strengthening critical infrastructure resilience by ... also kahan 2013; mccreight 2014) this...
TRANSCRIPT
1
STRENGTHENING CRITICAL INFRASTRUCTURE RESILIENCE BY IDENTIFYING AND REDRESSING RECURRING GAPS AND SYSTEMIC BARRIERS:
LESSONS FROM A CROSS-CASE ANALYSIS AND SYNTHESIS OF THE U.S. DEPARTMENT OF HOMELAND SECURITY
REGIONAL RESILIENCY ASSESSMENT PROGRAM
A dissertation presented
by
Russell E. Bowman
to The School of Public Policy and Urban Affairs
In partial fulfillment of the requirements for the degree of Doctor of Philosophy
in the field of
Law and Public Policy
Northeastern University Boston, Massachusetts
April, 2016
2
STRENGTHENING CRITICAL INFRASTRUCTURE RESILIENCE BY IDENTIFYING AND REDRESSING RECURRING GAPS AND SYSTEMIC BARRIERS:
LESSONS FROM A CROSS-CASE ANALYSIS AND SYNTHESIS OF THE
U.S. DEPARTMENT OF HOMELAND SECURITY REGIONAL RESILIENCY ASSESSMENT PROGRAM
by
Russell E. Bowman
ABSTRACT OF DISSERTATION
Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Law and Public Policy
in the College of Social Sciences and Humanities of Northeastern University
April, 2016
3
Abstract
This dissertation explores the concept of disaster “resilience” in the context of homeland
security, in general, and critical infrastructure, in particular, as assessed at local and regional
levels. It features two related, but distinct research foci: (1) identifying and exploring recurring
“resilience gaps,” and (2) identifying and exploring systemic barriers that allow such gaps to
emerge, or to persist. It employs content analysis and cross-case synthesis of 33 in-depth case
studies generated by the Department of Homeland Security’s Regional Resiliency Assessment
Program (RRAP). In so doing, this research also explores the ability of – and challenges with
using – the concept of resilience as an operational construct for reducing “all hazards” risk and
improving homeland security more broadly.
Building on the work of those who study the resilience of communities and critical
infrastructure assets and systems, especially with respect to their interaction with the
communities and larger systems within which they are situated, this dissertation validates prior
research by applying similar analyses to “new” data (i.e., the RRAP case studies). In brief, the
RRAP data suggest that four recurring resilience gaps exist across many, if not most,
infrastructure sectors and geographic regions. Specifically, these include: (1) a dependence on
energy, aggravated by an insufficiency or complete absence of back-up power systems; (2) the
fact that response and recovery plans and planning seldom include all relevant stakeholders
necessary to address known hazards in a comprehensive manner; (3) the presence of numerous
single or critical points of failure; and (4) a related lack of redundancy, insufficient system
capacity, or both, that diminishes the resilience of many infrastructure systems.
Additionally, this dissertation’s analysis of 33 RRAP Resiliency Assessments affirms the
prevalence of five systemic barriers to improving resilience: (1) the nation continues to face
4
significant shortcomings in emergency response and recovery coordination efforts at the regional
and cross-regional levels; (2) there is a widespread lack of visibility or understanding of how
critical infrastructure components are inter-connected and how systems are dependent or
interdependent on one another; (3) there is a dearth of important critical infrastructure
information (beyond dependencies and interdependencies) that is available to cognizant
authorities and operators – either because they do not understand why they should seek or insist
on gaining access to information that would resolve certain “unknowns,” or because those in
possession of relevant information are reluctant to share it; (4) there are insufficient incentives
(and funding, in particular) for investing in resilience; and, (5) efficiency is often valued over
ensuring continuity of function.
Drawing on these findings, this work explains how there is clear benefit to adopting a
systems-based, function-focused view of resilience that is hazard-agnostic. It also suggests the
importance of further study concerning the barriers that underlie resilience gaps to facilitate
broader understanding of the challenges we face, and proposes a framework for divining and
analyzing linkages between common gaps and barriers. In closing, this dissertation suggests
ways to further exploit the DHS program that is the focus of this research, the necessity of
sharing subsequent DHS Resiliency Assessments more widely, and the related need to make the
RRAP data on which the program’s assessments are based more accessible to researchers.
5
Acknowledgements
Like the dependencies and interdependencies noted in many of the infrastructure systems
studied in this research, this dissertation is closely intertwined with the work of many others, and
dependent on the insight and assistance of parties too numerous to mention. That said, I wish to
recognize several individuals without whom the present work would not have been possible.
First, I wish to thank Dr. Stephen Flynn, whose vision, mentorship, and longstanding
passion for improving national resilience continue to inspire my efforts. Second, I am indebted
to Dr. Matthias Ruth, Director of the School of Public Policy and Urban Affairs; and Dr. David
Alderson, Director of the Naval Postgraduate School’s Center for Infrastructure Defense; for
their patience, invaluable guidance, and timey and candid feedback throughout the research
process underlying this work. I owe a similar debt of gratitude to my colleagues at the U.S.
Coast Guard Academy whose staunch support, which included ensuring the time and space
needed to think and write, enabled me to aggressively pursue this research. I also extend a
special thank you to Ms. Jamie Richards, Mr. Daniel Genua, Mr. William McNamara, Mr. Caleb
Slaton, Mr. Duane Verner, and the entire RRAP team at DHS and at Argonne National
Laboratory, on whose work the present effort builds. Finally, and most importantly, I wish to
publicly thank my wife Sarah, daughter Sadie, and son Cooper, whose unfailing love and support
provide the rock-solid foundation on which all else is built.
While each of the aforementioned individuals influenced this work, the views expressed
herein are mine, and mine alone. They should not be construed as official, or as reflecting the
views of the U.S. Coast Guard Academy, the U.S. Coast Guard, or the Department of Homeland
Security.
6
Table of Contents Abstract ..............................................................................................................................2 Acknowledgements ................................................................................................................5 Table of Contents ...................................................................................................................6 Chapter 1: Introduction - The Rise of “Resilience” ...............................................................7 Chapter 2: Literature Review - Defining and Assessing Resilience ......................................17 Chapter 3: Research Design and Analytical Methods ...........................................................54 Chapter 4: Results of RRAP Case Coding and Analysis .......................................................83 Chapter 5: Conclusions, Areas for Future Research, Broader Implications ..........................135 Appendix A: Northeastern Institutional Review Board Documentation ..............................169 References ..............................................................................................................................173
7
Chapter 1
I. Introduction
Disasters – such as hurricanes and other extreme weather events, wildfires, oil and
hazardous chemical spills, pandemics, intentional acts of terrorism – are increasing in both
frequency and complexity (OECD 2003; National Academy of Sciences 2012). Superstorm
Sandy, yearly wildfires throughout California and the American Southwest, numerous recent rail
car explosions, record snowstorms, the 2014 Ebola outbreak, and the emerging Zika virus threat
immediately come to mind. As a result, crisis management, vulnerability and risk assessment,
and disaster research have deservedly received heightened political attention and intellectual
inquiry. Correspondingly, the field of disaster research has evolved substantially over the past
century.
Starting from the sociological orientation of Samuel Prince’s study of the devastating
1917 fire and explosion of the French munitions ship MONT BLANC in the Port of Halifax,
disaster research has grown to include efforts that incorporate an ever-growing variety of
perspectives (Phillips 2014; Perry 2007; Scanlon 1988). These include the study of: phases of
disaster (i.e., planning/preparation, prevention, mitigation, response, and recovery); hazard and
agent types (natural, accidental / technical, intentional); systems theory (including studies of the
built environment, physical domains, ecological systems, social networks, and the interactions
among them), system complexity (including the original “Disaster Research Center typology” for
organized disaster response1), and, increasingly in more recent years, the viewpoint of
1 What eventually came to be known as the Disaster Research Center (four part) typology was a simple means of classifying organized responses to disasters in terms of (1) the types of organizational entities involved (old or new), and (2) the types of tasks these entities were forced to undertake (regular or non regular) (Dynes 1970; Brouillette and Quarantelli 1971).
8
vulnerability and resilience (see generally Anderson, Kennedy, and Ressler 2007). These
perspectives often utilized different meanings in different disciplines for the same terms, even
within the context of just disaster research. The myriad conceptualizations of resilience, and its
utilization in the context of disaster risk reduction and homeland security more broadly, are an
important focus of this work.
Whatever the specific research orientation, longstanding collaboration among academics,
first responders and emergency managers, as well as policymakers active in the disaster field, has
led to intensive study of how humans can reduce the risk of loss posed by disasters (for a concise
background, see Cutter et al. 2008). Importantly, since Dennis Mileti’s “Disasters by Design”
(1999), attention has slowly shifted toward a more proactive orientation to preparing for “all
hazards,” including, most recently, terrorist attacks. Related initiatives, such as FEMA’s now-
defunct “Project Impact: Building a Disaster Resistant Community,” and the subsequent efforts
of the Subcommittee on Disaster Reduction (2005), further reinforced a growing disaster
resilience orientation. Accordingly, today many modern disaster research initiatives involve the
concept of disaster-resistant, resilient communities.
Relatedly, the tragic events of September 11, 2001 opened the door to greater use of
resilience in the context of national, and later, “homeland” security. As a threshold matter, it is
important to note that the term homeland security itself remains an evolving and somewhat
amorphous concept. (See, e.g., Reese 2013 noting “ten years after the September 11, 2001,
terrorist attacks, the U.S. government does not have a single definition for ‘homeland security’”;
see also Kahan 2013; McCreight 2014) This dissertation views homeland security in terms of
the five core mission areas identified by the Department of Homeland security itself: (1) prevent
terrorism and enhance security, (2) secure and manage our boarders, (3) enforce and administer
9
our immigration laws; (4) safeguard and secure cyberspace, and (5) strengthen national
preparedness and resilience (DHS 2014b). These missions are inherently, and inextricably,
interrelated.
Importantly – and perhaps as a prescient prescription for how to address the challenge of
homeland security, however construed – the 9/11 Commission dutifully noted the need to make
the country “stronger, safer, and more resilient” (National Commission on Terrorist Attacks
2004, emphasis added). As Jerome Kahan recently noted via a survey of relevant federal policy
documents since 9/11 (2015), however, the concept of resilience arguably did not “take hold” in
the homeland security realm in earnest until 2007 when the Homeland Security Council issued
its second National Strategy for Homeland Security. Therein, resilience was defined as the
ability of a given infrastructure system to “absorb the impact of an event without losing the
capacity to function,” including through the presence of redundant assets, the dispersal of key
functions across multiple service providers and flexible supply chains, or “through the protection
and physical survivability of key national assets and structures” (Homeland Security Coucil
2007, 28). Table 1-1, on the following page, provides a non-exhaustive list of subsequent policy
innovations that together illustrate the growing incorporation of “resilience” through various
aspects of homeland security policy.
With this “rise of resilience” has come a plethora of attempts to define, operationalize,
assess, and otherwise employ the concept at the community, regional, and critical infrastructure
sector-wide and individual asset levels. (Bruneau et al. 2003; Allenby and Fink 2005; Kahan,
Allen, and George 2009; Cutter, Burton, and Emrich 2010; Fisher et al. 2010; Longstaff et al.
2010; Renschler et al. 2010; Caldwell 2011; Linkov et al. 2013). Despite the growth of
resilience research, there remains little consensus on what resilience means in many specific
10
Table 1-1: The Rise of “Resilience” in Homeland Security Policy (adapted from Kahan 2015)
Date Policy Instrument Key or New Use(s) of “Resilience”
2007 (Second) National Strategy for Homeland Security
Mentioned the concept of resilience 14 times in the context of ensuring the resilience of key assets, critical infrastructure, and the economy, as well as noting the importance of ensuring “operational resilience” in the face of man-made and natural disasters. (Homeland Security Coucil 2007)
2008 DHS Strategic Plan for 2008-2012 Established the “DHS Vision” as “A secure America, a confident public, and a strong and resilient society and economy.” Also mentioned resilience six times in the context of critical infrastructure, transportation, and building “national resilience” through collaboration and partnerships (DHS 2008)
2010 National Security Strategy (NSS) The first use of “resilience” in this important policy document: “As we do everything within our power to prevent [terrorism, natural disasters, large-scale cyber attacks, and pandemics], we also recognize that we will not be able to deter or prevent every single threat. That is why we must also enhance our resilience—the ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption” (The White House 2010, 18).
2010 (First) Quadrennial Homeland Security Review (QHSR)
Set forth “The Vision for Homeland Security” as: “A homeland that is safe, secure, and resilient against terrorism and other hazards, where American interests, aspirations, and way of life can thrive” (DHS 2010a, 4).
2010 Presidential Policy Directive 8: National Preparedness (PPD-8)
Set, as its goal, “strengthening the security and resilience of the United States through systemic preparation… [for] terrorism, cyber attacks, pandemics, and catastrophic natural disasters” (The White House 2011).
2010 National Preparedness Goal (NPG)
Defined “success” as: “A secure and resilient Nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk” (DHS 2011, 1).
2012 DHS Strategic Plan for 2012-2016 Reinforced, as a key component of its “Department Mission,” “ensur[ing] resilience from disasters” (DHS 2012, 27).
2013 Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21)
(Re)defined resilience as the “ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents” (The White House 2013).
2014 (Second) QHSR Explained how national preparedness (a capacity) increases security and resilience (the desired outcome) (DHS 2014b, 72).
11
contexts, or how best to measure it (NIAC 2009; HSAC 2011; National Academy of Sciences
2012). Importantly for present purposes, few, if any, studies have attempted to synthesize the
data already gathered by those who have made initial efforts to assess the resilience of
communities and infrastructure. Moreover, few researchers have attempted to formally study the
barriers to overcoming the resilience gaps such efforts have identified (but see Flynn 2015).
This dissertation seeks to fill these voids via two areas of inquiry, which constitute the
two “focus areas” of this research. The first area of focus advances the work of the scholars who
have developed initial analytic frameworks for evaluating the resilience of infrastructure assets
and sectors, as well as communities and regions more broadly. Rather than developing and
deploying new definitions, frameworks, and metrics – as has been the focus of much resilience
research to date – this work takes a more inductive approach by conducting a comprehensive
content (secondary) analysis of existing data. Specifically, it utilizes the in-depth case studies
generated by the Department of Homeland Security’s Regional Resiliency Assessment Program
(RRAP).
According to DHS’s own description, the RRAP is
a voluntary, non-regulatory interagency assessment of critical infrastructure resiliency in a designated geographic region. Each year, the [National Protection and Programs Directorate’s (NPPD) Office of Infrastructure Protection (IP)], with input and guidance from Federal and State partners, selects several RRAPs focusing on specific infrastructure sectors within defined geographic areas and addresses all-hazard threats that could result in regionally and/or nationally significant consequences (DHS 2014c).
As of the start of the present research, DHS had completed 33 RRAP reports. Figure 1-1, on the
following page, illustrates the geographic scope of this ongoing initiative. (Each dot - or date -
represents a separate study. The line along the Southeast and Mid-Atlantic regions represents a
RRAP study of two inter-connected petroleum pipeline systems spanning 13 states. Resiliency
assessment projects for which reports were not finalized or available at the inception of this
12
research are included in this depiction.) By taking a “step back” to analyze this existing, but
largely underutilized source of information, this effort identifies and explores cross-case insights
that can be used to improve theories of resilience, and measurement thereof, for application in
the homeland security policy realm.
Figure 1-1: DHS Regional Resiliency Assessment Projects (through FY 2014)
Source: Department of Homeland Security
The second aspect of this research involves analyzing the same underlying data for a
separate, but closely related purpose. Few individuals, companies, or communities profess a
desire to be vulnerable or brittle. Yet, resilience “gaps” persist. This dissertation explores this
disconnect by building on the recent work of Northeastern University’s Center for Resilience
Studies (the Center) to identify and understand recurring barriers to resilience.
13
Based on the Center’s work to date, these include challenges arising from (1) the failure
to recognize how unprepared we are to handle foreseeable risk or to handle uncertainties; (2) the
lack of a widely accepted construct for resilience itself, or a means of measuring it; (3) the lack
of policy incentives, as well as the current presence of actual policy-based dis-incentives, for
resilience investment and improvement; and (4) impediments created by federalism and
governance structures that are often misaligned with the infrastructure and regional communities
that they seek to govern. This work attempts to validate and refine this aspect of resilience
theory with empirical evidence from a larger, more diverse set of case data (i.e., the RRAP
reports) than has been considered previously.
II. Objectives and Significance
The aforementioned research foci address two specific objectives: (1) Identify and better
understanding any recurring empirical resilience gaps that may exist within and across lifeline
critical infrastructure sectors and geographic regions. (2) Identify and better understand any
recurring empirical barriers to improving regional, and ultimately national, resilience.
Additionally, the overarching objective of this work is to further develop existing theories of
resilience. Specifically, this efforts seeks to facilitate a more complete understanding of the
ability of – and challenges with using – the concept of resilience as an operational construct for
reducing “all hazards” risk and improving homeland security more broadly.
In targeting these objectives, this effort is intended to contribute to the growing body of
resilience-related research. The core of this work is a cross-case qualitative analysis and
synthesis of data drawn from the Department of Homeland Security’s RRAP reports, heretofore
unutilized in academic research. The RRAP reports and their underlying data have been made
available – but have been largely limited – to the state, local, and private entities that participated
14
in each unique RRAP study. This dissertation involves a comprehensive content analysis of the
33 reports available at the start of this effort. By synthesizing and exploring resilience gaps and
success stories in and across regions and lifeline infrastructure sectors that have been studied in
the RRAP process from a pre-event (as opposed to the more common post-disaster) perspective,
this research is designed to expand knowledge in the developing field of security and resilience
studies. Additional academic disciplines that stand to benefit from my work include, but are not
limited to: political science, public administration, public policy studies, behavioral economics,
organizational decision-making, resilience studies, disaster sociology, security studies, and
disaster and crisis management.
III. Key Concepts
This dissertation defines the following terms as indicated below.
Disaster Resilience: “The ability [of an entity, whether an individual asset, organization,
community, region, or government] to prepare and plan for, absorb, recover from, or more
successfully adapt to actual or potential adverse events” (National Academy of Sciences 2012,
16).
Critical Infrastructure: “Systems and assets, whether physical or virtual, so vital to the
United States that the incapacity or destruction of such systems and assets would have a
debilitating impact on security, national economic security, national public health or safety, or
any combination of those matters” 42 U.S.C. § 5195(c)(2).
Lifeline (critical infrastructure) Sectors: Those infrastructure sectors that provide the so-
called “lifeline” functions of communications, energy (including electricity and fuel),
transportation, and water (including wastewater) (DHS 2013).
