Resilience Modeling
Lead Author: Ken Cureton, Contributing Authors: John Brtis, Scott Jackson, Tim Ferris, Ivan Taylor
Resilience modeling is an emerging topic in digital engineering (DE), model-based systems engineering (MBSE), and artificial intelligence/machine learning (AI/ML). Systems Engineers and developers need to identify, characterize, and accomplish trade-offs regarding cost, schedule, performance, and quality characteristics (including resilience) over the life cycle of a system. If system resilience could be accurately modeled, then quantitative (or at least qualitative) metrics could be used to evaluate a system’s resilience characteristics (e.g., via a digital twin). However, no single methodology is accepted for resilience modeling of simple, complicated, or complex systems. This section examines a few potential (and evolving) modeling techniques that practitioners of resilience engineering could use.
Overview
Definition
A system resilience model represents a selective abstraction of a system to provide the required capability when facing adversity within the system and its environment. This definition of a resilience model is limited to human-made systems containing software, hardware, humans (e.g., socio-technical, organizational), infrastructures, concepts, and processes.
Potential Resilience Metrics
Please refer to the Resilience Metrics description in the “System Resilience” section.
Modeling, Measuring, & Evaluating System Resilience
Formal Methods of Constructing Models for Systems Resilience—Resilience Contracts
Madni, Erwin, & Sievers (2020) proposed resilience contracts (RCs) as an upgrade to the widely used Contract-Based Design (CBD) approach. They observed that traditional methods like Büchi automatons and Linear Temporal Logic (LTL) work for systems that behave predictably. However, many modern systems do not always behave predictably. To handle this, an RC is a mathematical model that extends CBD to account for uncertainty and unpredictability.
An RC is a mixed model that uses fixed rules and flexible assertions and is represented as a Partially Observable Markov Decision Process (POMDP). A POMDP is a special form of a Markov decision process that deals with situations where some states and transitions are not directly observable.
RCs add flexibility to deterministic contracts for systems with random elements by repeatedly checking the environment and system status, choosing the best actions to achieve a goal, and executing those actions. After each action, the system’s environment and health are reassessed. The planning function then decides whether to continue with the current plan if the actions are effective or to make changes if they are not.
Application of System Dynamics
System dynamics is suitable for resilience modeling because it captures behavior over time, and resilience takes a behavior over time perspective, as shown in Figure 1 (from the System Resilience article, reproduced below). As with other types of modeling, one of the primary values of system dynamics modeling is that it can be used to build a shared understanding of the issues for all stakeholders.
In this regard, system dynamics’s long tradition of participatory model building can be uniquely valuable (Herrera & Kopainsky, 2020). These group model building activities produce causal loop diagrams, which demonstrate the feedback structure in a system in which a change in one component can ripple through the other connected components in the design and return to the original part in a reinforcing way that can lead to catastrophic failure or in a balanced way that can lead to stability and recovery from adversity.
Archetypes are another qualitative tool used in system dynamics modeling (Onyekachi, Onyeagoziri, & Ryan, 2021). In archetypes, a small set of models can examine many behavior types. In terms of resilience modeling, archetypes evaluate the feedback loops in the system that lead to both intended and unintended consequences in behavior where often the unintended consequences are not foreseen when the system is designed.
Quantitative system dynamics models have been applied to resilience modeling (Iturriza et al., 2017; Yabe et al., 2021). In this case, a highly interconnected system of first-order linear differential equations is solved using numerical methods (Radzicki & Taylor, 1997). There are two types of quantitative system dynamics models: exploratory models, which are based on theoretical behavior of a system (Taylor & Willett, 2024), and calibrated models, which use historical time-series data to estimate the model parameters (Taylor & Hossain, 2024).
Software tools can be used to build interactive models applied to resilience modeling (Iturriza et al., 2017). Using interactive models, system engineers could experiment in a virtual environment to test procedures to improve the system’s Resilience under conditions that are not economical or even possible in real life.
A system's response to adversity can be analyzed using quantitative system dynamics to determine the effectiveness of the resilience processes. This is effective in learning about the impact of natural disasters on critical infrastructure (Yabe et al., 2021).
Caveats Regarding Resilience Models
Misusing models can lead to problems. It is therefore essential to use a model only for its intended purpose. Modelers must ensure the model is suitable for this purpose, check that all assumptions are valid, and ensure that no constraints are violated.
Neches & Madni (2013) suggest that modeling tools and languages should align with their intended use. Sometimes, modelers must use different tools or languages, which can cause compatibility issues. Because of this, multiple models need to be developed and made to work together, as models must cover various disciplines, aspects, and phenomena. Modelers must also create and manage different models, such as executable, depictional, and statistical models, and multiple categories, including device and environmental physics, communications, sensors, effectors, software, and systems.
Model Analysis with Consideration of Constraint Theory
Friedman & Phan (2017) point out that models face typical “well-posed” problems in mathematics. Modelers must check whether complex models are internally consistent and whether the requested calculations are mathematically allowable.
Complex models, especially those created by diverse teams, often have internal inconsistencies. Even if a model is consistent, many possible calculations might not be allowable due to over-constrained computational sets, with too many input values for the equations. On the other hand, under-constrained calculations, with too many equations and not enough values, can lead to unclear or undefined results.
Most models of complex systems include tight interaction loops called Basic Nodal Squares (BNS), which form the “kernel of intrinsic constraint.” These models often have more extensive, nested interaction loops important for emergent behavior and attributes of Resilience such as adaptability, flexibility, and handling disruptions.
When computational requests that are not allowed are made on models, it often leads to incorrect predictions.
