019). Systems Engineering for Resilience, MITRE Technical Report Resiliency in SE | Hefner 15
©Caltech https://ctme.caltech.edu System Resilience Relationships Resiliency in SE | Hefner 16
©Caltech https://ctme.caltech.edu Summary  System engineers must increasingly consider resiliency in designing systems  Multiple design principles exist – selecting and applying the right one(s) requires experience and judgement 17Resiliency in SE | Hefner

Empfohlen

Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
juliekannai
 
Fault tolerance on cloud computing
Fault tolerance on cloud computingFault tolerance on cloud computing
Fault tolerance on cloud computing
www.pixelsolutionbd.com
 
1050_Thomas
1050_Thomas1050_Thomas
1050_Thomas
Scott Thomas
 
Current Trends in Systems Engineering
Current Trends in Systems EngineeringCurrent Trends in Systems Engineering
Current Trends in Systems Engineering
Caltech
 
SAIEE presentation - Power System Resilience - Why should we CARE as energy u...
SAIEE presentation - Power System Resilience - Why should we CARE as energy u...SAIEE presentation - Power System Resilience - Why should we CARE as energy u...
SAIEE presentation - Power System Resilience - Why should we CARE as energy u...
Malcolm Van Harte
 
Without Resilience, Nothing Else Matters
Without Resilience, Nothing Else MattersWithout Resilience, Nothing Else Matters
Without Resilience, Nothing Else Matters
Jonas Bonér
 
Software archiecture lecture05
Software archiecture lecture05Software archiecture lecture05
Software archiecture lecture05
Luktalja
 
Michael.bay
Michael.bayMichael.bay
Michael.bay
NASAPMC
 

Empfohlen

Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
juliekannai
 
Fault tolerance on cloud computing
Fault tolerance on cloud computingFault tolerance on cloud computing
Fault tolerance on cloud computing
www.pixelsolutionbd.com
 
1050_Thomas
1050_Thomas1050_Thomas
1050_Thomas
Scott Thomas
 
Current Trends in Systems Engineering
Current Trends in Systems EngineeringCurrent Trends in Systems Engineering
Current Trends in Systems Engineering
Caltech
 
SAIEE presentation - Power System Resilience - Why should we CARE as energy u...
SAIEE presentation - Power System Resilience - Why should we CARE as energy u...SAIEE presentation - Power System Resilience - Why should we CARE as energy u...
SAIEE presentation - Power System Resilience - Why should we CARE as energy u...
Malcolm Van Harte
 
Without Resilience, Nothing Else Matters
Without Resilience, Nothing Else MattersWithout Resilience, Nothing Else Matters
Without Resilience, Nothing Else Matters
Jonas Bonér
 
Software archiecture lecture05
Software archiecture lecture05Software archiecture lecture05
Software archiecture lecture05
Luktalja
 
Michael.bay
Michael.bayMichael.bay
Michael.bay
NASAPMC
 
Resilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate ChangeResilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate Change
eu-circle
 
Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)
eu-circle
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systems
Alan Tatourian
 
Performance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawPerformance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability Law
Kevin Brockhoff
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems
Jaap van Ekris
 
slides.08.pptx
slides.08.pptxslides.08.pptx
slides.08.pptx
balewayalew
 
Requirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsRequirement Engineering for Dependable Systems
Requirement Engineering for Dependable Systems
Kamalika Guha Roy
 
Resisting to The Shocks
Resisting to The ShocksResisting to The Shocks
Resisting to The Shocks
Stefano Fago
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
prakashjjaya
 
European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...
Global Risk Forum GRFDavos
 
Why resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudesWhy resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudes
Uwe Friedrichsen
 
Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]
David Wilson
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
NASAPMC
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
Aladdin Dandis
 
Resilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix worldResilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix world
Rares Musina
 
Reliability Engineering and Terotechnology
Reliability Engineering and TerotechnologyReliability Engineering and Terotechnology
Reliability Engineering and Terotechnology
Christian Enoval
 
PACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best PracticesPACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best Practices
Pace IT at Edmonds Community College
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slides
CMDLMS
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineering
Dinis Cruz
 
Fault tolerance
Fault tolerance Fault tolerance
Fault tolerance
Kawsar Hasan
 
Career Development Tips for Business Analysts
Career Development Tips for Business AnalystsCareer Development Tips for Business Analysts
Career Development Tips for Business Analysts
Caltech
 
Systems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial IntelligenceSystems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial Intelligence
Caltech
 

Weitere ähnliche Inhalte

Ähnlich wie Resiliency in Systems Engineering

Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)
eu-circle
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
prakashjjaya
 
Why resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudesWhy resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudes
Uwe Friedrichsen
 
Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]
David Wilson
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
NASAPMC
 
Resilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix worldResilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix world
Rares Musina
 

Ähnlich wie Resiliency in Systems Engineering (20)

Resilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate ChangeResilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate Change
 
Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systems
 
Performance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawPerformance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability Law
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems
 
slides.08.pptx
slides.08.pptxslides.08.pptx
slides.08.pptx
 
Requirement Engineering for Dependable Systems
Requirement Engineering for Dependable SystemsRequirement Engineering for Dependable Systems
Requirement Engineering for Dependable Systems
 
Resisting to The Shocks
Resisting to The ShocksResisting to The Shocks
Resisting to The Shocks
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
 
European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...
 
Why resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudesWhy resilience - A primer at varying flight altitudes
Why resilience - A primer at varying flight altitudes
 
Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]Risk [Failed failsafe] v Resilience [Safe to fail]
Risk [Failed failsafe] v Resilience [Safe to fail]
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
 
Resilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix worldResilient service to-service calls in a post-Hystrix world
Resilient service to-service calls in a post-Hystrix world
 
Reliability Engineering and Terotechnology
Reliability Engineering and TerotechnologyReliability Engineering and Terotechnology
Reliability Engineering and Terotechnology
 
PACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best PracticesPACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best Practices
 
Comp8 unit9a lecture_slides
Comp8 unit9a lecture_slidesComp8 unit9a lecture_slides
Comp8 unit9a lecture_slides
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineering
 
Fault tolerance
Fault tolerance Fault tolerance
Fault tolerance
 

Mehr von Caltech

Career Development Tips for Business Analysts
Career Development Tips for Business AnalystsCareer Development Tips for Business Analysts
Career Development Tips for Business Analysts
Caltech
 
Systems Thinking: Applications to Space Systems
Systems Thinking: Applications to Space SystemsSystems Thinking: Applications to Space Systems
Systems Thinking: Applications to Space Systems
Caltech
 
Why Can't Johnny Improve?
Why Can't Johnny Improve?Why Can't Johnny Improve?
Why Can't Johnny Improve?
Caltech
 
Leading Change without Authority
Leading Change without AuthorityLeading Change without Authority
Leading Change without Authority
Caltech
 
Rightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project SuccessRightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project Success
Caltech
 

Mehr von Caltech (10)

Career Development Tips for Business Analysts
Career Development Tips for Business AnalystsCareer Development Tips for Business Analysts
Career Development Tips for Business Analysts
 
Systems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial IntelligenceSystems Engineering: An Enabler for Artificial Intelligence
Systems Engineering: An Enabler for Artificial Intelligence
 
Systems Thinking: Applications to Space Systems
Systems Thinking: Applications to Space SystemsSystems Thinking: Applications to Space Systems
Systems Thinking: Applications to Space Systems
 
Why Can't Johnny Improve?
Why Can't Johnny Improve?Why Can't Johnny Improve?
Why Can't Johnny Improve?
 