15
Resilience Gaps: Observable conditions – often resulting from a lack of sufficient
authority, capability, competency, capacity, partnerships, or a combination thereof – that impair
an asset’s, organization’s, community’s, region’s, or government’s ability to prepare and plan
for, absorb, recover from, or more successfully adapt to actual or potential adverse events.
Resilience gaps by definition are solvable; they can be mitigated or eliminated by undertaking
resilience enhancement measures. [It is important to note, however, that the complexity and
interdependencies of the nested systems frequently at issue are such that resilience
“improvements” for one asset or sector may negatively affect other components or systems (see
also, Woods 2015 noting that “expanding a system’s ability to handle some additional
perturbations [often] increases the system’s vulnerability in other ways to other kinds of
events”).]
Barriers to Resilience: Systemic factors (e.g., governance structures, a lack of adequate
policy-based incentives for improvement, the limitations of individual and group decision-
making) that inhibit individuals, organizations, communities, or governments from effectively
addressing resilience gaps.
Dependency: “The one-directional reliance of an asset, system, network, or collection
thereof, within or across sectors, on input, interaction, or other requirement from other sources in
order to function properly” (DHS 2013, 30).
Interdependency: A “mutually reliant relationship between entities (objects, individuals,
or groups); the degree of interdependency does not need to be equal in both directions (DHS
2013, 31)
16
IV. Research Questions and Initial Hypothesis
With these objectives and definitions in mind, this effort addresses the following specific
research questions:
I. What, if any, recurring “resilience gaps” exist within and across geographic regions, and
critical infrastructure sectors?
II. To what extent and how do these gaps differ across regions, and sectors?
III. Are there any recurring, observable barriers to addressing these gaps (i.e., to improving
regional, and ultimately national, resilience)? If so, what are they?
IV. To what extent do the presence and significance of these barriers differ across geographic
regions and critical infrastructure sectors?
V. Format
The balance of this dissertation proceeds as follows. Chapter 2 considers the “rise of
resilience” in the context of homeland security and critical infrastructure, and then reviews the
literatures for each focus area of this study, building upon the context set forth above. Chapter 3
provides an overview of the RRAP projects and data, and explains the underlying processes and
analytic techniques used in their creation. This chapter also includes a full explication of the
methodology followed in this adaptive, inductive/deductive research approach. Chapter 4
presents the analysis and ultimate findings for both focus areas of the multi-case study and cross
cases synthesis. Finally, Chapter 5 provides summative conclusions, reviews the study’s
limitations, discusses the broader implications of its results, and suggests ways to further this
research.
17
Chapter 2
As this study involves two research emphases concerning distinct aspects of the disaster
resilience of critical infrastructure – recurring resilience “gaps” within and among infrastructure
assets, sectors, and regions; and persistent barriers to overcoming them – this chapter provides
overviews of relevant literatures in separate sections as they relate to each focus area. As a
preliminary matter, though, it explores the evolution of the concept of resilience – and disaster
resilience, in particular – to provide the larger context and emerging theory within which this
effort is situated. Accordingly, the first of this chapter’s three major sections reviews the
evolution and application of resilience as a construct. The purpose in doing so is not to debate
alternative definitions of resilience. Rather, this section presents diverse definitions and
perspectives to provide an appreciation for the breadth of the concept as a prelude to discussing
how and why it is used in this study. As Longstaff et al. aptly note, “[w]hile there is still much to
debate about how to draft precise definitions of resilience and its attributes, and how to
operationalize and apply resilience concepts within each discipline, overlap in the research of
each discipline is significant enough to be instructive as to what makes systems resilient”
(Longstaff et al. 2010, 1–2; as cited in Kahan 2015).
I. The Rise of “Resilience” as a Homeland Security Imperative: The Challenge of Multiple, Conflicting Definitions
The concept of “resilience” is not new. Indeed, the idea has been incorporated and
operationalized into an ever-increasing number of fields of study and policy domains over at
least the past 50+ years (Martin-Breen and Anderies 2011). Unfortunately, mounting use of the
term variously as a theoretical construct, capability, or strategy across myriad disciplines (see
Norris et al. 2007), has brought with it confusion and debate about its meaning and usefulness in
specific contexts, including those of disaster risk reduction and homeland security (Kahan 2015).
18
Perhaps the only aspect of resilience growing faster than this diversity of definitions is the
number of ways these varied conceptualizations can be catalogued. Such definitional typologies
are themselves instructive for present purposes to the extent that they illuminate the myriad
potential applications and aspects of resilience. Accordingly, the section that follows discusses
three such classification schemes: one based on definitions arising from within distinct
disciplinary fields of study, one developed from disaster and hazards research, and a final
scheme tied to homeland security in particular. The two sections thereafter present important
perspectives on resilience drawn from separate but related literatures: resilience engineering (i.e.,
safety management systems) and organizational and supply chain management as it relates to the
continuity of business operations.
A. Three Definitional Typologies of Resilience
1. Definitions from Disciplines
In a thoroughgoing literature
review conducted for the Rockefeller
Foundation, Martin-Breen and
Anderies (2011) suggest that the
concept of resilience has developed,
and can be roughly classified, in three
(arguably overlapping) frameworks of
increasing complexity, each growing out of separate disciplinary traditions and differing units of
analysis: (1) Engineering Resilience, (2) Systems Resilience, and (3) Resilience in Complex
Adaptive Systems. In their engineering conceptualization, resilience is viewed as it relates to a
specific asset or entity, and associated definitions variously capture the notion of “bouncing back
Table 2-1: Martin-Breen and Anderies’s Frameworks of Resilience Framework Source Discipline Key Definitional Aspect(s) Engineering Resilience
Engineering Bouncing back faster after stress, enduring greater stresses, and being disturbed less by a given amount of stress.
Systems Resilience
Economics (among others)
Maintaining system function in the event of a disturbance.
Complex Adaptive Systems Resilience
Ecology The ability to withstand, recover from, and reorganize in response to crises.
19
faster after stress, enduring greater stresses, and being disturbed less by a given amount of
stress” (Martin-Breen and Anderies 2011, 5). Systems resilience – which is related to the idea of
“robustness” as used in economics, and necessarily considers a larger array of forces –
encompasses definitions that center on “maintaining system function in the event of a
disturbance” (Ibid. 2011, 7). Martin-Breen and Anderies’s third and final framework, Complex
Adaptive Systems Resilience, is grounded in the ecological tradition where resilience is best
viewed through a “system of systems” perspective in which definitions incorporate the “the
ability to withstand, recover from, and reorganize in response to crises. Function is maintained,
but system structure may not be.” (Ibid., 7). Importantly, these frameworks can be, and have
been, applied across myriad disciplines, regardless of their respective origins. As discussed
further below, the RRAP reports that serve as the primary source of data for this effort consider
the concept of resilience from both individual asset and larger systems perspectives.
Accordingly, the differences highlighted in this definitional framework are relevant for present
purposes. Ultimately, this dissertation adopts and employs a definition of resilience that
incorporates aspects of resilience from all three frameworks.
2. Definitions from a Disaster (Risk Reduction) Perspective
While Martin-Breen and Anderies’ work attempts to order definitions based on differing
scales of analysis, levels of complexity, and disciplinary perspectives; others have attempted to
structure and harmonize definitions of resilience by specific (albeit, often inter-disciplinary)
fields of study. Disaster research is an important case in point.
Unfortunately, a recent focus on resilience as a form of disaster risk reduction has not led
to agreement on what resilience means in this context. In a recent review of resilience theory
and application, the Decision and Information Sciences Division of Argonne National
20
Laboratory (Argonne) noted a “clear break in opinion concerning how resilience should be
defined” that centers on whether it is appropriate to focus on what comes after a disaster or other
disruptive event, or to include components and determinants of resilience that are also applicable
“left of boom” in the traditional phases of the disaster timeline (Carlson et al. 2012). In some
sense, intense study of, and resilience definitions skewed toward, post-event response and
recovery operations should not be surprising. Disasters and other unexpected, high-impact
events are often referred to in political science and public policy circles as “focusing events”
(Birkland 2011; 2006; see also Kingdon 2011); so labeled for their ability to generate intense
interest and action among a broad array of stakeholders and policy actors (Birkland 1997). This
phenomena ultimately affects researchers as well, who must often follow the interests of those
providing the funding necessary to conduct research. Regardless, Table 2-2, on the following
page, provides an illustrative list of disaster resilience definitions sorted by Argonne according to
this scheme.
While much of the disaster-related resilience research has been based on post-event
disaster case studies (see., e.g., NIAC 2009; HSAC 2011; National Academy of Sciences 2012;
but see Cutter, Burton, and Emrich 2010; Bruneau et al. 2003), the present effort incorporates
data from in-depth case studies assessing resilience in a more holistic, “all hazards” sense, each
gathered over a period of roughly one year, and independent of any specific adverse event(s).
Accordingly, in the current context at the very least, it is appropriate to utilize a
conceptualization of resilience that contemplates activities in both anticipation of, and in
response to, adverse events.
21
Table 2-2: Argonne’s Disaster-Related Temporal-Focus Definition Dichotomy
Resilience Definitions That Include Only “After Event” Components
Resilience Definitions That Include Both “Before” and “After Event” Components
“[T]he capacity of a system to absorb disturbance, undergo change, and retain essentially the same function, structure, identity and feedbacks” (Longstaff et al. 2010).
“[A] process linking a set of adaptive capacities to a positive trajectory of functioning and adaptation after a disturbance…” (Norris et al. 2007).
“The capacity of a system to survive, adapt and grow in the face of change and uncertainty” (Fiksel 2006).
“[T]he capacity of a system to maintain its function and structure in the face of internal and external change and to degrade gracefully when it must” (Allenby and Fink 2005).
“The ability of system to absorb changes… and still persist” (Holling 1973).
“[T]he ability to minimize the costs of a disaster, to return to a state as good as or better than the status quo ante, and to do so in the shortest feasible time… Resistance is used to mean the ability to withstand a hazard without suffering much harm. Resilience … include[s] resistance but … also include[s] the ability to recover after suffering harm from a hazard” (Gilbert 2010).
“[T]he aggregate result of achieving specific objectives in regard to critical systems and their key functions, following a set of principles that can guide the application of practical ways and means across the full spectrum of homeland security missions… The objectives (or end states) of resilience … are resistance, absorption, and restoration” (Kahan, Allen, and George 2009).
“[T]he ability to adjust to ‘normal’ or anticipated stresses and strains and to adapt to sudden shocks and extraordinary demands. In the context of hazards, the concept spans both pre-event measures that seek to prevent disaster-related damage and post-event strategies designed to cope with and minimize disaster impacts” (Tierney 2003)
3. Definitions by Homeland Security Domain
A third definitional typology that is informative for present purposes is one based on
applications of resilience to different homeland security domains. As the concept of resilience
has slowly permeated the homeland security enterprise – largely driven from the top down by the
aforementioned policy instruments – its definition has been altered to better “fit” different areas.
Leaving aside continued disagreement on what exactly these domains (or, alternatively,
“subsystems”) can and should entail – different attempts to measure resilience have utilized
divergent categorizations in doing so; several such approaches are discussed further below –
Kahan proposes a set of five areas within the homeland security arena to which resilience has
been routinely applied: individuals, infrastructure, institutions (including governance),
ecosystems, and communities. Table 2-3 provides representative definitions for each.
22
Table 2-3: Definitions of Resilience by Kahan’s Homeland Security-Related Domain
Domain Definition
Individuals The capacity of [individuals who experience stressful conditions] to withstand such experiences and recover as rapidly as feasible to a state of personal well- being and social and professional functioning. (Kahan 2015; citing Torens Resilience Institute 2015)
Infrastructure Technical and structural improvements that enable “hard” systems to withstand adverse events without functional failure and rapidly return to a level of acceptable functionality (Kahan 2015; citing Flynn 2004).
Institutions [The capacity to ensure] continuity of operations and flexibility. (Kahan 2015; citing Sheffi 2007)
Ecosystems The capacity to adapt and change to different configurations within its inherent “state of being.” (Kahan 2015; citing Gunderson, Allen, and Holling 2009)
Communities The overall ability of a community to withstand threats and hazards, continue to function, and return to a state of well-being. (Kahan 2015; citing Cutter, Burton, and Emrich 2010; Longstaff et al. 2010)
Although the RRAP reports and case studies on which this research effort is based center
on assessments of (1) “clusters”, or individual pieces, of critical infrastructure, (2) their inter-
dependencies with other infrastructure sectors and, to a slightly lesser extent, (3) their interaction
with the larger communities or regions within which they are located, this work adopts the
conceptualization of resilience, proposed by the National Academy of Sciences (NAS), that is
potentially broad enough to apply to all homeland security domains (whether Kahan’s proposed
set or another formulation), all phases of the traditional disaster timeline (i.e.,
planning/preparation, prevention, mitigation, response, and recovery), and all levels of analysis
and complexity (individual asset, systems, or whole-community complex adaptive systems).
Thus, for this work, resilience is construed as: “the ability [of an entity, whether an individual
asset, organization, community, region, or government] to prepare and plan for, absorb,
recover from, or more successfully adapt to actual or potential adverse events” (National
Academy of Sciences 2012, 16). This definition is consistent with that used by the international
23
disaster policy community (UNISDR 2011; as cited in National Academy of Sciences 2012), and
most recent federal policy documents, including Presidential Policy Directives (PPD) 8 –
National Preparedness (2011) and PPD 21 – Critical Infrastructure Security and Resilience
(2013).
At the same time, there is an argument that such a broad definition enables individuals
and organizations to classify whatever they wish as resilience and, potentially, to talk past one
another in doing so – a consideration this dissertation addresses later on. As suggested above, an
overarching objective of this effort is to assess the usefulness of this, or any, conceptualization of
resilience through study of the data utilized herein. Two other perspectives on resilience
thinking are particularly useful to this end: Resilience Engineering and supply chain management
(as contemplated in terms of the continuity of business operations more broadly). It is to these
separate but related literatures to which this dissertation now turns for additional useful
background.
B. The Resilience Engineering Perspective
Resilience Engineering represents an evolution from more traditional thinking about
incidents and accidents that focused on linear causal chains – such as the so-called Domino
model of failure (Heinrich 1931; see also Heinrich, Petersen, and Roos 1980) – and the study of
“latent conditions” that must align like the holes in a block of Swiss cheese (Reason 1990) for
systems to fail. Resilience Engineering, instead, adopts the view that failure arises from a
system’s temporary inability to cope (i.e., adapt) to real world complexity (Woods et al. 2010,
83; Hollnagel, Woods, and Leveson 2006). Viewed from this perspective, resilience is a
system’s or organization’s collective, dynamic ability (1) to know what types of disruptions to
look for (i.e., the ability to anticipate), (2) to know what functions are critical, (3) to know how
24
to respond to disruptions (to ensure continuity of system function), and (4) the ability to learn
from and adapt to the unexpected (Woods et al. 2010, 93). Importantly, resilience in this
conceptualization is not a characteristic a system “has,” but something it “does” (Hollnagel,
Woods, and Leveson 2006, 347).
To better understand how the Resilience Engineering perspective differs from other
conceptualizations already discussed, it is useful to consider Woods’s explanation of how
resilience – as a label used by “multiple observers from different disciplines” – can be thought of
as coming from one of four core “conceptual perspectives” (Woods 2015, 5). Research
undertaken from the last two of the following four approaches align better with the Resilience
Engineering view than those that precede them. The first of Wood’s fours core perspectives
views resilience as how systems rebound from disruption. Research undertaken from this
standpoint has focused on the capabilities and resources that enabled a given system to
successfully “bounce back” from some event (Woods 2015; citing Finkel 2011). The risk of this
approach, according to the Resilience Engineering view, is its over reliance on evaluating past
performance to predict adaptive capacity to future, potentially uncertain events (Woods 2015, 6).
A second core perspective essentially equates resilience with robustness: “an increased
ability to absorb perturbations” (Woods 2015, 6). Thus, under this view, a system becomes more
robust when it is able to handle a larger array of potential disruptions. Work in this area, such as
with robust control systems, however, is largely limited to where the disturbance in question is,
known, well defined, and well understood (Woods 2015, 7). The Resilience Engineering
literature, in contrast, views an adaptive capacity to cope with surprising unknowns as a key
component of resilience, which are not contemplated by the resilience-as-robustness perspective.
Another flaw of the robustness perspective is that does not adequately address the possibility that
25
increasing the ability to absorb some disruptions may simultaneously make that system more
vulnerable to other types of attacks or events (Hollnagel, Woods, and Leveson 2007, 8).
A third core conceptualization of resilience, according to Woods, is resilience as
“graceful extensibility” (a play on the more familiar “graceful degradation”), which he defines to
mean “how a system performs at or near its boundary” (2015, 7). The ability to avoid cascading
or abrupt failure (i.e., to resist being “brittle” at the designed limits of a system), especially in the
face of new and evolving threats and disruptions, is the essence of this perspective. This
conceptualization embodies the Resilience Engineering approach, as it is focuses on a given
system’s ability to predict, adapt, and learn from the unanticipated.
Relatedly, a fourth core conceptualization of resilience involves inquiry into the ability of
complex “layered networks” to manage and regulate their respective and collective adaptive
capacities (Woods 2015, 8). Research in this area seeks to divine common “architectures for
sustained adaptability” (Ibid.). As with the “resilience as graceful extensibility” perspective, this
newer line of inquiry is well aligned with the Resilience Engineering field; both seek to find
systems that ensure continuity of function – at least some critical or core function – over long
timelines and multiple iterations of change (Ibid.).
Additionally, it is important to note that in the Resilience Engineering literature, the
concept of resilience involves the ability to recognize and mange an inherent tension between
production (i.e., efficiency) pressures and the underlying need for safety (Woods et al. 2010, 95).
This perspective thus expressly incorporates a business mindset through consideration of market
forces, which other resilience paradigms consider less directly, if at all.
26
C. Supply Chain Management and the Continuity of (Business) Operations
The consideration and use of resilience in business is not, of course, limited to the safety
perspective of Resilience Engineering. Indeed, resilience, however defined, has been an
increasingly “hot topic” among top business executives for over a decade (Coutu 2002). A series
of articles in the Harvard Business Review, for example, has attempted to explain “What
Resilience Means, and Why it Matters,” (Ovans 2015); “Why Resilience is so Hard” (Snyder
2011); and why when “Surprises Are the New Normal; Resilience Is the New Skill,” (Kanter
2013). These articles, and many others like them (see, e.g., Gallardo 2013), variously propose
organizational, management, and leadership attributes of companies, and their executives, that
enable them to strive in the face of disruptions. As Coutu notes, the rise of resilience in business
circles has given birth to a new area of specialization for consulting firms; one built on the belief
that “[m]ore than education, more than experience, more than training, a person’s [or
organization’s] level of resilience will determine who succeeds and who fails” (Coutu 2002
quoting Dean Becker, president and CEO of Adaptiv Learning Systems).