References
Works Cited
Brtis, J.S. 2016. “How to Think About Resilience in a DoD Context: A MITRE Recommendation”. MITRE Corporation, Colorado Springs, CO. MTR 160138, PR 16-20151.
Friedman, G.J & Phan, P., “Constraint Theory – Multidimensional Mathematical Model Management” Second Edition, ISBN 978-3-319-54791-8. Springer International Publishing AG 2005, 2017
Herrera, H. & Kopainsky, B. (2020) “Using system dynamics to support a participatory assessment of resilience,” Environment Systems and Decisions 40:342–355.
Iturriza, M., Abdelgawad, A.A., Labaka, L., Radianti, J., Sarriegi, J.M., & Gonzalez, J.J. (2017). “Smart mature resilience system dynamics based interactive learning environment: a beta version,” International Journal of Safety and Security Engineering, Vol. 7, No. 3 367–379
Madni, A.M., Erwin, D., & Sievers, M. “Constructing Models for Systems Resilience: Challenges, Concepts, Formal Methods, and Illustrative Examples”, MDPI Systems, 2020, 8,3; doi:10.3390/systems8010003.
Neches, R. & A.M. Madni. 2013. “Towards affordably adaptable and effective systems”. Systems Engineering, 16: 224-234. doi:10.1002/sys.21234.
Onyekachi J. Onyeagoziri, C.S., & Ryan, T. (2021) “A system dynamics approach for understanding community resilience to disaster risk,” Jàmbá: Journal of Disaster Risk Studies 13(1), a1037, https://doi.org/10.4102/jamba.v13i1.1037
Radzicki, M.J. & Taylor, R.A. (1997) “Introduction to System Dynamics: A Systems Approach to Understanding Complex Policy Issues”. US Department of Energy. https://web.nmsu.edu/~lang/files/mike.pdf
Taylor, I.W. & Willett, K.D., “Modeling Cybersecurity Operations for Enhanced Security”, 34th INCOSE International Symposium, Dublin, Ireland, 2-6 July 2024.
Taylor, I.W. & Hossain, N.U.I., “A System Dynamics Model of Organizational Resilience,” 34th INCOSE International Symposium, Dublin, Ireland, 2-6 July 2024.
Uday, P. & K. Morais. 2015. “Designing Resilient Systems-of-Systems: A Survey of Metrics, Methods, and Challenges”. Systems Engineering. 18(5): 491-510.
Willett, K. D. &Taylor, I., (2022) “Security Modeling and Simulation”, in Handbook of Security Science, Masys, A.J. (ed.), Springer Nature Switzerland AG https://doi.org/10.1007/978-3-319-91875-4_65
Primary References
INCOSE. 2015. Systems Engineering Handbook, a Guide for System Life Cycle Processes and Activities. New York, NY, USA: John Wiley & Sons.
Hollnagel, E., Woods, D. D., & Leveson, N. (Eds.). 2006. Resilience Engineering: Concepts and Precepts. Aldershot, UK: Ashgate Publishing Limited.
Additional References
Brtis, J.S. & M.A. McEvilley. 2019. Systems Engineering for Resilience. The MITRE Corporation. MP 190495. Accessed April 2, 2021. Available: https://www.researchgate.net/publication/334549424_Systems_Engineering_for_Resilience
Hollnagel, E., Woods, D. D., & Leveson, N. (Eds.). (2006). Resilience Engineering: Concepts and Precepts. Aldershot, UK: Ashgate Publishing Limited.
INCOSE. 2015. Systems Engineering Handbook, a Guide for System Life Cycle Processes and Activities. New York, NY, USA: John Wiley & Sons.
Jackson, S., S.C. Cook, & T. Ferris. 2015. A Generic State-Machine Model of System Resilience. INCOSE Insight. 18(1):1 4-18. Accessed April 2, 2021. Available: https://onlinelibrary.wiley.com/doi/10.1002/inst.12003
Jackson, S., & Ferris, T. (2013). “Resilience Principles for Engineered Systems.” Systems Engineering, 16(2): 152-164.
Jackson, S., S.C. Cook, & T. Ferris, T. “Towards a Method to Describe Resilience to Assist in System Specification.” Proceedings of the INCOSE International Symposium.
Jackson, S. 2016. Principles for Resilient Design - A Guide for Understanding and Implementation. Accessed April 30, 2021. Available at https://www.irgc.org/irgc-resource-guide-on-resilience
Jackson, S. & T. Ferris. 2013. “Resilience Principles for Engineered Systems.” Systems Engineering. 16(2): 152-164. doi:10.1002/sys.21228.
Jackson, S. & T. Ferris. 2016. Proactive and Reactive Resilience: A Comparison of Perspectives. Accessed April 2, 2021. Available: https://www.academia.edu/34079700/Proactive_and_Reactive_Resilience_A_Comparison_of_Perspectives
Madni, A. & S. Jackson. 2009. “Towards a conceptual framework for resilience engineering.” IEEE Systems Journal. 3(2): 181-191.
Madni, A. & S. Jackson. 2009. “Towards a conceptual framework for resilience engineering.” IEEE Systems Journal. 3(2): 181-191.
Rechtin, E. 1991. Systems Architecting: Creating and Building Complex Systems. Englewood Cliffs, NJ: CRC Press.
Yabe, T., Suresh, P., Raoa, C. & Ukkusuri, S.V. (2021) “Resilience of Interdependent Urban Socio-Physical Systems using Large-Scale Mobility Data: Modeling Recovery Dynamics,” Sustainable Cities and Society 75(6):103237 DOI: 10.1016/j.scs.2021.103237