Formal Approaches to the Ontology & Epistemology of Resilience

Abstract

Security Science requires reflection on its foundational concepts. Our contention is that in order to make informed decisions about trade-offs with respect to resilient properties of systems we must first precisely characterize the differences between the mechanisms underlying valuable functions, those functions themselves, and the conditions underlying the persistence of the systems in question.

In practice, we recognize that some systems are more fragile than others. Clearly, some communities, cultural practices, or corporations are more susceptible to disruption than others. Common sense can only guide judgments about resilience in a very narrow range of cases. Common sense and experience tells us, for example, that a book club is likely to be a more fragile community than a scout troop. But beyond a very informal qualitative feel for the distinction between more or less resilient systems, common sense intuitions are likely to fail to serve as a good guide to what is and isn’t resilient.

We are sometimes surprised in dramatic ways. The Soviet Union was far less robust than the intelligence community in the United States had thought in the 1980s, but the global financial system was far more robust than many had expected in 2008.

A system or network can be resilient either by being difficult to destroy or by being able to recover from attacks quickly. Resilient institutions like, for example, Oxford or Cambridge Universities, the Catholic and Eastern Orthodox churches, or long lasting Japanese or Dutch business enterprises have persisted for centuries or millennia through dramatic shocks and direct attacks. The resilience of these systems resists easy explanation. Security Science has focused on network-based measures of resilience. This is a valuable formal approach, but its range of application is narrower than the general problem requires. In order to make progress on these questions, a broader theoretical approach is required and we will need to call on a range of other formal and informal methods.

When we say that a system persists, we can mean a variety of things. If we consider an electrical power system or a communications network, for example, our initial evaluation of persistence might involve deciding whether or not the system continues to function. Is the grid continuing to deliver power where it is needed? Is it still possible to send and receive messages reliably through the communications network? This is a functional account of the individuation of systems. The functional account is foundational to contemporary thinking in the science of security. While it is an intuitively sensible and pragmatically grounded way of thinking about systems, it does not shed light on the question of resilience. Functions are also difficult to capture in a purely network theoretic strategy for reasons that this research group will explore and explain.

Resilience is certainly tied to function in important ways. If what we value about a communications network is its functional properties, we are likely to think it more resilient if it continues to perform its functions reliably. While pragmatic considerations are important, conditions for persistence or individuation are not properly understood in terms of our pragmatic preferences with respect to the functional properties of systems. The fact that it is important to us that the network functions in accordance with our interests is distinct from the question of what it is that makes the network resilient. We might have, for example, an invulnerably resilient network with less than ideal functionality. As we decide on trade-offs in the context of security, it is necessary to understand distinctions of this kind.

Philosophers have tackled the problem of determining the correct approach to ontological questions (questions about the nature of the kinds of things that exist) and can shed light on many of the questions concerning resilience. Not only are many philosophers familiar with the graph theoretic foundations of network theory, but they are also used to dealing with questions concerning persistence using techniques from modal logic and category theory. More importantly, philosophers are used to recognizing distinctions in these domains that others often miss.

It is the contention of this group, for example, that excessive attention to abstract functional level descriptions can potentially distract us from other aspects of systems that contribute to resilience and are important to defend.

In order to understand why some systems are resilient and others are not we propose to apply existing work in philosophy of science and metaphysics. Successful completion of this research effort will result in principled and formally tractable ways to think about the differences between:

Conditions for the individuation of systems
Conditions for the identification of systems
Properties that contribute to the persistence of systems
Properties that contribute to the functional reliability of systems

John Symons

Dr. Symons is a professor of philosophy at KU and a member of The Academic Center for Biomedical and Health Humanities (HealthHum). His current work is centered in philosophy of technology with ties to formal epistemology, philosophy of psychology, and metaphysics of emergence.

As Director of the Center for Cyber-Social Dynamics, Dr. Symons engages in the interdisciplinary and cross-cultural study of the relationship between internet and data-driven technologies and society, politics, and culture in order to help our communities to mindfully and ethically shape technologies to promote human flourishing.

Performance Period: 01/01/2018 - 01/01/2018

Institution: University of Kansas

Sponsor: National Security Agency