Relatedly, increasingly globalized supply chains, specialized factories, centralized
distribution, increased reliance on outsourcing, reduced supplier bases, greater volatility in
demand, and related technological innovations throughout many, if not most, commercial
enterprises has driven increased attention to logistics, in general, and supply chains in particular
(Pettit, Fiksel, and Croxton 2010, 2; citing Cranfield University 2002). Definitions of what
constitutes a “supply chain” vary, but one broad conceptualization characterizes it as “the
network of companies involved in the upstream and downstream flows of products, services,
finances, and information from the initial supplier to the ultimate customer” (Pettit, Fiksel, and
Croxton 2010; citing Christopher 2011; Lambert, García-Dastugue, and Croxton 2005; and
27
Mentzer et al. 2001). The field of supply chain management, for its part, typically applies
traditional risk management processes – the steps of which typically include hazard
identification, risk assessment, selection of appropriate risk management strategies,
implementation, and review (see Manuj and Mentzer 2008; Pettit, Fiksel, and Croxton 2010, 4–
5) – for dealing with uncertainty as its relates the logistics activities of these supply chains
(Ponomarov and Holcomb 2009, 130).
Achieving resilience to supply chain disruptions (see generally, Sheffi 2007) – and
through it, a competitive business advantage – has come to be viewed as the desired end-state; a
higher priority than simply better managing risk (Christopher and Peck 2004). In this context,
resilience has been thought of as “the adaptive capability of the supply chain to prepare for
unexpected events, respond to disruptions, and recover from them by maintaining continuity of
operations at the desired level of connectedness and control over structure and function”
(Ponomarov and Holcomb 2009, 131). There is clear overlap between the theories of resilience
being advanced in the Resilience Engineering and Supply Chain Management literatures, and
with the broader conceptualization of resilience advanced by the National Academy of Sciences
with respect to disaster risk reduction. Importantly, perhaps owing to their inherent
consideration of underlying market forces, the Resilience Engineering and supply chain
perspectives provide a focus on (continuity of) function that is less prominent in many other
literatures. The importance of function as a cornerstone of resilience is a theme to which this
dissertation will return.
28
II. Identifying and Exploring Recurring Resilience Gaps: Frameworks for Assessing and Measuring2 Resilience
Utilizing the aforementioned conceptualizations of resilience as background, this
dissertation’s first area of focus seeks to develop a better understanding of any potentially
recurring empirical resilience gaps across the United States. As with the numerous efforts to
define resilience, there have been various academic attempts to operationalize it into a
measurable form. The following section details key aspects of several such initiatives
undertaken from either a whole-community or more critical infrastructure focused perspective:3
(1) Longstaff et al.’s “Building Resilient Communities: Preliminary Framework for Assessment”
(2010); (2) Cutter, Burton, and Emrich’s “Disaster Resilience Indicators for Benchmarking
Baseline Conditions” (2010); (3) Linkov et al.’s “Measureable Resilience for Actionable Policy”
(2013); (4) the Community and Regional Resilience Institute’s (CARRI) “Community Resilience
System Initiative” (2011; 2013) (5) Bruneau et al.’s “Framework to Quantitatively Assess and
Enhance the Seismic Resilience of Communities” (2003); (6) Argonne National Laboratory’s
“Resilience Index” for DHS’s Enhanced Critical Infrastructure Protection Program (ECIP)
(Fisher et al. 2010); (7) the definitions and resilience assessment techniques that come from the
risk management community, with particular attention to the work of Haimes (2006; 2009;
2011); and (8) Alderson, Brown and Carlyle’s Operational Models (using network interdiction)
of Infrastructure Resilience (2015; 2014; 2013). Additionally, while not an assessment regime,
2 The term assessment is used here to refer to qualitative efforts, while measurement is used to refer to more quantitative analyses, understanding that at some level this is a false dichotomy. 3 Efforts to study ecological resilience are a critical component of any holistic assessment of a community or region. Most conceptualizations of community resilience include ecology or the natural environmental as a key domain or subsystem. Such resilience, however, is beyond the scope of this study, as it was for all of the studies and data from which this effort will draw (see, e.g., Cutter, Burton, and Emrich 2010; purposely excluding ecological resilience for data inconsistency and lack of appropriate proxies for large and diverse areas).
29
per se, Flynn’s recent work (2015) on bolstering infrastructure resilience is important in this
context.
Importantly, it is not the intent of this research to replicate any of these frameworks or
assessment techniques. As described further in the next chapter, this dissertation utilizes an
approach and coding scheme that is both inductive and deductive to better understand resilience
gaps, and the theory of resilience (in a homeland security context) itself. The components,
domains, and subsystems of resilience; along with the indicators and operational variables
proposed and utilized in the following studies inform that process.
Longstaff et al.’s work is premised on the idea that resilience – at a community level – is
a function of resource robustness and adaptive capacity (2003, 5). Resource robustness, in turn,
is comprised of resource performance (“the level of capacity or quality at which an element or
element of a system performs an essential role”); diversity (“the different types of available
resources that perform a particular function”); and redundancy (“a quantifiable measure, or
count, of a single resource type that performs a specific function”) (2003, 5–6). Adaptive
capacity, on the other hand, is conceived of as a function of institutional memory (“the
accumulated shared experience and local knowledge of a group of people”); innovative learning
(“the ability of the group to use its information and experience to create novel adaptations to
environmental changes”); and connectedness (the internal and external links among (informal)
social and (formal) organization networks that “contribute to a community system’s ability to
exchange, store, and recall knowledge, and take collective action”) (2010, 7–8). Further, under
this proposed approach, resilience is assessed by evaluating the above elements across each of
five community subsystems: ecological, economic, civil society, governance, and physical
infrastructure (Ibid.).
30
Cutter, Burton, and Emrich (2010) provide a more quantitative take on evaluating
community resilience. In their widely cited article, they argue that composite indicators that
utilize existing governmental data can provide a useful approach for comparative analysis of
resilience at the county government community level. Their framework is based on the
proposition that disaster resilience is composed of social resilience, economic resilience,
institutional resilience (including governance), infrastructure resilience, and community capital
(the last of which they view as roughly analogous to the concept of social capital) (Ibid.).
These components are roughly equivalent, but not identical, to Longstaff et al.’s domains.
For each of these major components, the authors provide sub-components and corresponding
measurement variables. Infrastructure resilience, for example, is assessed in terms of the sub-
components, measures, and data sources noted in Table 2-4, below.
Linkov et al.
alternatively suggest that
resilience is more usefully
measured (at least, for the
purposes of making practical,
policy-based improvement
decisions) across the four
functions of resilience inherent
in the NAS definition discussed
above: (1) planning and
preparation, (2) absorption, (3)
recovery, and (4) adaptation (Linkov et al. 2013). Other measurement approaches, the authors
Table 2-4: Cutter, Burton, and Emrich’s components and measurement variables for infrastructure resilience.
Subcomponents Measure (Variable) Data Source
Housing type Percent housing units that are not mobile homes.
U.S. Census 2000
Shelter capacity Percent vacant rental units U.S. Census 2000
Medical capacity Number of hospital beds per 10,000 populations
American Hospital Directory
Access / evacuation potential
Principle arterial miles per square mile
GIS derived from National Atlat.gov
Housing age Percent housing units not build before 1970 and after 1994
City and Country Databook 2007
Sheltering needs Number of hotels/motels per square miles
County Business Patterns (NAICS) 2006
Recovery Number of public schools per square mile
Gnis.usgs.gov
31
argue, fail to consider both the management aspects of resilience contained in the planning and
adaptation functions of the definition, and the performance dimensions represented by absorption
and recovery (Ibid.) Moreover, in a departure from the above two approaches, Linkov et al.
argue that military theory – the doctrine of Network Centric Warfare, in particular – provides an
appropriate suite of domains in which resilience should be assessed. Specifically, they propose a
matrix in which resilience functions are considered across physical (i.e., “sensors, facilities,
system states, and capabilities”), information (i.e., the “creation, manipulation, and storage of
data”), cognitive (“understanding, mental models, preconceptions, biases, and values”), and
social domains. Specific metrics, they contend, should be developed for each of the 16 cells of
the resulting 4x4 assessment matrix (Ibid.). Others have adapted this framework to specific
infrastructure sectors, including the cyber domain (see e.g., Linkov and Seager 2011).
Building on a variety of efforts such as those listed above, in 2010 the Community and
Regional Resilience Institute (CARRI) – at the time a component of the Oak Ridge National
Laboratory – undertook a comprehensive initiative to build a Community Resilience System
(CRS) that would provide “a concrete course of action [to] support communities in … resilience-
building efforts” (CARRI 2011, viii). The resulting six-stage, web-enabled process was
designed so that communities could define and self-assess their respective levels of resilience,
and then collectively identify and set appropriate resilience improvements goals. The CRS is
based, at its core, on a consideration of assets, threats, gaps, and opportunities across each of 31
core community functions (i.e., the “services and qualities that collectively define a
community”), which can be divided into four major functional domains: infrastructure,
economic, social, and cross-cutting (CARRI 2011, 13, 71).
32
Notably, each of the four foregoing resilience assessment and measurement approaches
include physical infrastructure in some form. The following resilience measurement regimes
focus more on this one aspect, while acknowledging that infrastructure resilience is inextricable
interconnected with community resilience, and vice versa.
Bruneau et al. conceptualize physical and social systems resilience through four “R’s”:
• Robustness (“strength, of the ability of elements, systems, and other units of analysis to
withstand a given level of stress or demand without suffering degradation or loss”);
• Redundancy (“the extent to which elements, systems, or other units of analysis exist that are
substitutable, i.e., capable of satisfying functional requirements in event of disruption,
degradation, or loss of functionality”);
• Resourcefulness (“the capacity to identify problems, establish priorities, and mobilize
resources when conditions exist that threaten to disrupt some element, system, or other unit
of analysis”); and
• Rapidity (“the capacity to meet priorities and achieve goals in a timely manner in order to
contain losses and avoid future disruption”) (2003, 737–78)
Under their admittedly earthquake-focused, engineering-centric conceptualization of
community resilience, the “four R’s” are viewed across what have come to be called the “TOSE”
dimensions: technical, organization, social, and economic (Ibid., 738). The technical dimension
“refers to the ability of physical systems (including components, their interconnections and
interactions, and entire systems) to perform to acceptable/desired levels” (Ibid.). The
organizational dimension is “the capacity of organizations … to make decisions and take actions
that contribute to achieving …[ the four R’s outlined above] (Ibid.). The social component
includes “measures specifically designed to lessen the extent to which … communities and
33
governmental jurisdictions suffer negative consequences due to the loss of critical services”
(Ibid.). Finally, Bruneau et al.’s economic dimension encompasses “the capacity to reduce both
direct and indirect economic losses resulting from [adverse events]” (Ibid.).
In an approach similar to Bruneau et al.’s work, but intended for application across a
broader range of hazards, Argonne National Laboratory developed a Resilience Index to guide
comparative assessment of critical infrastructure assets that are part of the DHS’s Enhanced
Critical Infrastructure Protection Program (ECIP). (DHS describes the ECIP program as “a
voluntary assessment that includes (1) outreach, which establishes or enhances [the
Department’s] relationship with critical infrastructure owners and operators and informs them of
their facilities’ importance and need for vigilance; and (2) security surveys, which are conducted
by DHS protective security advisors (PSAs) to assess the overall security and resilience of the
nation’s most critical infrastructure sites.” (DHS 2014d). ECIP is an asset-focused initiative that
is distinct from the broader RRAP effort at the heart of the present study. ECIP results, however,
form an important part of the RRAP case studies as I explain in Chapter 3.)
Based in large part on the recommendations of the National Infrastructure Advisory
Counsel (NIAC 2009), Argonne’s Resilience Index is derived from measures across three key
components of resilience [which incorporate two of Bruneua et al.’s four R’s of resilience]:
robustness, resourcefulness, and rapid recovery. In the Resilience Index, robustness is defined as
“the ability to maintain critical operations and functions in the face of crisis” (Fisher et al. 2010,
6). Resourcefulness is taken to stand for the ability of those responsible for a given
infrastructure asset “to skillfully prepare for, respond to, and mange a crisis or disruption as it
unfolds” (Ibid). Rapid recovery is “the ability to return to and/or reconstitute normal operations
as quickly and efficiently as possible after a disruption” (Ibid.)
34
Bruneau et al., separate robustness, recovery, and resourcefulness into 3, 2, and 7 “major”
resilience components, respectively, (derived from the resilience components identified by
National Infrastructure Advisory Council in its 2009 recommendations for improving
infrastructure resilience), each of which is further divided, and divided again, into five
increasingly granular levels of measurement (Fisher et al. 2010, 11). Procedurally, data derived
from security surveys and stakeholder interviews provide data on which each category and level
of inquiry is scored (on a scale of 1-100). The various categories of data are weighted at each
level (by panels of relevant subject matter experts) and “rolled up” in an additive fashion to
derive the ultimate risk index score, which itself is expressed as number between 0 and 100. The
DHS Protective Security Advisors (PSAs) who deploy this index utilize multiple layers of
review and quality assurance to ensure consistency across asset evaluations. As the designers of
this system admit, an individual asset’s resilience index number can be difficult to interpret in
isolation. The strength of this approach, they contend, is in comparative assessment across
similar facilities (Fisher et al. 2010, 21).
The risk community offers additional perspectives on what resilience is and how it might
be measured (and improved). Generically, risk can be viewed as a function of: (1) the
probability of an adverse event occurring over time, and (2) the magnitude and direction (i.e.,
consequence) of any resulting effects if it does. In the context of terrorism, risk has been viewed
more specifically as a function of the probability of a threat to an entity or system with certain
vulnerabilities that can lead to specified consequences (i.e., adverse effects) on that target
(Haimes 2009, 498; Risk Steering Committee 2010). A threat, in the risk management literature,
and in the larger Homeland Security Risk Lexicon (2010), is viewed as a function of the intent of
35
an adversary to do harm, and of that same adversary’s capability (i.e., the ability and capacity, or
lack thereof) to act on that intent (Haimes 2009, 498).
Building on this general risk framework, Haimes proposes a systems-based approach to
risk, vulnerability, and resilience in which vulnerability is viewed as the “manifestation” of the
“states of the system that can be adversely affected by specific types and levels of magnitude of
threats” (Haimes 2009, 499). Resilience also represents the states of any given system over time,
but unlike vulnerability, “also represents the ability of the system to recover within an acceptable
time and composite costs and risks” (Haimes 2009, 499). Resilience then, under Haimes’ view,
is “the ability of a system to withstand major disruption within acceptable degradation
parameters and to recover within an acceptable time and composite costs and risks” (2009, 498).
To quantify resilience using this and related risk-based conceptualizations – which mirror
many aspects of the National Academy of Science’s definition of resilience discussed above –
one must consider both the magnitude of impact on the affected system’s function, and the length
of time it takes for the system to recover to an acceptable level (whether that is a pre-event or
“new normal” level of function). Importantly, under Haimes’ view, “the resilience of a system
can be measured only in terms of a specific threat (input) and the system’s recovery time and the
associated composite costs and risks” because “different attacks would generate different
consequence (output) trajectories for the same resilient system” (2009, 498; see also 2011).
Resilient systems can be characterized, in this systems-based approach, in terms of
redundancy (“the ability of certain components of a system to assume the function of failed
components without adversely affecting the performance of the system itself”) and robustness
(“the degree of insensitivity of a system to perturbation or to error in the estimates of those
parameters affecting the design choice”) (Haimes 2009, 499). Relatedly, there is increasing
36
attention in the broader risk management literature to how different investments can be made to
improve a system’s redundancy, its robustness, or both. Invariably, such investments have
different effects on resisting or reducing a potential loss in function versus shortening potential
recovery times (MacKenzie and Zobel 2015, 1). Optimizing investments to maximize the two
separate, but interrelated aspects of resilience is a burgeoning area of research.
Haimes’ approach is not without its critics as the very notion of threat-specific (or,
perhaps threat-dependent) resilience stands in tension with the idea, expressed in the Resilience
Engineering literature and elsewhere, that resilience necessarily includes the ability to react and
handle surprising unknowns. Aven and Woods, for example, point out that adaptive ability is
exactly what distinguishes resilience from simple robustness in the first place (Aven 2011;
Woods 2015).
Similar to Haimes’ systems-based perspective, Alderson, Brown, and Carlyle argue for a
shift away from thinking in terms of individual assets or components – as is implicit in many
analytic schemes. They suggest that with respect to critical infrastructure, at least, resilience can
be conceptualized as “operational resilience,” which they define as “the ability of a system to
adapt its behavior to maintain continuity of function (or operations) in the presence of
disruption” (2015, 10). Thus construed, it is often not possible, let alone appropriate, to assess
the resilience of a system without considering the system’s function as a whole – including the
system’s dependencies and interdependencies with and among its set of components and with
other systems. This is so because the importance of any given component (i.e., its contribution
to the system’s function) depends on the contribution of other components. Thus, the impact on
function (i.e., operational resilience) of a given disruption necessarily depends on which, and
how many, system components are affected. This argument aligns with that proposed by the
37
Resilience Engineering literature, discussed above, that argues we must move from thinking in
terms of failure modes of components, to thinking in terms of “concurrences” through which a
system of systems loses its dynamic stability and becomes unstable (Hollnagel 2007, 17).
Building from these observations, Alderson et al. advance a methodology that utilizes
constrained optimization-based prescriptive network flow modeling where the resilience of a
system is considered through an analysis of the effects of the loss of function of one or more
finite system component parts (agnostic to the source of disruption). Importantly, such models
can be developed based on actual system characteristics such that the loss of a set of components
is “[not] simply the sum of the consequences associated with the loss of individual components”
(Alderson, Brown, and Carlyle 2015, 6).
Flynn, in a study of Superstorm Sandy (the “post-Sandy study”) discussed in greater
detail in the last section of this chapter, furthers the focus on function through a proposed
framework for prioritizing resilience design (2015). Specifically, he suggests that the resilience
of critical infrastructure should be conceptualized in terms of elemental capacity, essential
function, and full (or normal) function. Under this trichotomy, elemental capacity is defined as
“the prerequisite system conditions that must be in place in order for the infrastructure to provide
its function to its users” (Flynn 2015, 24). Essential function is “the minimal level of function an
infrastructure needs to provide in order to meet the critical needs of its users, and to support the
infrastructure’s recovery” in the wake of disruption (Ibid., 25). Full function is that needed to
satisfy a user’s routine needs, and to ensure the economic viability of the infrastructure.