Identifying and Overcoming Roadblocks to Change
Identifying and Overcoming Roadblocks to ChangeIdentifying and Overcoming Roadblocks to Change
Identifying and Overcoming Roadblocks to Change
 
Inttoducing and Sustaining Change
Inttoducing and Sustaining ChangeInttoducing and Sustaining Change
Inttoducing and Sustaining Change
 
Leading Change without Authority
Leading Change without AuthorityLeading Change without Authority
Leading Change without Authority
 
Methods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
Methods to Sustain the Change: Measurment Systems, Rewards, and ReinforcementMethods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
Methods to Sustain the Change: Measurment Systems, Rewards, and Reinforcement
 
Core Skills for Change Agents
Core Skills for Change AgentsCore Skills for Change Agents
Core Skills for Change Agents
 
Rightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project SuccessRightsizing your Process: How to Balance Affordability and Project Success
Rightsizing your Process: How to Balance Affordability and Project Success
 

Kürzlich hochgeladen

Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
jaanualu31
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 

Kürzlich hochgeladen (20)

AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 

Resiliency in Systems Engineering

  • 1. ©Caltech https://ctme.caltech.edu Resiliency in Systems Engineering Prepared for C-NO INCOSE Chapter – 18 August 2020 Rick Hefner, Ph.D. California Institute of Technology Center for Technology and Management Education rhefner@caltech.edu, 626.395.4043 Resiliency in SE | Hefner 1
  • 2. ©Caltech https://ctme.caltech.edu Background  Resilience is the ability to provide required capabilities in the face of adversity - any condition that may degrade the desired capability of a system  This presentation will discuss the characteristics of a resilient system and its supporting design techniques  Presentation is based on Systems Engineering courses at Caltech Center for Technology and Management Education, https://ctme.Caltech.edu 2Resiliency in SE | Hefner
  • 3. ©Caltech https://ctme.caltech.edu Resilience  Resilience is the ability to provide required capability in the face of adversity  Adversity is any condition that may degrade the desired capability of a system • Environmental sources • Normal failure • Human sources - malicious or accidental Can the corporate network function effectively under:  Flood, earthquake  Failure of any component  Human error in configuration  Cyber attack Resiliency in SE | Hefner 3
  • 4. ©Caltech https://ctme.caltech.edu Resiliency Emerging as a Major Design Consideration 4Resiliency in SE | Hefner What is Resiliency Engineering?, Kazuo Furuta
  • 5. ©Caltech https://ctme.caltech.edu Resiliency Challenges are Amplified in Systems of Systems  Systems acquired at different times, from different providers  Total system not designed top-down, so emergent behaviors may be unknown  Impact of individual failures of system performance 5Resiliency in SE | Hefner
  • 6. ©Caltech https://ctme.caltech.edu Framing the Resiliency Problem  The capability(s) of interest (note: a system may deliver several capabilities each of which may have different levels of resilience) • The measure(s) (and units) of the capability(s) • The target value(s) of the capability(s), perhaps by level (e.g., nominal, degraded mode, minimum useful, objective, threshold, etc.).  System modes of operation (e.g., operational, training, exercise, maintenance, update…)  The adversity(s) being considered for this resilience scenario • The ways that the adversity(s) affect(s) the system and how the system reacts in terms of its ability to deliver capability • The timeframe of interest  The required resilience (performance) of the capability in the face of each identified resilience scenario • E.g., expected availability, maximum allowed degradation, maximum length of degradation, etc. • Note there may be several resilience goals (e.g., threshold, objective, As Resilient as Practicable (ARAP)) 6Resiliency in SE | Hefner System Resilience, sebokwiki.org
  • 7. ©Caltech https://ctme.caltech.edu Types of Disruptions Type A – A disruption of input • An unexpected or unknown (to the designer) phenomenon • NY twin towers attack • Tacoma Narrows bridge • A change in environment • Katrina hurricane and flood Type B – A degradation in function, capability or capacity • Software error • Human error (in the system) • Nagoya • Metrolink 111 • Component failure • Challenger • Interaction Between Components • Helios 522 • Mars Polar Lander Resiliency in SE | Hefner 7