While not offered as “measures” of resilience, per se, Flynn suggests that these specified
levels of function – and through them, resilience more broadly – can be enhanced by designs that
enable one or more of five important “attributes” of resilience:
38
• Cushionability (“the capacity to support graceful degradation of non-essential function
during periods of stress”) (Flynn 2015, 24);
• Resistance (“measures that redirect a threat or hazard away from where it can cause damage
to elemental capacity or disrupt essential function”) (Ibid.);
• Robustness (“measures that harden or protect elemental capacity and essential function”)
(Ibid.);
• Redundancy (“backup systems or spare components [that] support immediate recovery of
elemental capacity and essential function”) (Ibid.); and
• Graceful extensibility (the capacity to “adapt to surprises and uncertainty associated with the
future risk environment”) (Ibid.).
Viewing the key aspects of the aforementioned approaches together, it is clear that the
current literature on resilience assessment in the community and infrastructure contexts presents
a morass of similar, yet importantly different approaches. All methodologies, however, break
resilience into component aspects that are assessed across multiple domains, or, alternatively,
levels of function. Table 2-5, on the following page, highlights these aspects, and the resulting
surface similarities and differences of these select approaches. These components, metrics, and
attributes of resilience serve at least three functions in the present effort. First, they inform the
review (and initial first-cycle coding) of the case evidence that is the subject of this study.
Second, they assist in assessing the appropriateness of various conceptualizations of resilience.
Third, they provide multiple perspectives to consider when identifying common themes (i.e.,
second-cycle coding) and challenges among and across the case data.
39
Table 2-5: Key Aspects of Select Resilience Assessment and Measurement Schemes Scheme Focus Area Components of Resilience /
Aspects of Measurement Domains of Assessment
Longstaff et al.’s “Building Resilient Communities: Preliminary Framework for Assessment” (2010)
Community Resource Robustness - resource performance - resource diversity - resource redundancy Adaptive Capacity - institutional memory - innovative learning - connectedness
Ecological Economic Civil Society Governance Physical Infrastructure
Cutter, Burton, and Emrich’s “Disaster Resilience Indicators for Benchmarking Baseline Conditions” (2010)
Community Various Composite Indicators Social Economic Institutional Infrastructure Community Capital
Linkov et al.’s “Measureable Resilience for Actionable Policy” (2013)
Community Planning and Preparation Absorption Recovery Adaptation
Physical Information Cognitive Social
CARRI’s “Community Resilience System” (2011; 2013)
Community Assets Threats Gaps Opportunities
Infrastructure Economic Social Cross-Cutting
Bruneau et al.’s “Framework to Quantitatively Assess and Enhance the Seismic Resilience of Communities” (2003)
Community / Critical Infrastructure
Robustness Redundancy Resourcefulness Rapidity
Technical Organization Social Economic
Argonne National Laboratory’s “Resilience Index” (Fisher et al. 2010)
Critical Infrastructure
Robustness - redundancy - prevention /mitigation - maintaining key function Resourcefulness - training/exercises -response - awareness -new resources - protective measures -alternative sites - stockpiles - Recovery - restoration & -coordination
Critical Infrastructure Asset
Haimes’ systems-based approach to risk, vulnerability, and resilience (Haimes 2009).
Critical Infrastructure (or other) Systems
Resilience is a measured output (vector) that is a function of a given input (threat) vector, time, and the states of the system at that time. Resilience can be further characterized by a system’s redundancy and robustness.
Threat Specific
Alderson, Brown, and Carlyle’s “Operational Models of Infrastructure Resilience” (2015; 2014; 2013)
Critical Infrastructure
Flow/capacity characteristics and interdependencies of component parts in a given infrastructure system.
Continuity and Maximization of Critical Infrastructure System Function
Flynn’s Model for “Bolstering Critical Infrastructure Resilience” (2015)
Critical Infrastructure
Cushionability Resistance Robustness Redundancy Graceful Extensibility
Elemental Capacity Essential Function Full Function
40
III. Identifying and Exploring Recurring Barriers to Enhancing Resilience
The second focus area of this research is designed to explore the presence and
characteristics of any empirically evident barriers to addressing resilience gaps. It builds on the
efforts of, among others, Northeastern University’s Center for Resilience Studies (“the Center”),
which recently undertook a multi-year, multi-sector study of the New York metropolitan region’s
planning for, response to, and recovery from Superstorm Sandy. That effort, entitled “After
Superstorm Sandy – Bolstering the Resilience of Metro-New York’s Infrastructure” included
four research concentration areas: impacts on the (1) health, (2) energy, and (3) transportation
sectors; and a consideration of (4) the presence (or absence) of economic incentives (or
disincentives) for resilience investments in each (Center for Resilience Studies 2015; Flynn
2015). Each focus area was the subject of a dedicated symposium, co-organized and hosted by
Columbia University, New York University, the Steven’s Institute for Technology, and The
Wharton School at the University of Pennsylvania, respectively. Each convening utilized
plenary sessions with panels of subject matter experts, senior policy makers, and infrastructure
executives; as well as smaller, focused break-out sessions where all participants’ insights were
captured.
The cumulative and common findings of these symposia suggest four specific barriers are
impeding progress in overcoming resilience gaps. Namely, that as a society: (1) we do not
recognize how unprepared we are to handle foreseeable risks and uncertainties; (2) we lack an
integrative approach to addressing resilience, in part because we do not know how to measure
resilience and because there is not yet consensus on how to create it; (3) there are organizational
and governance barriers to creating resilience; and (4) we do not have sufficient incentives to
create it (Flynn 2015).
41
The presence of these four barriers was affirmed by the comments of experts from across
government; various industries; standards-focused organizations, including the National Fire
Protection Association and the Insurance Institute for Business and Home Safety; academia; and
NGOs, including the American Red Cross; at the subsequent “International Resilience
Symposium,” hosted by the National Institute of Standards and Technology (NIST) (2015, 92–
103). These common barriers can also be seen, although not always as expressly, in the findings
of several major studies previously conducted by the National Infrastructure Advisory Council
(2009), the Homeland Security Advisory Council (2011), and the National Academy of Sciences
(2012). The follow sections briefly describes each initiative, presenting their respective key
findings, and how they align with the barriers identified in the post-Sandy study in Table 2-6 on
page 43.
Building on its own earlier work, in 2009 the National Infrastructure Advisory Council
(NIAC)4 undertook a “Critical Infrastructure Resilience Study” with the objective of finding
ways to better integrate the concept of resilience (and infrastructure protection) into a
comprehensive risk-management strategy for the Nation. To this end, it conducted individual
and panel interviews of numerous subject matter experts and senior executives from across an
array of infrastructure sectors. Additionally, it reviewed over 100 government and private sector
documents related to resilience practices. From these efforts, the NIAC released the five key
findings reprinted in Table 2-6.
Similarly, after “resilience” was named as one of three key components of a
comprehensive approach to ensuring “homeland security” in the 2010 Quadrennial Homeland
4 The National Infrastructure Advisory Council consists of up to 30 presidentially appointed advisors chosen from across industry, academia, and state and local government to advise the President and DHS on matters related to the security of critical infrastructure and the related information systems (DHS 2015c).
42
Security Review, DHS established the “Community Resilience Task Force” (CRTF) within the
Homeland Security Advisory Counsel (HSAC),5 and charged it with providing the DHS
Secretary “recommendations to enable the Department to establish and implement community-
based resilience policies, programs, and practices throughout the Nation” (HSAC 2011, 34). To
do so, the CRTF identified and engaged numerous subject matter experts regarding what it
viewed as two separate but interrelated aspects of resilience: that stemming from individuals and
communities; and resilience related to the built environment. Through this process, the HSAC
produced four overarching findings, plus several related to each identified sub-component.
Those HSAC findings related to the barriers noted in the post-Sandy study are incorporated in
Table 2-6, below.
Concerned about the ever-risings costs of increasingly frequent disasters – in terms of
dollars, but also in terms of social, cultural, and environmental losses – and at the request of
eight similarly concerned federal agencies, in 2011 the National Research Council created a
select committee – the Committee on Increasing National Resilience to Hazards and Disasters –
to examine how the nation deals with disasters, and to recommend improvements to that
approach. Building on a growing array of published studies, member expertise, and case studies
of various locations that had recently suffered from disaster, the committee developed and
published six actionable policy recommendations. While phrased as recommendations for
action, each can be read as implying a barrier or shortcoming that the proposed activity is meant
to overcome. All six recommendations can thus be viewed as aligning with at least one of the
“barriers” noted in the post-Sandy study, as highlighted in Table 2-6.
5 The Homeland Security Advisory Committee is composed of members representing state and local governments, first responder communities, the private sector, and academia who are selected by DHS to provide it with organizationally independent advice on homeland security policy (DHS 2015a).
43
Table 2-6: Correspondence between Flynn’s Barriers to Resilience and Key Findings of Prior Studies
Barriers & Related Key Findings
Barriers noted in the Post-Sandy
Study:
“[W]e do not recognize how unprepared we are to handle foreseeable risks or to respond to uncertainties” (Flynn 2015, 14)
“We lack an integrative approach to advancing resilience across interconnected critical infrastructure systems” (Flynn 2015, 15).
We lack appropriate frameworks for managing organizational and governance issues on a regional scale” (Flynn 2015, 17)
“We do not have adequate incentives for bolstering resilience” (Flynn 2015, 20).
Other Studies
NIAC Infrastructure Resilience Report (2009, 10)
“Because definitions of resilience vary, a common definition will help guide policy development.”
“The current policy framework for infrastructure security is fundamentally sound but could be improved to better reflect principles of resilience.”
“Current market mechanisms may be inadequate to achieve the level of resilience needed to ensure public health, safety, and security.”
HSAC Community Resilience Task Force Report
“Finding 1.4: The requisite knowledge base needed to make resilience a true foundational element for homeland security does not yet exist” (2011, 18) “Finding 2.3: Complacency is a serious threat to building and sustaining national resilience; clear communications to increase public awareness is a necessary first step, but individuals must be motivated to take action” (2011, 22)
“Finding 1.1: Resilience is not yet commonly understood by the diverse stakeholder groups upon whom progress depends” (2011, 12). “Finding 3.3: The sector-focused approach that dominates critical infrastructure planning at the federal level does not effectively support community-based resilience initiatives” (2011, 29).
“Finding 1.3: DHS activities would benefit from more effective coordination and integration as organizational components work to build the resilience foundation for homeland security” (2011, 16)
“Finding 1.2: The enhancement and sustainment of national resilience is not yet uniformly motivated by DHS via policies, programs, or investment” (HSAC 2011, 14)
NAS “Disaster Resilience: A National Imperative” Report
“Recommendation 3: A national resource of disaster-related data should be established that documents injuries, loss of life, property loss, and impacts on economic activity… [to] better understand structural and social vulnerability to disasters. (2012, 87) Recommendation 4: [DHS] in conjunction with other federal agencies, state and local partners, and professional groups should develop a National Resilience Scorecard (2012, 130).
Recommendation 2: The public and private sectors in a community should work cooperatively to encourage commitment to and investment in a risk management strategy ... (2012, 61). Recommendation 6: All federal agencies should ensure that they are promoting and coordinating national resilience in their programs and policies (2012, 194).
Recommendation 1: Federal government agencies should incorporate national resilience as a guiding principle to inform the mission and actions of the federal government and the programs it supports at all levels (2012, 205). Recommendation 5: Federal, state, and local governments should support the creation and maintenance of broad-based community resilience coalitions at local and regional levels (2012, 151).
44
Despite the convergence of findings in these resilience reports, beyond the case studies
and interviews on which the NIAC, HSAC, and NAS efforts were based, there has been little
empirical study focused on the frequency and characteristics of barriers to enhancing resilience,
especially as they may be related to and among differing regions, communities, and
infrastructure sectors. Drawing on the diverse RRAP data, this dissertation furthers this
emerging theory through a larger and more diverse set of case studies than has been previously
utilized. Through these cases this research explores subcomponents and contributing factors for
each of the four noted barriers.
As further detailed in Chapter 3, the barriers and subcomponents that are articulated in
the post-Sandy study – which are further supported and informed by the related literatures cited
herein – provide a jumping off point, and initial coding scheme, for analysis of the RRAP cases
with respect to this effort’s focus on barriers to improving resilience. The following discussion
outlines the subcomponents of each noted barrier. Thereafter, this literature review chapter
concludes with a very brief overview of the decision-making and organizational behavior
literatures that inform many of the barriers and related subcomponents considered herein.
A. Four Noted “Barriers” to Enhancing National Resilience
1. “As a nation, we do not recognize how unprepared we are to handle foreseeable risks or to respond to uncertainties” (Flynn 2015, 14).
The first barrier to advancing national resilience noted in the post-Sandy can be thought
of as incorporating four related sub-components. First, as a society we tend to overestimate our
current capabilities to deal with catastrophes and disruptions (see generally National Academy of
Sciences 2012, 31; Kahneman 2013). Second, we are generally biased toward inappropriately
discounting the risks of aging infrastructure and the leading indicators of change (see, e.g.,
Kunreuther, Michel-Kerjan, and Pauly 2013). Third, we design, build, and manage based on
45
assumptions of stationarity (i.e., that a once-in-a-100-year event will always remain a 100-year
event) when we should not (Milly et al. 2008). Fourth, our elected officials are loathe to look
for, or acknowledge, community or infrastructure risks to the extent doing so without adequate
resources to address them becomes a political liability (see generally Rabkin 2008; see also
National Institute of Standards and Technology 2015).
2. “We lack an integrative approach to advancing resilience across interconnected critical infrastructure systems” (Flynn 2015, 15).
The lack of an integrative approach to advancing resilience – a second observed barrier–
arises from the current lack of any widespread agreement on what resilience is, and how best to
measure it (as suggested in the prior portions of this literature review). This disagreement and
confusion, in turn, results in the absence of any agreed upon comprehensive, interdisciplinary,
network-of-systems-based approach to tackling this national challenge (NIAC 2009; HSAC
2011; National Academy of Sciences 2012). Advances in resilience-based engineering exist
(see, e.g., Hollnagel, Woods, and Leveson 2007), but are too often only applied within specific
disciplines and in response to limited, specific hazards (Flynn 2015, 16). In the absence of
common, performance-based standards, component-level managers of specific assets often make
decisions in the wake of a disruption that negatively impact inter-connected components and
inter-dependent systems on which they have little visibility or understanding (Ibid.).
3. “We lack appropriate frameworks for managing organizational and governance issues on a regional scale” (Flynn 2015, 17).
A third barrier to enhancing resilience arises, in part, from the fact that lifeline
infrastructures are inherently regional systems, yet our nation is largely organized to manage
them by specific sector, and through local, state, and federal constructs. This approach overlooks
the interconnectedness and interdependencies among these systems (see, e.g., Birkland and
Waterman 2008; Birkland and DeYoung 2011; Schneider 2008). This leads to “critical
46
shortcomings” in regional coordination and collaboration (Flynn 2015, 19). Moreover,
organizationally, each jurisdiction tends to “fight the last battle” or, in the present context,
prepare for, and act (often independently), based on the last disaster (Birkland 1997; Birkland
2006; Donahue and Tuohy 2006; Flynn 2015).
4. “We do not have adequate incentives for bolstering resilience” (Flynn 2015, 20).
Included within this final “barrier” noted in the post-Sandy study are four inter-related
notions. First, there are currently few rewards for investing in resilience. Indeed, there are
frequently disincentives. Congress, for example, routinely authorizes funds above the default
federal cost-share rate of 75% that is provided under the Stafford Act for presidentially declared
disasters, often effectively providing 90-100% reimbursement to states and localities. Thus, as
Alice Hill, Senior Advisor (for Preparedness and Resilience) to the President’s Assistant for
Homeland Security and Counterterrorism, has observed, it is difficult to find anyone who is anti-
resilience; but people increasingly believe that the federal government is going to bail them out
(see Flynn 2015). Overcoming this “moral hazard” is a significant barrier to improving
resilience in many instances.
Second, routine efficiency and optimization (e.g., eliminating redundancy and utilizing
just-in-time delivery) are often valued over continuity of function – excess capacity is
intentionally removed from systems to make them “leaner” (Flynn 2015, 13). There is a
“business case” to be made for improving resilience. The United Nations Office for Disaster
Risk Reduction estimates that for every dollar spent on resilience improvements, when
considered over an appropriate timeline,6 investors receive a 400% return on investment
6 The tendency of many cost-benefit analyses to use inappropriately short timelines is discussed further below.
47
(UNISDR 2013). Still, having recently held its fourth annual conference on resilience
investment and on the importance of public-private partnerships to improve resilience at the
individual business, sector, or regional levels, the U.S. Chamber of Commerce feels that many of
the nation’s 30 million business entities simply have yet to get the message (Martinez-Fonts
2014).
Third, we are skilled at transferring risk to others but not at reducing or eliminating it.
Infrastructure owners and operators – as well as governments that permit (re)construction in
hazard prone areas – necessarily accept a certain amount of risk in the decisions they make. The
taxpaying and utility-using public, however, often misunderstands or is generally unaware of the
hazards and vulnerabilities involved in these decisions (Flynn 2015, 94). Risks are thus
transferred, but seldom transparently.
Finally, in addition to impairing our ability to see the depth of the challenges we face and
to inhibiting integrative solutions thereto, the previously mentioned notion that we are still not
sure how to measure resilience or what it means in various contexts undermines any scheme
intended to incentivize its creation (see generally NIAC 2009; HSAC 2011; National Academy
of Sciences 2012). Together, the four foregoing barriers provide a framework, subject to further
expansion and development, for exploring the data on resilience that the RRAP reports provide.
B. Behaviors Underlying Resilience Barriers & Resilience Decision-Making
While few scholars have focused on exploring the aforementioned barriers and
components thereto as such, there has been an increasing integration into the ongoing resilience
dialogue of theories regarding the limitations imposed by human behavior and decision-making
in the face of complexity and uncertainty (see e.g., National Academy of Sciences 2012, 38–43;
Shafir 2013; Kunreuther and Michel-Kerjan 2013); conditions clearly implicated when
48
considering disruptions to overlapping, interdependent critical infrastructure systems. These
theories serve to inform any review of resilience gaps and barriers. Accordingly, this final sub-
section briefly notes three important observations derived from tangentially related literatures on
decision-making “heuristics” and “biases.” Specifically, it reviews our collective tendency for
(1) employing simplified decision rules, (2) maintaining the “status quo” and (3) minimizing our
perception of risk by confining our consideration and analyses to inappropriately narrow
timelines and issues. Each is discussed in turn.
1. Simplified Decision Rules
Three inter-related theories of how decisions are frequently simplified – those advanced
by Allison and Zelikow (1999), the cybernetic theory of decision making originally advanced by
Steinbruner (1973), and the work of Kahneman (2013) – together provide important insights into
the noted barriers to resilience. In their famous analysis of the Cuban Missile Crisis, Allison
and Zelikow utilized three “models” of decision-making to explain the narrative of what
happened. The first two models are most relevant for present purposes. “Model 1,” as they label
it, is the classic “rational actor” model. This approach to decision-making, which is utilized
throughout numerous literatures and disciplines, posits that decisions are based on a calculated
evaluation of the potential costs and benefits association with various options for proceeding.
That is, decisions are made to produce what is rationally seen as the most efficient or optimal
outcome. Under this model, organizations are composed of individual actors who effectively
decide on a given course of action for the larger organization. As a contrast to this approach, the
authors suggest that “organizational behavior” might provide a superior explanation as to how
decisions are actually made. In their “Model 2” conceptualization, Allison and Zelikow assert
that decisions are better understood as a function of the “purposes and practices common to the
49
members” of the involved organization (Allison and Zelikow 1999, chap. 3). Moreover, in the
face of uncertainly or complexity, organizations default to their known “repertoires”.
Steinbruner alternatively frames this dichotomy of decision-making in terms of analytic
versus cybernetic paradigms. Under his analytic model (a version of rational choice), decisions
makers, individually or collectively, serve as “purposeful calculators” (Coulam 1977, 11) that
undertake a series of assessments to determine the best outcome. In a slightly different approach
from Allison and Zelikow’s Model 2, Steinbruner posits that decision makers can be viewed as
acting based on “simplified images of complex problems” (Ibid.) In doing so, they are
analogous to “servo-mechanisms,” such as a thermostat, that respond to a specific recognized
stimulus (or one that has been interpreted as a recognized stimulus) by undertaking a set,
prescribed action in response thereto (Steinbruner 1973, 51). Under this paradigm, decision-
makers focus on the stimulus and act in routine ways – similar to Allison and Zelikow’s notion
of “repertoires” – without necessarily evaluating the specific possible outcomes of the action.
Kahneman offers a third related dichotomy, which approaches decision-making from a
more psychological, cognitive science perspective. Kahneman asserts that humans act via one of
two specific “systems” of thinking. Under “System 1,” (alternatively termed the Automatic
System) people operate or decide “quickly, with little or no effort and no sense of voluntary
control” (Kahneman 2013, 20). Under this intuitive model, people use simple associations and
decisions rules, (2013, chap. 4) and tend to draw heavily on recent past experiences, which
Kahneman terms the “availability heuristic” (2013, chap. 12). This approach system is roughly
analogous to Steinbruner’s servomechanism analogy and the “repertoires” of Allison and
Zelikow’s “Model 2.” Under Kahneman’s System 2 – sometimes referred to as our Reflective
System (Thaler and Sunstein 2009, 19) – humans undertake “effortful mental activities” for
50
complex circumstances that demand them (2013, 21). This second model represents how most
individuals would like to see themselves, and closely resembles the “rational actor” and
“analytic” models discussed above. Importantly, though, Kahneman’s study of human behavior
suggests that there are a large number of biases that continually drive individuals toward using
“System 1” thinking far more often; especially when they shouldn’t.
The synthesis of these three decision-making dichotomies is instructive with respect to
the notion of our (in)ability to recognize the scope of the challenges we face. Taken as a whole,
these theories suggest that there is at least a strong likelihood that any organization (however
structured) that is confronted with a particularly messy, complicated issue will tend to interpret
the problem or environment in ways that make it conform to more familiar settings or simpler
problems. Moreover, decision makers, whether individual or collectively, are likely to default –
at least in some circumstances – to known routines (or “repertoires”) for handling the now
“simpler” and “familiar” problems.
A critical consequence of this decision-making behavior is the importance of which
individuals and agencies – and through them, what collective perspectives and experiences
within a given environment – are “at the table” when dealing with resilience issues; whether in
response to a specific disruption; or in a more proactive, planning posture. The set of
participants is thus at least theoretically important in determining what decisions and actions a
given response or planning organization is capable, let alone likely, of making as the collective
experiences of those involved will shape how the organization perceives and acts on the
challenge at hand.
Relatedly, Woods et al., suggest that the observable tendency toward mental
simplification also manifests itself in a “hindsight” bias (2010). Knowledge of the outcome of a
51
given disaster or accident, they explain, “biases our judgment about the processes that led up to
that outcome” (Woods et al. 2010, 15). In other words, we subconsciously use our knowledge of
the outcome to simplify and assume a causal chain of events that produced it. Accordingly, even
when disasters bring intense scrutiny and study of why and how (a) given system(s) failed, we
often fail to fully see and appreciate the complexity and nuance involved. In this way, these
theories collectively support and inform the first barrier noted above – as a society we often
don’t fully appreciate the very complexity we face.
2. Status Quo
A second relevant behavioral observation, originally termed the “status quo bias” by
Samuelson and Zeckhauser (1988), might be thought of as the rough mental equivalent of
Newton’s first law of motion. Barring some significant external force, humans tend to remain at
rest with their status quo, and, if moving, to keep to their existing course of action. Whether out
of convenience, custom, or conservatism, there is a strong tendency for humans to choose
options that leave current configurations, policies, and options intact. Relatedly, Kahneman
explains that our inherently greater desire to avoid losses than to achieve gains (even if the object
of value at issue is the same!) – an idea generally adopted and referred to as “loss aversion” in
numerous fields, including behavioral economics – reinforces our tendency to defend the status
quo (Kahneman 2013, 304–306). If change is required, we often operate in favor of cautious
incremental deviation therefrom (Kahneman 2013, 305; see also Lindblom 1959 and its
progeny). The basic premises of these related theories underlie many of the “default adjustment
recommendations” for “improving health, wealth, and happiness,” made popular by Thaler and
Sunstein in their book “Nudge” (2009). To help Americans save more, for example, the authors
recommend that employers automatically enroll their employees in tax-favored savings plans,
52
forcing them to go against the status quo and actually opt out if they prefer another approach to
investing for retirement (Thaler and Sunstein 2009, 109–110).
For present purposes, it is important to observe how the idea of a status quo bias may
help to explain the nation’s seeming reluctance, if not inability, to depart from the stove-piped,
infrastructure-specific disaster planning and response observed in the post-Sandy study. It also
suggests why we continue to “relearn” the same lessons after many disasters (Abramson and
Redlener 2012; Donahue and Tuohy 2006). These mental tendencies and limitations together
suggest that developing a truly integrative, holistic approach to enhancing resilience – the second
noted barrier to enhancing resilience – is difficult.
3. Perceiving Risk and Myopic Thinking
In opening their book “At War with the Weather: Managing Large-Scale Risks in a New
Era of Catastrophes,” (2009) Kunreuther and Michel-Kerjan succinctly articulate a third
important behavioral observation that is relevant to exploring and understanding potential
barriers to resilience: “there is a tendency for all of us, whether in the role of homeowner,
decision maker in a private or public sector organization, or an elected official at the state, local,
or federal level, to focus on short-term crises” (2009, xviii). In addition to the previously noted
availability heuristic – which suggests that our understanding of any problem or probability is
strongly shaped by personal, recent experiences – we also focus our limited attention on threats
we perceive as near term. Thus, how a given hazard, vulnerability, or threat is framed and
described matters. Individuals, for example, are more liable to insure against a flood risk if told
they face a greater than one-in-five chance of a given flood stage in the next 25 years, than if the
same condition is characterized as the probabilistically equivalent “100-year storm” (Kunreuther,
Michel-Kerjan, and Pauly 2013; citing Weinstein, Kolb, and Goldstein 1996). Moreover, our
53
tendency to focus on short-term expenditures (a “loss”), instead of the long-term returns on
investment (the “gain”) that they can bring over the life of a given asset or property, lead many
to forego risk mitigations measures (i.e., resilience investments) that, from a strict cost-benefit
perspective, ultimately make a great deal of sense. This tendency for myopic behavior with
respect to risk illustrates the need for additional incentives for investing in and improving
resilience – the lack of which form the fourth barrier detailed above.
The above literatures on barriers and their related sub-components, along with the
supporting theories regarding behavior and decision-making that begin to explain them, provide
a baseline understanding from which grows second focus in this inductive-deductive study. How
these literatures contribute to the qualitative coding of the RRAP case data is appropriately the
subject of a complete methods discussion, which appears in the next chapter.
54
Chapter 3
This chapter describes the data, overarching design, and analytic techniques used in this
research. It does so in two major sections. The first provides a history and description of the
Regional Resiliency Assessment Program (RRAP) implemented by the Department of Homeland
Security (DHS) from whose data this dissertation draws. In brief, the RRAP initiative evolved
from the “comprehensive reviews” of high-consequence Critical Infrastructure and Key
Resources (CIKR) conducted by DHS shortly after its formation in the wake of 9/11. Not
surprisingly, these initial efforts focused on improving physical security and asset protection via
studies conducted through a counter-terrorism lens. As these reviews became more ambitious,
and began to explore more sprawling subjects, such as California’s water system, DHS shifted its
approach to a system-based analysis of how a given asset or sector focus area is supported by,
and dependent upon, multiple lifeline infrastructures. The resulting resilience-centric RRAP
initiative, which has continued to mature since its inception to incorporate an increasing array of
data collection and analytic techniques, has undertaken over 33 year-long, in-depth studies
involving eight broad substantive areas of emphasis in 31 states. The first portion of this chapter
further details this program’s important, but largely underutilized, processes and products, and
explains how they are used in answering my research questions.
The second section of this chapter explains the qualitative research approach and specific
methodological techniques – including key features of the NVivo 10 for Mac software – used to
derive the results and conclusions presented in the final chapters that follow. Specifically, this
latter section explains why and how I use an inductive-deductive content analysis based on
Saldaña’s two-cycle coding method (2012), as implemented through a case study-based
55
adaptation of Tesch’s eight-step coding process (Creswell 2013, 198; citing Tesch 1990), to
identify and analyze recurring resilience gaps, and barriers to their elimination.
I. Data: The Regional Resiliency Assessment Program (RRAP)
As noted in Chapter 1, the Office of Infrastructure Protection (IP), an entity within DHS’s
National Protection and Programs Directorate (NPPD), describes its Regional Resiliency
Assessment Program as “a voluntary, non-regulated interagency assessment of critical
infrastructure resilience in a designated geographic region” (DHS 2014c). Similar to CARRI’s
Community Resilience System, but unlike many of the other assessment regimes and indexes
surveyed in Chapter 2, the RRAP process uses a standardized but flexible assessment framework
designed to “identify[] threats, vulnerabilities, and potential consequences from an all-hazards
perspective.” The scope and focus of each RRAP project varies based on the needs and desires
of the communities, governments, and infrastructure sectors that volunteer to participate in the
program. Moreover, the geographic scale of RRAP projects has varied considerably, ranging
from studies involving specific communities within a set geographic region (e.g, the port
community in Hampton Roads, VA); to larger cities and metropolitan regions (e.g., New York,
Chicago); to entire states (e.g., Maine, Wyoming), and one project involving an infrastructure
sector (petroleum pipelines) spanning 13 states.
Regardless of the focus, scope, or geographic scale, to build awareness of vulnerabilities
and threats the RRAP process seeks to “identify dependencies, interdependencies, cascading
effects, resilience characteristics, and gaps; assess the status of the integrated preparedness and
protection capabilities of critical infrastructure owners and operators, local law enforcement, and
emergency response organizations; [and c]oordinate[] protection and response efforts to enhance
resilience and address security gaps within [each targeted] geographic region” (DHS 2014c). To
56
these ends, each year IP selects – with input from state and local stakeholders, as well as from
IP’s Protective Security Advisors (PSAs) who serve as liaisons and advisors within these various
regions and communities – a specified number of projects based on the funding available. Each
RRAP project takes roughly one year to complete. In fiscal year 2014, for example, DHS began
10 projects. RRAP reports are released to the primary state authority or other entity for whom
they were conducted on a rolling basis as they are completed.
This research focuses on the first 33 RRAP project reports (termed “Resiliency
Assessments”) that had been completed by DHS at the inception of this work. (An additional
project involving the Chicago Financial District was initially considered for inclusion in this
research, but was excluded when the available report was not a Resiliency Assessment, but rather
a Buffer Zone Protection Plan – a physical security-focused product that is one of the many
sources of information used in producing the larger RRAP report.) The year, focus, and
geographic area of interest for each RRAP project analyzed herein are noted in Table 3-1 on the
following page. The RRAP reports do not expressly use the concept of “megaregions,” which
may be broadly defined as clustered networks of metropolitan areas with, among other features,
interconnected and inter-dependent transportation and infrastructure systems (see generally Lang
and Dhavale 2005). However, they are included in Table 3-1 for the purpose of later
comparative analysis amongst and between such regions. Specifically, this dissertation uses the
11 megaregions proposed by the New York metropolitan area’s Regional Plan Association
(2015).
57
Table 3-1: Regional Resiliency Assessment Program (RRAP) Case Studies Title Sector Focus Area(s) Released State Mega Region(s)
Alabama Poultry Agriculture and Food 2013 AL Piedmont Atlantic
Alaska Energy & Transportation 2012 AK None
Arizona Water 2014 AZ Arizona Sun Corridor
Atlanta Commercial Facilities 2011 GA Piedmont Atlantic
California Dairy Agriculture and Food 2012 CA Southern California
Chicago Transit Transportation 2014 IL Great Lakes
Denver Commercial Facilities 2012 CO Front Range
Florida Defense Industrial Base 2015 FL Florida
Hampton Roads Transportation 2013 VA Northeast
Las Vegas Commercial Facilities 2011 NV Southern California
Maine Energy 2012 ME Northeast
Massachusetts Energy 2011 MA Northeast
Minnesota Commercial Facilities 2012 MN Great Lakes
National Capital Region Energy 2013 DC Northeast
Nebraska Energy 2014 NE None
New Jersey Exit 14 Water 2010 NJ Northeast
New Mexico Agriculture and Food 2014 NM Front Range
New York Bridges Transportation 2009 NY Northeast
North Dakota Energy 2014 ND None
Northern Delaware Transportation 2014 DE Northeast
Oklahoma Dams 2013 OK None
Pittsburgh Transportation 2013 PA Great Lakes
Puerto Rico Transportation 2014 PR None
Regional Pipelines Energy 2014 Various Various
Research Triangle Park Commercial Facilities 2010 NC Piedmont Atlantic
Salt Lake City & Co. Healthcare & Public Health 2014 UT None
Seattle Commercial Facilities 2011 WA Cascadia
SE New Hampshire Energy 2014 NH Northeast
Tampa Commercial Facilities 2012 FL Florida
Texas Medical Center Healthcare & Public Health 2014 TX Texas Triangle
Texas Panhandle Agriculture and Food 2011 TX None
West Virginia Transportation 2012 WV None
Wyoming Energy 2014 WY None
58
The Regional Resiliency Assessment Program reflects a continuing evolution in the way
the federal government has viewed and addressed critical infrastructure, and homeland security
more broadly. As the introduction of each RRAP report itself explains, the Department of
Homeland Security’s mission “has evolved in recent years from one focused primarily on
protective security to include a greater emphasis on resilience to disruptive events.” (As
discussed further herein, the Department’s view of resilience has also evolved over time.)
Correspondingly, the RRAP developed from the prior “Comprehensive Review” projects
initiated by DHS in 2004 to enhance the protection of designated “critical infrastructure and key
resources” (CIKR). Comprehensive reviews initially used an asset-focused approach to study
nuclear reactors (2005), high-consequence chemical facilitates (2006), and certain liquefied
natural gas facilitates (2008). In 2008, the program undertook a more systems-based approach to
study California’s state water system. That approach became the model for the RRAP’s broader
emphasis on the interdependencies across multiple lifeline critical infrastructure sectors that
support a sector of interest (i.e., the focus of a given RRAP project) in a given region. As its
very name implies, unlike its predecessors, the Regional Resiliency Assessment program focuses
on regional resilience, which has been viewed as “a function of resilience across several
subsystems, including but not limited to: [a studied region’s] economy, civil society, critical
infrastructure, supply chains/dependencies, and governance (including emergency services):
(Carlson et al. 2012, 22; DHS 2014c).
The RRAP process has continued to mature. Early RRAP project reports, for example,
studied resilience as a function of four components: robustness (“the ability of [Critical
Infrastructure and Key Resources, or “CIKR”] to maintain functionality at a level pre-determined
to be acceptable after an incident or attack”); redundancy (“the ability of the CIKR to back up or
59
reproduce its system’s critical functions either on site, or at another location”), response
(operations designed to “determine what is ‘wrong’ with CIKR and what needs to be done to
return it to an acceptable level of functionality”), and reparability (“a determination of the overall
ability to fix the damage done to CIKR resulting from natural and manmade hazard events”)
(DHS 2010b). Later reports embraced the National Infrastructure Advisory Council’s three-
component formulation. Under this model, resilience was considered as a function of robustness
(“the ability to maintain critical operations and functions in the face of crisis”), resourcefulness
(“the ability to skillfully prepare for, respond to and manage a crisis or disruption as it unfolds”),
and recovery (“the ability to return to and/or reconstitute normal operations as quickly and
efficiently as possible after a disruption”) (NIAC 2009, 8). Early RRAP project reports using
either of these resilience formulations were structured around an eight-step RRAP Resilience
Management Framework, which itself drew heavily from the traditional multi-step risk
management process of hazard identification, risk assessment, selection of appropriate risk
management strategies, implementation, and review (see Manuj and Mentzer 2008; Pettit, Fiksel,
and Croxton 2010, 4–5). Specifically, reports developed during the first two years of the
program were structured around the first five steps of an eight-step process: (1) setting goals and
objectives; (2) identifying critical assets, systems, and networks; (3) assessing (regionally
relevant) hazards and risks; (4) assessing dependencies and interdependencies; (5) prioritizing
resilience strategies.7
After the promulgation of Presidential Policy Directive-8 (PPD–8), “National
Preparedness,” in 2011, the RRAP program deemphasized analysis based on specific 7 By their very nature, the remaining steps in the early eight-step process – (6) submitting a [Vulnerability Reduction Purchase Plan] and evaluating grant programs that could be used to implement the prioritized resilience strategies, (7) implementing the approved grant programs, and (8) evaluating their effectiveness – were beyond the scope of the RRAP reports themselves.
60
components of resilience, instead simply employing PPD-8’s definition that emphasizes “the
ability to adapt to changing conditions and withstand and rapidly recover from disruption due to
emergencies.”
Moreover, while initial RRAP project reports present the general dependencies and
interdependencies found among and between infrastructure sectors affecting a given project’s
focus sector, more recent RRAP products provide far more detail-oriented findings and specific
resilience enhancement options. For example, the 2010 New Jersey Exit 14 RRAP notes an
apparent gap in understanding among state and local officials concerning the implications across
interdependent infrastructure sectors of existing long-term recovery plans for specific hazards,
and suggests the need to establish a better decision-making framework regarding the support
required for various recovery efforts across these sectors. The later (2015) Florida Defense
Industrial Base (DIB) RRAP report details a similar concern, but with far greater specificity.