  • 9. ©Caltech https://ctme.caltech.edu Means of Achieving Resilience  Avoiding – Keep the adversity from happening or from effecting the system • E.g., shielding, hardening  Withstanding – Accept the adversity’s impact but continue operating despite it (perhaps at a reduced level) • E.g., redundancy  Recovering – Accept the adversity’s impact and reconfigure afterwards to continue operating • E.g., serviceable system  Evolving and adapting – Sense the approaching adversity and adjust over time to lessen/eliminate it’s impact • E.g., failure detection System Resilience, sebokwiki.org 9Resiliency in SE | Hefner
  • 10. ©Caltech https://ctme.caltech.edu Attributes of a Resilient System Robustness • Ability of a system to withstand a threat in the normal operating state Adaptability • Ability of a system that allows it to restructure itself in the face of a threat Tolerance • Ability of a system that allows it to degrade gracefully following an encounter with adversity Integrity • Property of being whole or cohesive Jackson, S., & Ferris, T. (2013). Resilience Principles for Engineered Systems. Systems Engineering, 16(2), 152-164. doi:10.1002/sys.21228. Resiliency in SE | Hefner 10
  • 11. ©Caltech https://ctme.caltech.edu Robustness Ability of a system to withstand a threat in the normal operating state Design techniques:  Absorption – Withstand a disturbance without a fundamental breakdown in the system’s performance or structure  Physical redundancy – Two or more independent and identical components to perform critical tasks  Functional redundancy – Two or more different ways to perform a critical task Resiliency in SE | Hefner 11
  • 12. ©Caltech https://ctme.caltech.edu Adaptability Ability of a system that allows it to restructure itself in the face of a threat Design techniques:  Restructuring  Human in the loop  Complexity avoidance – System no more complex than required  Drift correction – System senses an approaching failure and takes corrective/ preventative action Resiliency in SE | Hefner 12
  • 13. ©Caltech https://ctme.caltech.edu Tolerance Ability of a system that allows it to degrade gracefully following an encounter with adversity Design techniques:  Modularity – Functionality is distributed through multiple nodes, so if one node is damaged, others continue to function  Loose coupling – Events in various elements can occur independently  Neutral state - System is put into neutral state, if possible, following a disruption  Reparability – System can be brought to partial or full capability, over a specified period of time, in a specified environment  Defense in depth – Two or more ways to address a vulnerability Resiliency in SE | Hefner 13
  • 14. ©Caltech https://ctme.caltech.edu Integrity Property of being whole or cohesive (acting as a unified whole in the face of a threat) Design techniques:  Internode interaction – Every node, or element, of a system should be capable of communicating, cooperating, and collaborating with every other node  Reduce hidden infrastructures – Potentially harmful interactions between nodes of the system are reduced Resiliency in SE | Hefner 14
  • 15. ©Caltech https://ctme.caltech.edu Other Perspectives Engineering techniques  adaptive response  analytic monitoring  coordinated defense  deception  distribution  detection avoidance  diversification  dynamic positioning  dynamic representation  effect tolerance  non-persistence  privilege restriction Objectives  Adapt  Anticipate  Understand  Disaggregate  Prepare  Prevent  Continue  Constrain  Redeploy  Transform  Re-architect  proliferation  protection  realignment  reconfiguring  redundancy  replacement  segmentation  substantiated integrity  substitution  threat suppression  unpredictability Brtis, J. S., and McEvilley, M. A. (2019). Systems Engineering for Resilience, MITRE Technical Report Resiliency in SE | Hefner 15
  • 16. ©Caltech https://ctme.caltech.edu System Resilience Relationships Resiliency in SE | Hefner 16
  • 17. ©Caltech https://ctme.caltech.edu Summary  System engineers must increasingly consider resiliency in designing systems  Multiple design principles exist – selecting and applying the right one(s) requires experience and judgement 17Resiliency in SE | Hefner