The Florida DIB Resiliency Assessment highlights specific communications gaps among named
emergency management agencies and private companies with direct and real-time roles in
defense and national security operations. Moreover, this recent RRAP report suggests specific
characteristics for such companies that state and local agencies should become more familiar
with. Early RRAP reports do include “gap tables” that provide very specific deficiencies, with
recommendations for mitigating them. The types of details simply listed in these early tables,
however, are more fully integrated into the main analysis of later reports. The implications of
this shift toward a more holistic conceptualization and application of resilience, and later RRAP
reports’ use of more pointed findings and recommendations are discussed in greater detail in
Chapters 4 and 5.
61
For present purposes, it is important to note that the evolution of the RRAP process over
time has also brought with it an increasing array of data collection strategies and analytic
techniques, including various types of stakeholder outreach, targeted interviews, and facilitated
discussions; as well as various assessment indexes and modeling tools (e.g., input-output, flow
rate, and supply chain modeling); many of which have been developed and executed by the
national labs on behalf of DHS specifically for the RRAP initiative (see Carlson et al. 2012).
Table 3-2, on the following page, provides a non-exhaustive list of data collection and analytic
tools commonly used in RRAP projects. Again, the tools used in any given RRAP project vary.
Importantly, while the underlying data and specific complement of collection strategies
and diagnostic devices employed for each RRAP project are unique, the resulting reports, which
range in length from approximately 80-350 pages each, all address several common elements.
Specifically, they each contain (1) a review of the RRAP activities and instruments utilized for
the specific project in question; (2) a detailed description of the subject operating environment
(i.e., the research setting); (3) a listing of “key findings” (sometimes characterized as “threats” in
early reports), perceived “resilience gaps,” and recommendations for addressing the noted
shortfalls (termed “resilience enhancement options” in more recent reports); and (4) a discussion
of the empirical evidence and details on which these findings and recommendations are based
(most often through additional details provided in supporting appendices intended for more
limited distribution). As explained in more detail below, this effort’s conclusions emerge from a
careful coding and analysis of these case study reports, and their supporting appendices.
62
Table 3-2: Example Data Sources, Collection Techniques & Analytic Tools used in RRAP Projects
Activity, Source, or Tool Description
Buffer Zone Plans (BZP) Program
A “DHS-administered grant program designed to increase security in the area outside of critical infrastructure facilities and assets that can be used by an adversary to conduct surveillance or launch an attack. Assessments conducted under the BZPP are used to create BZPs, which provide the details of proposed security strategies and related planning and equipment requirements” (FEMA 2012).
Computer-Based Assessment Tool (CBAT)
A “data collection and presentation medium that supports critical infrastructure security, special event planning, and responsive operations.” The CBA “provides immersive video, geospatial, and hypermedia data of critical facilities, surrounding areas, transportation routes, etc., [and] integrates assessment data from Enhanced Critical Infrastructure Protection (ECIP) visits, Infrastructure Survey Tool (IST) and Rapid Survey Tool (RST) security surveys, and other relevant materials to create a video guide of a selected location” (DHS 2015e).
Cyber Resilience Review (CRR)
“A no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains. The assessment is designed to measure … organizational resilience as well as provide a gap analysis for improvement based on recognized best practices” (US-CERT 2015).
Dependency Interviews DHS-led questioning regarding a given asset’s core function dependencies on lifeline infrastructure.
RRAP-Specific Electrical Infrastructure Study
A regional electrical system analysis of the high-voltage, high-capacity transmission network and a site-level assessment of the low-voltage infrastructure that supports the critical infrastructure system or assets under study. Such studies often include use of a load flow simulation tool, EPfast, developed for DHS by Argonne National Labs to simulate disruptions to transmission lines and substations.
Emergency Services Capabilities Assessment (ESCA)
A facilitated discussion involving state and local emergency management and law enforcement personnel that examines a region’s prevention, protection, and response capabilities in the context of a given natural or manmade incident.
Enhanced Critical Infrastructure Protection (ECIP) Survey
“[A] voluntary assessment that includes outreach, which establishes or enhances the Department of Homeland Security’s (DHS) relationship with critical infrastructure owners and operators and informs them of their facilities’ importance and need for vigilance, and security surveys, which are conducted by DHS protective security advisors (PSAs) to assess the overall security and resilience of the nation’s most critical infrastructure sites” (DHS 2014d).
Infrastructure Survey Tool (IST)
“A voluntary, Web-based vulnerability survey conducted [by DHS] to identify and document the overall security and resilience of a facility. The survey data, composed of weighted scores on a variety of factors for specific critical infrastructure, is graphically displayed in [an] IST Dashboard that compares the data against similar facilities and informs protective measures, resilience planning, and resource allocation …. In addition to providing a sector security and resilience overview, the Dashboards highlight areas of potential concern and feature options to view the impact of potential enhancements to protection and resilience measures” (DHS 2015d).
Multi-Jurisdictional Improvised Explosive Device Security Planning (MJIEDSP)
“[A] systematic process that fuses counter-improvised explosive device (IED) capability analysis, training, and planning to enhance urban area IED prevention, protection, mitigation, and response capabilities. The program assists with collectively identifying roles, responsibilities, capability gaps, and how to optimize limited resources within a multi-jurisdictional planning area” (DHS 2015b).
Open Source Research RRAP projects frequently utilize data contained in publicly available sources.
Petroleum Balance An analysis using data on fuel that quantifies the movement of petroleum products by transport mode.
Site Assistance Visits (SAV)
“Voluntary, facility-based vulnerability assessments conducted by DHS personnel in cooperation with Federal, State, and local agencies, as well as critical infrastructure owners and operators …to assess a facility’s security and disaster resilience posture as a means of understanding the site’s operational dependencies and interdependencies” (DHS 2010b, 3).
Systems Recovery Analysis (SRA) Workshop
A “no-fault,” facilitated discussion among CIKR owners and operators, community first responders, and other personnel responsible for systems management concerning the potential consequences of, and recovery from, a system-wide failure during a specified scenario.
63
Given the sensitive, and often propriety nature of the data on which the RRAP reports are
based, DHS has designated all RRAP Resilience Assessments “for official use only” (FOUO).
FOUO materials are subject to limited distribution (generally, in this case, to only those
jurisdictions and entities participating in the RRAP project in question) and are protected from
otherwise mandatory disclosure under the federal Privacy Act and analogous state laws.
Additionally, some data contained in RRAP assessment reports is Protected Critical
Infrastructure Information (PCII), access to which requires nondisclosure agreements from non-
federal personnel, and compliance with specific handling requirements set forth in 6 C.F.R. Part
29. I attained the necessary credentials and permissions to handle and maintain this data (in an
encrypted format with appropriate physical protections). I sanitized this dissertation of any PCII
to ensure this final product is suitable for public release. DHS reviewed a draft of this work prior
to its publication to ensure compliance with all conditions on which the RRAP data have been
provided. (The continued need for, and advisability of, these limitations on access and
distribution is discussed further in Chapter 5).
I manually coded all 33 RRAP project reports listed in Table 3-1, constituting 4,466
pages of material, using the NVivo 10 for Mac qualitative data analysis software. In total, there
were over 3,683 individual blocks or “chunks” of text coded to one or more of over one hundred
separate thematic and “in vivo” codes pertaining to one or more of this project’s research
questions. The following section explains this methodology.
64
II. Methods
This dissertation adopts a qualitative research approach because of the research questions
involved, the emergent nature of the field of security and resilience studies into which those
questions fall, and the resultant need for further basic understanding and theory development (see
generally Creswell 2013, chap. 1, 9). Qualitative research is used where, as here: (1) the
researcher seeks to understand the complexities of a natural setting or condition, (2) multiple
sources of data (e.g., case studies) are used, (3) both inductive and deductive analysis are
contemplated, (4) the research design incorporates an adaptive process, and (5) the effort seeks to
develop a picture of a complex problem (Creswell 2013, 185–186). As indicated in the prior
discussion of the myriad potential components and domains of resilience, the pending research
questions involve truly complex phenomena, especially when applied to specific “natural
settings” in the context of homeland security. Within the qualitative approach, case study
research designs are ideally suited for such situations (Yin 2014; Yin 2012; Creswell 2013).
More specifically, in attempting to better understand common characteristics and barriers within
and among different settings, a multi-case research design with cross-case analysis is appropriate
(Yin 2014, 164–168). The following section explains this effort’s specific design by discussing
the key aspects of qualitative designs as outlined by Creswell (2013, chap. 9). Specifically, the
following section details: (a) my role as a researcher, (b) the data collection and study
boundaries, (c) the steps taken to enhance the validity and reliability of the research, and (d) the
specific coding and analytic techniques employed.
65
A. The Researcher’s Role
A key aspect of qualitative research is a recognition that any such effort is influenced by
the personal experience, views, and resulting biases of the researcher. My ongoing service as a
Coast Guard officer – and as such, a member of the Department of Homeland Security on whose
data this effort is based – inevitably influenced my understanding of the case evidence and topic
area. My prior experiences as a first responder to marine causalities and maritime pollution
incidents, as well as my subsequent service as a legal advisor to those who do such work –
including as a primary legal advisor to the National Incident Command for the government-wide
response to the BP DEEPWATER HORIZON oil spill – assuredly shaped my understanding of
how technical systems, communities, responder networks, and governance structures function (or
don’t). While establishing a certain worldview of the professional response community, this
knowledge and experience also strengthened my ability to analyze the present issues.
Additionally, my active duty military and DHS employee status facilitated gaining access to the
sensitive (but unclassified) data, which has gone largely unutilized in academic research until
now, from the appropriate DHS gatekeepers.
As detailed further below, the inductive-deductive coding strategy for studying resilience
gaps within and across regions and sectors involved the use of an “index case” to help establish
initial codes and types of “resilience gaps.” I intentionally selected an RRAP report focused on
port infrastructure – the 2014 RRAP of Southeastern New Hampshire, which analyzed the
receipt and distribution of petroleum products in that port – as the first case for manual coding, in
part, to leverage my enhanced baseline understanding of this particular environment. By coding
DHS’s analysis of an environment with which I am very familiar through prior professional
experience, it was possible to quickly establish a working set of “resilience gap” codes and
66
categories that could then be applied when considering RRAP analyses of environments with
which I was (initially) less well-versed.
It is important to note that I undertook all possible efforts to remain objective in my
analysis of what the case evidence suggests. The next section presents the specific design
strategies employed to this end, such as member checking and periodic debriefings with my
dissertation advisor and committee members, in a subsection on validity and reliability later in
this chapter.
B. Data Collection and Study Boundaries
This study uses the data contained in 33 case study reports (also referred to as
“Resiliency Assessments”) generated by the DHS Regional Resiliency Assessment Program as
outlined above and in Table 3-1. Each report represents over a year’s worth8 of research
involving, among other methods: facilitated panel discussions, site visits, survey instruments; as
well as modeling and various other analytic techniques, concerning varied infrastructure assets
and sectors, within and across numerous geographic regions. The types of participants in the
field work that lead to each report varied, but generally included technical experts, operators, and
senior managers from the responsible companies or commissions for each of the specific assets
and infrastructure sectors under study; similar representatives from interconnected lifeline
infrastructure assets and sectors; members of cognizant regulatory, emergency response, law
enforcement, and related security communities (often at local, state, and federal levels); as well
as other government officials and citizens of the communities in which these studies took place.
DHS’s Protective Security Advisors (“PSAs”) serve as researchers, coordinators, and advisors in
8 The RRAP case studies contained in this research generally operated on a one-year timeline. According to RRAP personnel interviewed for this research, some recent Resiliency Assessments undertaken after the inception of this research (and therefore outside its scope) are being conducted as two or three-year projects.
67
the RRAP process, with support from RRAP and IP program staff who provide a Headquarters
Team Lead (“HTL”) for each project. Personnel from Argonne National Laboratory and Idaho
National Laboratory provide technical expertise and a designated Resilience Assessment Lead
(“RAL”) for each project. Together a “triumvirate” composed of a PSA, HTL, and RAL direct
each individual RRAP effort.
I employed a content analysis of all the Resiliency Assessments available at the inception
of this research. While additional reports have be finalized and “published” subsequent to the
start of my research, they are not included in this analysis.
I initially intended to conduct semi-structured interviews with key individuals who
participated in the RRAP case studies whenever case evidence proved to be ambiguous with
respect to the research questions at hand. Ultimately, however, the ambiguity meriting further
clarification turned out to be the evolution of the RRAP process itself. Accordingly, I sought out
and interviewed the RRAP process owners in the Office of Infrastructure Protection, and at
Argonne National Laboratory, who have coordinated the program since its inception.
While the targeting and selection of interviewees differed from my initial plans, I
faithfully followed the specific protocol approved by Northeastern University’s Institutional
Review Board (IRB) for conducting the interviews themselves. That approval documentation is
included, as required, in Appendix A. The format of these semi-structured interviews varied
slightly based on with the role and longevity of each interviewee with the program. I recorded,
transcribed, and analyzed these interviews using the same coding techniques that I applied to
RRAP reports themselves, which are outlined further below.
68
C. Project Quality: Validity and Reliability
Before presenting the detailed coding and analysis scheme used in this dissertation, this
section describes other key aspects of the study design incorporated to enhance the quality of this
research. Scholarly debate persists over the best way to assess and ensure the overall quality of
qualitative research. Creswell, for example, suggests that qualitative studies should be evaluated
in terms of their qualitative validity and qualitative reliability. In this context, validity is
generally viewed as how accurately a given account reflects the reality of the individuals or
subjects involved, and reliability is considered in terms of the reproducibility and repeatability of
given research (2013, 201–204; Creswell and Miller 2000). Other authors promote credibility,
transferability, dependability, and confirmability as the appropriate qualitative analogs to the
quantitative research concepts of internal validity, external validity, reliability, and objectivity,
respectively (Trochim 2005; citing Guba and Lincoln 1992). Under this later framework,
credibility is meant to establish the validity of a study from the perspective of the actors (aka
subjects or participants) involved; transferability refers to the ability of the findings to be
generalized to other contexts; dependability is the extent to which the researcher accounts for
changing research context; and confirmability is the extent to which a study’s results could be
reproduced by others (Trochim 2005, 126). With respect to case study research in particular,
Yin advocates four principles for producing quality work: (1) using multiple sources of evidence,
(2) creating a case study database, (3) maintaining a chain of evidence, and (4) exercising care
when using data from electronic sources (Yin 2014, chap. 4). This study uses the following
seven widely recognized qualitative “validity strategies” (Creswell 2013, 201); the benefits of
each design element is discussed with respect to the most applicable of the aforementioned
quality concepts.
69
Member checking: RRAP program administrators were provided an opportunity to
validate (through review and comment) the interpretations developed in the research process
outlined above. This feedback has been incorporated into this final report. This step bolsters the
qualitative validity, in general, and credibility, in particular, of this research.
Debriefing: As is the norm in the dissertation process, I utilized an iterative chapter
submission, review, and re-writing process. This served as a form of debriefing. Chapter drafts
were submitted to my dissertation advisor as soon as they were completed. After incorporating
the feedback received, I then forwarded each draft to the other members of my committee for
further review and comment. Notably, this team collectively maintains expertize in the fields of
political science, public policy, geography, economics, civil and environmental engineering, and
operations research (among other disciplines). The interdisciplinary nature of this carefully
chosen team helped ensure that a broad audience will benefit from this research, arguably
enhancing the overall transferability of this effort. The iterative review of the research and
writing of this dissertation, as it was taking place, also bolsters the dependability and
confirmability of this research.
Triangulation: One the one hand, this dissertation utilizes primarily one source of data:
the case reports of the RRAP initiative. On the other, each “case” represents differing settings,
researchers, participants, and analytic processes. Collectively, then, these cases represent a wide
array of research settings and sources. To the extent common themes arise across such diverse
contexts, qualitative validity and transferability are enhanced.
Rich, thick description: To the extent applicable restrictions on the handling of
Protective Critical Infrastructure Information allow, the final chapters of this report incorporate
detailed descriptions of the data and settings from which the various results were derived. While
70
not amounting to the lengthy, detailed narratives that are the hallmark of ethnographies, I employ
a textually rich reporting style to enhance the qualitative validity and dependability of this
research.
Addressing researcher bias: In addition to using member checking and debriefing as a
check on inevitable researcher bias, I have included self-reflection and first person comments in
this work in order to openly address how my background may shape my findings for better or for
worse. This strategy is recognized (Creswell 2013, 201) as helping to enhance dependability by
providing those who cite or otherwise build on this research insight into my specific potential
biases.
Reporting negative discrepant information: Themes found within and across cases are
highlighted in the chapters that follow, along with an accounting of any notable exceptions to
these findings. The consequentially more complete picture enhances qualitative validity and
reliability in general, and confirmability in particular.
Documenting the emergent research process as it unfolds: I employed this final “validity
strategy” to ensure that consumers of this report and subsequent researchers, especially those
familiar with NVivo, will be able to understand exactly how I conducted this research, and how
to repeat it. Specifically, I utilized periodic analytic memoing (see Miles, Huberman, and
Saldaña 2013, 95) throughout my research to document my thinking about emerging themes
concerning resilience gaps and barriers, as well as their implication for the underlying theory of
resilience, and approaches to measuring it. NVivo provides the ability to create free-form
memos that can be attached to specific sources or nodes, or left freestanding to allow the
researcher to reflect and document their thoughts on any aspect of the research, analysis, or
general research design. By using the NVivo qualitative analysis software to conduct my coding,
71
memoing, and analysis, I essentially created and maintain a case study database and “chain of
evidence”. Together, the above approaches help to ensure overall quality of this dissertation’s
results and conclusions.
D. Data Handling and Analysis
This final section details the coding and analytic techniques used in this qualitative
research. First, its explains the multiple coding schemes developed and employed to address
each of this dissertation’s two central areas of inquiry – i.e., resilience gaps and barriers to
resilience improvements. Then it details five additional coding schemes devised to glean and
track additional information necessary for later intra and cross-case analysis.
1. Resilience Gap Coding
In general, this research followed Saldaña’s two-cycle coding process (2012). In this
scheme, “first-cycle” coding involves assigning descriptive codes, “in vivo” codes, or both – i.e.,
using descriptive labels or actual words and phrases from the RRAP reports as codes (Miles,
Huberman, and Saldaña 2013, 74) – to various “chunks” of case report data in an inductive and
deductive fashion (Ibid., 81). Thus, the first RRAP report reviewed served as an “index case”
case for creating an initial “resilience gap” coding scheme. As noted above, prior Coast Guard
field work in port settings made me especially comfortable in studying and classifying
information gathered in this particular context. Accordingly, I chose a port-based study to begin
my coding. The Resilience Assessment in question was also chosen because of its relatively
recent release date in 2014. As previously mentioned, the continuing evolution of the RRAP
process resulted in more recent reports containing more detailed and nuanced analysis with more
specific recommendations. Starting with a relatively recent case report provided me a more
robust set of initial resilience gaps and analyses to work with and build from.
72
More specifically, this research employed a case-based adaptation of Tesch’s eight-step
coding process (Creswell 2013, 198; citing Tesch 1990). That process directs a researcher to: (1)
get a sense of the whole by reading the case data (or interview transcripts); (2) concentrate on
one document or case with a focus on its underlying meaning; (3) repeat step 2 for several cases
or participants and make and sort a list of major topics; (4) abbreviate and employ these topics as
an initial coding scheme; (5) group the resulting codes in descriptive categories; (6) finalize code
abbreviations; (7) assemble all data associated with a given code in a given place to perform
analysis; (8) recode existing data as necessary (Ibid.). For all coding, I used the “NVivo for
Mac” qualitative analysis software, applying NVivo’s functionality to the Tesch’s eight-step
process as follows.
I first read a number of RRAP Resiliency Assessments without any attempt to “code”
them in order to “get a sense of the whole.” Next, I carefully reviewed just the Southeastern
New Hampshire RRAP report. As a starting point, I turned each of that report’s three FOUO
“key findings” into in vivo resilience gap codes. The NVivo software refers to such coding
labels as “nodes,” which essentially serve as a bin to which select information – whether a single
word, a figure, or numerous pages of text – can be assigned or “coded.” Nodes can be, and were
ultimately, organized in hierarchies, thus creating a nested set of thematic, parent, child, (and
grand-parent, and grand-child in some cases) folders to which content can be tied.
I coded data in NVivo as follows. First, I the imported the material of interest into the
software program as a “source.” In the present case, I uploaded each RRAP report as a PDF file.
To create codes in NVivo, I opened a source document, reviewed it on the screen, and simply
highlighted the text or data of interest (in the initial instance, the subject headings for each of
three “key findings”), and selected either the “Code in Vivo,” (for in vivo coding based on the
73
text itself) or “Create New Node” (to author a descriptive code not based on the text itself)
option from the program’s “analyze” menu, command ribbon, or corresponding right-click
menus. Using this process, the very first “resilience gap” codes reflected challenges arising from
(1) limited fuel transportation options within a port community; (2) dependency on electricity for
core function across multiple assets and sectors within the area of study, and (3) the potential
cascading failures tied to the natural gas distribution system of that region.
As I parsed each report, I coded additional information that supports or further amplifies
each of these initial “resilience gaps” (i.e., key findings) by “coding” it to its corresponding
node. In NVivo, such coding can be accomplished, among other ways, by manually highlighting
text and “dragging” it onto the appropriate node (or nodes) in a “List View” of all active nodes.
Data can be coded to any number of nodes. I configured NVivo such that data coded to a given
child or grandchild node is also automatically coded to the corresponding parent (and
grandparent, if applicable) node.
To help shape “the relevance, meaning, and interconnection of concepts in a way that
simply reading the text does not” (Moynihan 2009, 900), I deductively analyzed subsequent
RRAP case reports with these initial resilience gap nodes in mind. A “Detailed View” screen in
NVivo shows the PDF image of the report under study adjacent to a “List View” of all available
nodes to facilitate coding new material to these existing nodes, as is envisioned in step 4 of
Tesch’s coding process. At the same time, my coding process facilitated the inductive creation
of new nodes when the evidence and themes in subsequent RRAP reports dictate (Miles,
Huberman, and Saldaña 2013, 81–81; see also Creswell 2013, 199). That is, for each RRAP
report under study, I analyzed its respective key findings and supporting information for possible
coding to existing, similar nodes – or, potentially, more specific sub (aka “child”) nodes thereof
74
– but also used NVivo’s functionality to create additional “resilience gap” nodes when new or
more nuanced themes emerged.
As the number of resilience gap nodes increased throughout this process, I reviewed the
existing nodes for common themes and possible grouping, which is the essence of steps 5 and 6
in Tesch’s 8-step cycle. For example, through the process of coding the first four RRAP case
reports chosen for analysis – specifically, the Southeast New Hampshire, Puerto Rico, Hampton
Roads, and (first) Alaska (transportation) RRAPs – four "gap areas" emerged. Existing nodes
were placed within each of the following descriptive “parent” node categories that emerged as
themes within the initial descriptive and “in vivo” nodes: Capability, Capacity, and Redundancy
(i.e., codes which involve physical asset or personnel limitations to supporting a given
infrastructure function); Communication; Planning; and Dependencies and Interdependencies
(among and between different critical infrastructure sectors and services).
I simultaneously expanded this evolving “resilience gap” coding scheme to provide more
detailed sub-nodes as the case evidence warranted. I accomplished this through additional
second-cycle review (i.e., analysis) of the data coded to the various “resilience gap” nodes. For
example, within the grandparent “Capability, Capacity, and Redundancy” node created through
the process described above, were nodes for each of these related, but distinct topics. As I used
the (lack of) “redundancy” node to code various discussions of single points of failure that were
highlighted in the RRAP reports, I was able to classify the coded material into more detailed
categories. Thus, within the (lack of) “redundancy” node, I created separate sub-nodes for data
related to a lack of redundancy concerning fuel transportation infrastructure and water
connections. I kept data that did not fit into any specific child node remained at the broader
parent level until a given issue recurred with such frequency that it suggested a theme meriting
75
its own child (sub-) node. Given the variability in the language used from one RRAP report to
the next, I did not establish a bright line rule for making the determination when something
merited its own sub node. In general, an observed theme needed to appear several times, and in
more than one context or research setting, before I would create a new gap or barrier coding sub-
category. Thus, initial nodes served as containers for all “other” examples for which there were
no more applicable descriptions and corresponding sub-nodes.
Steps 7 and 8 of Tesch’s coding scheme direct a researcher to “assemble all data
associated with a given code in a given place to perform analysis” and to “recode existing data as
necessary.” NVivo’s functionality greatly facilitated the initial analysis contemplated in these
steps. Simply by selecting a given node in the program, all “chunks” of data that have been
coded to that node can be displayed in a new window, or exported to a spreadsheet or text
document, that is initially sorted by the specific source documents (i.e., specific RRAP reports)
from which they were drawn. NVivo enables the researcher to display more or less context (i.e.,
the material surrounding a given coded “chunk” of data) on demand, and, for even greater
perspective, provides a link back to the coded material in the PDF of the original source material
for easy review. Reading, re-reading, and then re-coding the material coded under each given
node in this fashion – a form of “second-cycle coding” (i.e., analysis) where coded material is
evaluated for patterns and themes (Saldaña 2012) – enabled me to ensure all “chunks” had been
properly attributed and re-coded as necessary to the appropriate node or nodes, sub-nodes, and
parent nodes that were themselves continually refined throughout the inductive-deductive
process.
To supplement this “manual” coding, I employed some of NVivo’s automated text search
and quick coding functionality. Like most software programs, NVivo enables a user to query
76
source material (here, the RRAP reports and any corresponding interview transcripts) text or
data, including that already coded to a specific node (or nodes), and then to (re)code any
resulting search results. Beyond simple text searches, NVivo offers the ability to create “word
trees” where various “branches” show the divergent contexts in which a given word or phrase is
used. Additionally, NVivo can create “word clouds” to visually illustrate the frequency of
various terms and concepts. While I opted to rely primarily on the “manual” inductive-deductive
coding process set forth above, I selectively employed these automated techniques to essentially
double-check my manual coding. For example, during the coding of one case, two themes
emerged that lent themselves well to text-based queries: (1) repeated references to resilience
gaps arising from “unknown” information, which inhibited the ability of various critical
infrastructure owners and operators to plan for various contingencies; and (2) insufficient (i.e.,
narrowly focused) “business continuity plans” of certain private critical infrastructure owners
and operators, which inhibited the ability of these entities to fully appreciate interdependencies
that could lead to cascading failures. In coding that case, I ran text queries for “unknown,”
“unknown information,” and “information” and reviewed the results to ensure all aspects of that
condition had been properly considered and coded. Similarly, text queries for “business,”
“business continuity,” and “continuity” were used to identify areas where such plans were
discussed.
The “gap” node categories were continually revised through the above iterative,
inductive-deductive process until all RRAP reports had been coded. The resulting final list of
“resilience gap” nodes – i.e., the final gap “coding scheme” – is set forth on the following page.
77
Table 3-3: “Resilience Gap” Codes Derived from Iterative Inductive-Deductive Coding Process Age of Infrastructure (in general) Dependencies and Interdependencies
Capability − Bridges
− Access to Classified Information − Chemicals
− Backup Power (no or limited) − Communications
− Building & Engineering Design Issues − Critical Manufacturing
− Communications − Dams (and Locks)
− Emergency Response − Energy (in general)
− Energy & Fuel Transmission / Distribution o Electricity (for core function)
− Integrated IT Platform (lacking) o Fuels
− Modeling Capability (lacking) − Finance
− Surveillance & Detection (inadequate) − Food / Feed
− System Cross Connections (lack of) − Healthcare
− Training (lack of) − Information Systems / Technology
Capacity − Transportation
− Debris Removal − Water or Wastewater
− Decontamination Equipment − Workers / Personnel
− Electric Planning
− Emergency Response Assets − Business Continuity Planning (deficient)
− Evacuation (Assets and Procedures) − Comprehensive Approach (lacking)
− Fuel − Crisis Communications (lacking)
− Hospitals and Healthcare − Emergency Action Plan (lacking)
− Natural Gas Pipeline − Failure to Prioritize (below and other)
− Personnel & Inspectors o Ambulance / At-Risk Populations
− Rail Line Capacity o Communications (restoration, access)
− Spare Parts o Electric (restoration)
− Threat Monitoring o Fuel Distribution
− Water (or Wastewater) o Route Access (roadway restoration)
Redundancy − Hazard not Identified or Planned For
− in Fuel Transportation Options − Long-Range
− in Water Interconnections − Security
− Single Points of Failure Protective Measures
− Cyber Security Deficiencies
− Physical Security Deficiencies
78
2. Resilience Barrier Coding
I coded barriers to resilience in a similar fashion, but started from a different point.
Instead of using an index case to inductively create initial codes, I utilized the framework
established by the Center for Resilience Studies’ post-Sandy initiative, as outlined in Chapter 2,
with each of the four major barriers highlighted in that project report serving as “parent” nodes in
the barrier coding scheme. Specifically, the initial parent barrier nodes were: (1) failure to
recognize foreseeable risks and uncertainties; (2) lack of definition or integrated approach to
addressing resilience; (3) organizational and governance challenges; and (4) lack of incentives
(or the presence of disincentives). To this initial coding scheme I added a “barrier behaviors”
node, with sub-nodes for each of the three common decision-making challenges recounted in
Chapter 2: (1) employing simplified decision rules, (2) a bias toward maintaining the “status
quo” and (3) minimizing our perception of risk by confining our consideration and analyses to
inappropriately narrow timelines and issues.
As with the process used for coding resilience gaps, I deductively applied this hierarchy
of nodes when reviewing the RRAP reports, but also allowed for the inductive creation of new
barrier nodes when themes that did not fit within the existing scheme emerged from the case
evidence. For example, Flynn’s four-pronged, multi-level framework of resilience barriers that
served as the initial coding scheme for the barrier component of this research does not
specifically list “unknown information” as sub-component or theme. Logically, such a condition
underlies or results from poor coordination (i.e., communication), which is captured in Flynn’s
construct. Accordingly, I was tempted to code such references to the node that corresponded
with that condition. In conducting my iterative coding, though, I noted that the word “unknown”
itself recurs a total of 51 times, and appears in 19 of the 33 RRAP case studies scoped within this
research. Moreover, the broader idea of unknown information – information that the Resiliency
79
Assessments noted regional stakeholders or RRAP researchers desired, but did not have, and
could not readily attain – appeared (and was coded) 95 times across 27 cases. Given the
prevalence of this particular condition, I added it as a separate sub-theme within the “failure to
recognize risks and uncertainties” parent node – the first of Flynn’s four-barrier scheme. The
resulting final list of “resilience barrier” nodes is depicted in the Table 3-4, below.
It is important to note that I took special care when coding data to barrier nodes in
recognition of the fact that the primary
purposes of the RRAP process was and
remains to identify resilience gaps and to
recommend potential mitigation
strategies thereto; not to identify the
barriers that may be enabling them.
(advantages to changing this approach
are discussed in Chapters 4 and 5.)
Accordingly, I was careful to refrain
from any attempt to “read into” or
“behind” the statement of gaps and
conditions themselves, and only coded
material to a specific resilience barrier
nodes when the language and evidence
presented in a given Resiliency
Assessment strongly suggested the
presence of a specific barrier in
Table 3-4: Resilience Barrier Coding Scheme
Barrier Behaviors
− Narrow Timelines and Issue Framing
− Simplified Decision Rules
− Status Quo Bias
Failure to Recognize Foreseeable Risks & Uncertainties
− Assumptions of Stationarity
− Inappropriately Discounting Risks
− Overestimating Current Capabilities
− Politically Risky to Acknowledge Gap
− Unknown Information
Lack of Definition or Integrative Approach
− Failure to Recognize Interdependencies
− Lack of Agreed Upon Standards or Measures
Lack of Incentives or Presence of Disincentives
− Confusion and Lack of Common Definition
− Disincentives
− Efficiency Valued over Continuity of Function
− Few Rewards (or funds) for Investing in Resilience
Organizational or Governance Challenges
− Coordination or Collaboration
− Fighting the Last Battle
− Law or Regulation (lack of or mismatched)
80
operation. For example, within the “lack of incentives” category of barriers to enhancing
resilience, I employed a node specifically designated to capture a demonstrated lack of monetary
rewards or funds for enhancing resilience. I did not presume statements or data concerning the
deteriorated or outdated condition of equipment to be a consequence of the lack of funding for its
maintenance or improvement (acknowledging that in most cases, additional resources almost
certainly facilitate enhancements). I coded specific statements concerning a lack of available
monies, however, to this specific barrier sub-node. In the context of discussing the locks and
dams in and around one studied city, for example, one RRAP report detailed how the U.S. Army
Corps has a $400-$500 million operating budget to address a $10 billion backlog of waterway
navigation infrastructure (DHS 2014a). I coded this reference to the “Few Rewards (or funds)
for Investing in Resilience” node.
3. Other Coding Schemes Employed to Facilitate Analysis
In addition to coding for resilience gaps, and perceived barriers to overcoming them – the
primary focus areas of this research – I developed five additional coding schemes, which were
applied concurrently, to enhance and facilitate the subsequent analysis of data coded to these
areas of interest. To better understand and account for the evolution of thinking about resilience,
and developments in the RRAP process itself, I created (1) a coding scheme to help track the
various RRAP activities and analytic techniques that were used in each project, and (2) a scheme
that traces the definitions (and evolution thereof) of key terms used throughout the RRAP
process. These methodological and definitional parent nodes facilitated quickly recognizing
where a given concept, definition, or technique had been added or applied in a potentially new or
different way.
To help clarify the specific focus of each RRAP project for later cross-case analysis – in
terms of infrastructure areas of concentration and geographic regions involved – I coded any
81
expressly stated goals or “focus areas” to (3) a Goal/Focus node. Relatedly, to supplement this
particular coding scheme, I utilized NVivo’s “source classification” function, which allows a
researcher to assign to each data source (here, each RRAP report or corresponding interview)
any number of specific characteristics or attributes that might be of interest for sorting
information and employing automated cross-case queries. Using this functionality, I “classified”
(i.e., labeled) each RRAP report (i.e., NVivo “source”) regarding the city, state, and megaregion
within which it was conducted, the primary infrastructure sector under study, and with the years
the given project was initially undertaken and its final report released.
I developed two additional coding schemes to help me track and manage the case
evidence contained in the RRAP reports. Many of the Resiliency Assessments noted “best
practices” in their conclusions – either when highlighting strengths found in a given project’s
area of focus, or by referencing other regions’ approaches to a given challenge or issue that
might serve as a model for the region under study to follow. To the extent such practices are
potentially instructive for their lack of resilience gaps, and seeming ability to avoid or overcome
barriers to resilience, they were coded to (4) a “best practices” node for further study.
Additionally, I developed and initially used a (5) PCII node to “tag” and track PCII
information to ensure compliance with applicable non-disclosure, marking, and storage
requirements. This particular coding scheme ultimately proved untenable, however. The 2014
RRAP reports initially considered consolidated all PCII material into annexes expressly
designated for such information. Within these annexes however, there is no delineation between
those details that constitute PCII and those that do not; that is, the entire annex is labeled as PCII
material regardless of what else is contained therein. The only apparent way – using the
information to which I had access – to discern precisely which facts and information were
82
subject to PCII protections was to compare the discussions contained in the PCII-designated
annexes with the information and descriptions that appear elsewhere in the main body of the
RRAP reports. Any specific details, discussions, or information that appear in either a section
that is unmarked or marked merely as For Official Use Only that also appear, in identical form,
within an annex labeled PCII presumably would not constitute PCII.
This research does not attempt to undertake such an analysis, however, because without
accessing and reviewing all of the underlying surveys, source documents, and other submissions
used in creating each Resiliency Assessment, it is not possible to verify the validity of this
approach. Moreover, many early (i.e., pre-2011) RRAP reports do not even contain PCII
annexes. For these early reports, the entire Resiliency Assessments is marked as PCII, making
any attempt to determine which specific portions are subject to that classification’s additional
protections impossible. That being the case, I abandoned my efforts to “tag” PCII material
formally. Instead, I proceeded based on my observation that the type of information that
appeared in PCII-designated annexes and nowhere else generally included detailed
vulnerabilities, clearly proprietary information, or potentially embarrassing insights tied to
specific companies, assets, or procedures. I have refrained from using any such materials, even
as illustrative anecdotes or examples, in this report. As discussed elsewhere in this chapter, I
also worked closely with RRAP program administrators and the Office of Infrastructure
Protection to ensure that I have not inadvertently included any PCII material in this public
document. The multiple coding schemes described above were used to collectively address the
four principal questions that drive this research. The next chapter presents the results from
applying these various schemes to the RRAP case data, and discusses the extent to which the
results answer those questions.
83
Chapter 4 This chapter reviews the major themes that emerged from the iterative, inductive-
deductive coding and analysis of the RRAP case studies described in the preceding chapter. It
presents these results as they correspond to this effort’s four research questions: (1) What, if
any, recurring “resilience gaps” exist within and across geographic regions, and critical
infrastructure sectors? (2) To what extent and how do these gaps differ across regions and
sectors? (3) Are there any recurring, observable barriers to addressing these gaps (i.e., to
improving regional, and ultimately national, resilience)? If so, what are they? (4) To what
extent do the presence and significance of these barriers differ across geographic regions and
critical infrastructure sectors? Each question is addressed in turn.
I. What, if any, recurring “resilience gaps” exist within and across geographic
regions, and critical infrastructure sectors?
To answer this first research question, all of the data coded to each node and sub-node in
the resilience “gap” coding scheme set forth in Table 3-4 in the preceding chapter were first
considered. Table 4-1, on the following page, provides the number of discrete blocks of text or
data coded to each particular gap node (“coding references”), followed by a parenthetical
notation indicating the number of RRAP case studies with one or more references to that
particular gap (a “source count”).
The coding references and source counts for all 33 RRAP cases appear in Table 4-1. As
indicated therein, certain gaps appear with markedly higher counts than others. Not surprisingly,
all major “parent” nodes – i.e., capability, capacity, redundancy, dependencies and
interdependencies, planning, and protective measures – which include the counts of their
respective, more specific “child” gap nodes – contain comparatively high coding reference and
source counts. (Parent nodes do not necessarily reflect the sum of data coded in subordinate
84
Table 4-1: Resilience Gap Coding Results Number of Coding References to Gap (Number of RRAP Case Studies with Coding References to Gap)
Age of Infrastructure (in general) ..................... 27(10) Dependencies and Interdependencies .................... 574(34)
Capability (lacking or insufficient) ................. 312(30) − Bridges ............................................................... 5(3)
− Access to Classified Information .................. 1(1) − Chemicals ....................................................... 19(11)
− Backup Power (no or limited) ................ 173(24) − Communications ............................................. 44(20)
− Building & Engineering Design Issues ......... 4(2) − Critical Manufacturing ....................................... 2(1)
− Communications ....................................... 57(20) − Dams (and Locks) ............................................. 15(5)
− Emergency Response .................................. 28(7) − Energy (in general) ....................................... 220(32)
− Energy & Fuel .............................................. 9(3) o Electricity (for core function) ................ 127(30)
− Integrated IT Platform (lacking) ................... 2(1) o Fuels ........................................................ 96(22)
− Modeling Capability (lacking) ...................... 2(1) − Finance ............................................................... 2(2)
− Surveillance & Detection (inadequate) ....... 23(5) − Food / Feed ......................................................... 3(2)
− System Cross Connections (lack of) ............. 4(3) − Healthcare ......................................................... 10(3)
− Training (lack of) .......................................... 9(3) − Information Systems / Technology ................. 57(16)
Capacity ......................................................... 160(23) − Transportation .............................................. 106(27)
− Debris Removal ............................................ 1(1) − Water or Wastewater ...................................... 97(20)
− Decontamination Equipment ........................ 6(1) − Workers / Personnel ........................................... 5(1)
− Electric ..................................................... 42(12) Planning .............................................................. 496(31)
− Emergency Response Assets ........................ 5(4) − Business Continuity Planning (deficient) ....... 79(23)
− Evacuation (Assets and Procedures) ............. 2(1) − Comprehensive Approach (lacking) ............. 218(25)
− Fuel ............................................................. 14(7) − Crisis Communications (lacking) ..................... 20(6)
− Hospitals and Healthcare ............................ 34(3) − Emergency Action Plan (lacking) ....................... 1(1)
− Natural Gas Pipeline ................................... 10(2) − Failure to Prioritize (below and other) ............ 55(12)
− Personnel & Inspectors ............................... 20(7) o Ambulance / At-Risk Populations ............... 7(1)
− Rail Line Capacity ........................................ 3(2) o Communications (restoration, access) ......... 3(3)
− Spare Parts .................................................... 1(1) o Electric (restoration) ................................... 30(7)
− Threat Monitoring ........................................ 9(2) o Fuel Distribution ......................................... 2(1)
− Water (or Wastewater) ............................... 12(6) o Route Access (roadway restoration) ............ 6(1)
Redundancy ................................................... 206(28) − Hazard not Identified or Planned For ........... 114(22)
− in Fuel Transportation Options ................... 31(4) − Long-Range ........................................................ 6(2)
− in Water Interconnections ............................. 3(3) − Security ............................................................. 10(4)
− Single Points of Failure .......................... 122(25) Protective Measures ............................................ 160(19)
− Cyber Security Deficiencies ............................. 36(7)
− Physical Security Deficiencies ..................... 123(17)
85
child nodes, however, to the extent parent nodes also contain coding references to gap conditions
for which the coding scheme did not have a more specific child node in the inductive-deductive
coding process.) Importantly, within the parent nodes eight specific gaps appear with
particularly high count coding references. As highlighted in boldface in Table 4-1 above, these
are: (1) the absence or lack of back-up power capabilities; (2) the presence of single points of
failure; (3) a strong dependence on energy for core function and, to a slightly lesser extent, a
dependence on (4) transportation and (5) water; (6) the lack of comprehensive plans and
planning, which (7) often omit key hazards; and (8) the presence of physical security
deficiencies.
It is critical to note that the number of “chunks” of data coded to any given node only
begins to answer the question of what gaps recur most strongly across infrastructure sectors and
geographic regions. Indeed, the number of blocks of text or data coded to any specific node is
potentially influenced by a number of largely irrelevant factors. For one, choices about how data
is portioned or “chunked” while coding (i.e., using smaller segments of data while coding, as
opposed to coding entire paragraphs or numerous pages at once) affects the number of coding
references that results. Relatedly, as noted in the preceding chapter, many RRAP reports present
PCII material in a separate annex that repeats observations presented elsewhere in the report,
only in greater detail. This redundancy increases the number of blocks of data or text coded to
corresponding gap (and barrier) nodes, especially where the added detail provided by the PCII
material did not alter the assessment of what gap (or barrier) is at issue; and thus, to which
node(s) such material is coded or recoded.
The source counts for the gap nodes are useful to the extent this metric gives another
rough sense of how pervasive (or not) a given gap might be. This metric is not subject to the
86
extraneous influences on coding reference counts set forth above. On the other hand, as even a
fleeting reference that is coded to a specified gap in a given RRAP report adds that case study to
the corresponding source count, this count metric is also insufficient by itself to fully illuminate
what gaps are most pervasive, and in what ways they appear in and across various infrastructure
sectors and regions. It was through reading and re-reading the underlying descriptive text
associated with each of the coding references that I was best able to discern some clear themes,
which illuminate and suggest relationships among some of the aforementioned high-count gaps.
Accordingly, the coding reference and source count information represented in Table 4-1
was used primarily to guide the subsequent qualitative review of the substance of the text or data
underlying each coding reference. Through doing so four major themes emerged. The sections
that follow provide representative examples of the case data to provide a richer description of
these four gap themes. To ensure compliance with the regulations for handling Protected Critical
Infrastructure Information, and material designated “For Official Use Only,” the case evidence in
these examples is aggregated, generalized, and cited such that it cannot be traced to a specific
study, region, or asset. Citations to specific RRAP reports are intentionally omitted, with direct
quotes attributed instead to the 33 Resiliency Assessments used in this research as a group. This
approach was a condition for gaining access to the complete RRAP files, and for publicly
releasing the information below.
A. A dependence on energy, aggravated by an insufficiency (or absence) of back-
up power systems, is the most pervasive resilience gap noted in the RRAP cases.
An initial review of the coding reference and source count information reproduced in
Table 4-1 revealed that the highest counts for any gap node were associated with the
“dependencies and interdependencies” parent node. This is not surprising to the extent the stated
87
purpose of the RRAP program centers on identifying and better understanding such
infrastructure system characteristics. (In other words, the RRAP program found what it was
looking for.). Importantly, a study of the associated case evidence, including that contained
within the various child gap nodes, reveals that the most frequently recurring resilience gap,
evinced in all but one9 of the coded Resiliency Assessments, is the dependence of key assets and
infrastructure systems on the energy sector, in general, and on electricity in particular. While
there are 27 cases that document significant reliance on the transportation sector (often arising
from multiple sectors’ reliance on just-in-time delivery, as discussed later in this work), and 20
RRAP cases that detail gaps arising from an interdependence or dependence on water; this
review of the coded material confirmed that no one specific resilience gap is more prevalent (in
the RRAP case evidence, at least) than our dependence on the energy sector for core function.
Interestingly, the associated case data reveals that, more often than not, evidence
documenting a given asset or system’s dependence on the energy sector also identifies a lack of
sufficient organic or readily available back-up power systems to maintain desired system
function for any prolonged period of time. 10 The following representative selections of coded
material illustrate how these conditions manifest themselves throughout the RRAP case studies.
The coded case data shows that the energy dependency gap is prevalent across all sector
focus areas and geographic regions represented in the studied RRAP projects. For example, in a
9 Interesting, I did not find any significant evidence of this energy dependency gap in the 2014 Chicago Transit Resiliency Assessment. This is likely only the case, however, because of that project’s careful scoping to explore a specific hazard – contamination of the transit system by an industrial accident or terrorist attack using biological weapons, or similar – which left significant portions of the transportation system beyond the scope of the underlying discussions and research conducted for that project. 10 In most cases, I could not discern from the RRAP data whether or not cognizant authorities had determined a desired level of essential function or had established target restoration timelines. The importance of doing so is discussed further in Chapter 5.
88
representative regional study involving the food and agriculture industry, one RRAP team noted
how
[e]lectricity and back-up diesel fueled generators are key infrastructure dependencies to every element of the industry production and distribution process. Loss of electricity to [certain buildings] can trigger “massive [animal] losses within minutes” a result of insufficient ventilation. While backup generators are deployed widely throughout the industry, they have proven to be unreliable for post-disaster operations (i.e., 2011 tornadoes) for a variety of reasons, ranging from inadequate maintenance to insufficient access to diesel fuel (DHS 2014a).
Similarly, in a study focused on the transportation systems, another RRAP team reported that
[a]ll sites visited [in the specific region under study] use electric power to support their core operations. For most of the sites visited, backup generators cannot support the full facilities’ core operations… Five of the 18 sites visited would be significantly affected with a minimum of two thirds of their operations impacted by the loss of the main electric power supply (DHS 2014a).
In a separate port-focused project, the RRAP researchers noted that while a “loss of power could
impact all of the gantry cranes simultaneously,” resulting in a “significant” impact on “core Port
function,” as a whole, the port “lacks emergency power capability and other contingencies to
improve core function resilience and strengthen [the port’s] role in disaster relief” (DHS 2014a).
Likewise, in a RRAP study of one major metropolitan city, the RRAP report authors note
that “the continuous availability of electricity is critical to power business, information
technology, and life safety systems in high-capacity commercial facilities, and a worst-case
scenario electric power outage would directly affect all commercial facilities in a service area”
(DHS 2014a). This statement will not surprise anyone familiar with commercial facilitates. The
number of times, and diversity of contexts, in which a dependence on power appears throughout
the RRAP data, however, is noteworthy.
Additionally, as one representative RRAP focused on water and waste water systems
explains:
89
Dependency on external sources of electricity is critical to core operations; loss of grid power will cause immediate shutdown of core operations, and thus the ability to recover and treat raw water or deliver finished water will be compromised. Backup power is provided to both treatment plants via a UPS (batteries) and secondarily by diesel-fueled emergency generators. However, onsite backup power capacity is only sufficient to support graceful shutdown and to maintain leak detection systems and release abatement capabilities (DHS 2014a).
In a separate water-focused study in a more rural setting, RRAP researchers observed that:
“[e]mergency power at the [water] facilities assessed as part of the RRAP is usually used for safe
shutdown of operations rather than business continuity. Consideration should be given to a more
robust use of emergency generators” (DHS 2014a).
The coded material from these diverse cases suggests that energy dependency gaps were
almost always tied to additional case evidence suggesting an under-appreciated dependence on
(and in many cases interdependence with) the availability and means to transport the petroleum
products or natural gas necessary to sustain energy production (for both major energy generation
and distribution systems, and smaller, asset or system-specific backup systems). This “systems
ignorance” of dependencies and interconnections is discussed later in this chapter’s review of
barriers to improving resilience.
B. Response and recovery plans and planning seldom include all relevant stakeholders necessary to address known (or foreseeable) hazards in a comprehensive manner.
The second most commonly recurring category of resilience gaps in the coding references
and source counts were those related to planning. As noted in Table 4-1, there were 496
instances of planning deficiencies of some variety coded across 31 RRAP cases.11 More
11 The two case studies in which there were not find planning-related deficiencies as such were the 2014 Southeast New Hampshire RRAP, and the 2014 North Dakota RRAP. In the former, the RRAP authors simply recommend that any changes made in accordance with the resilience enhancement options provided in that report be added to existing plans, which were generally characterized as multi-jurisdictional and comprehensive. Similarly, the 2014 North Dakota RRAP advises that key points of existing plans should be made higher priorities, but does not highlight any deficiencies with the planning process or plans themselves.
90
specifically, roughly three-quarters (25) of all RRAP cases studied contained evidence of a
noteworthy lack of comprehensive emergency response and recovery plans and planning. In the
study of material coded in these 25 cases two important themes emerged.12 First, there is ample
evidence suggesting that, in general, government disaster response and recovery plans are rarely
integrated across agencies within and across federal, state, and local governments, and often do
not incorporate the needs and resources of the private sector. Second, there is recurring case
evidence suggesting that commercial business continuity and contingency plans often do not
consider a given company’s reliance on anyone outside of its direct supply chains, and frequently
fail to consider dependencies on government-provided response and recovery services. The
following representative selections of data from a cross-section of the 25 implicated RRAP cases
further illustrate the nature and prevalence of this particularly pervasive problem.
In three separate 2010 and 2011 RRAP projects that focused on commercial facilities,
study participants themselves agreed that a “lack of coordinated planning between the security
programs [of the facilities under study] represents the greatest overall vulnerability to the focus
area” (DHS 2014a). According to senior RRAP officials interviewed for this research, the
attention to security planning, in particular, that is noted in these particular reports may be a
reflection of the special emphasis placed on physical security and protective measures (and a
corresponding predominance of first responder and law enforcement participants) in the early
12 The coding references and source counts related to planning indicate an additional and related high-count gap: the failure to identify or plan for a known (or foreseeable) hazard (or vulnerability). The review of material coded to this node suggests that this gap appears with high frequency for two reasons. First, early RRAP reports include an exhaustive risk assessment and catalogue of regional vulnerabilities. Thus, the early report format drives up the number of hazards that are considered when reviewing relevant plans. Second, later RRAP reports focus in on one particular hazard or scenario, often simply to prompt discussion about larger system dependencies and challenges. In choosing these hazards, RRAP personnel often work with each project’s “clients” to identify a hazard for which the involved parties feel less prepared, so that those involved in the project can be challenged. Together these approaches appear to drive up the number of items coded as hazard-related planning deficiencies.
91
iterations of the RRAP program.13 Importantly, as the following examples illustrate, planning
sufficiency concerns routinely extend beyond security.
In all four studied RRAP projects that focused on agriculture and food systems,14 study
participants remarked specifically on a lack of comprehensive planning. As one report
succinctly stated, “despite the industry’s heavy reliance on electric power, water, wastewater,
and transportation lifelines, there is a dearth of contingency/business continuity plans and
provider priority restoration agreements” (DHS 2014a). Some of these planning deficiencies are
tied to specific hazards. For example, one report noted how “[p]lanning is inadequate for a
foodborne contamination event” (Ibid.). Other documented planning gaps in this infrastructure
sector, however, appear to be more general in nature. One RRAP report broadly notes,
“contingency and post-disaster recovery planning [for the studied region] lacks coordination and
a unifying strategy” (Ibid.)
Surprisingly, port communities – often held out as a model of inter-agency planning –
fared no better in RRAP projects where planning is concerned. One port-focused study found
that “infrastructure owners and operators have not comprehensively evaluated impact scenarios,
defined system vulnerabilities, or developed contingency plans” (DHS 2014a). After recounting
numerous specific port planning challenges, another study concludes, “emergency planning for
an incident at the Port [] is not coordinated among stakeholders.” The relative size of the ports
(or focus areas) under study does not seem to matter. In a smaller port setting, another RRAP
13 This early emphasis on security also likely explains the 123 coding references to “physical security deficiencies” which were initially flagged as a high-count gap when reviewing the coding references and source counts. underlying case data, however, suggests that the high coding count for this gap is due, in large part, to the number of asset-specific security-related gaps (e.g., the absence of a closed circuit television or other intrusion detection system) that appear in detailed gap tables that were used in the earlier RRAP reports. 14 Attempts to further discern gap trends by sector are discussed in the following section concerning the second research question.
92
team documented a lack of “coordinated” plans for several likely hazards, including abandoned
barges with hazardous material onboard.
RRAP research involving land-based transportation systems document similar planning
deficiencies. Here, there are some hazard-specific shortcomings. One RRAP report, quoting a
U.S. Transportation Security Administration after-action report for an Intermodal Security
Training and Exercise Program (I-STEP) event, observed that “the transportation sector does not
currently have a comprehensive, interagency plan for the response to and recovery from a
biological attack on transportation infrastructure in the United States” (DHS 2014a). In a
separate transportation-focused assessment, RRAP researchers found that “the [studied area]
lacks a comprehensive approach that addresses transportation system resilience to storm surge
inundation” (Ibid.) As with port assessments, however, many land-based transportation planning
gaps appear to be general in nature. The case evidence in three non-transportation-focused
projects, for example, led to the repeated observation from RRAP authors that, “state and local
agencies lack an integrated and formal post-disaster transportation recovery plan.”
In the study of material coded to the “(lack of) comprehensive planning” gap, a second
strong theme emerged: the lack of integration between public and private sector entities. One
statewide RRAP project found that “state and local government agencies do not consider many
critical [private sector] providers in their emergency management and restoration plans” (DHS
2014a). A separate statewide study from a different megaregion recommends that the state
“consider ensuring that both public and private sector response and recovery plans reflect
realistic restoration times that take into account manufacturing and delivery constraints of the
commercial interests in the region” (DHS 2014a). As that same report went on to observe, “a
key step to improving regional resilience is to establish a common operating picture of cascading
93
effects associated with critical infrastructure failure and of how these interactions affect response
operations and recovery planning and prioritization efforts” (Ibid.). Such common operating
pictures must necessarily reflect public and private resources and needs to ensure informed
prioritization decisions can be made.
RRAP personnel acknowledge that private sector plans designed to maximize profits by
ensuring the continuity of business operations will likely never be fully integrated with
government plans designed to meet potentially broader, and likely divergent, government
purposes, which inherently call for prioritizing restoration and recovery of some assets and
industries over others in the interest of the greater public good. Still, as one Resiliency
Assessment argues, better “plan integration” will ensure “compatibility, shared public and
private sector priorities and objectives, and appropriate distribution of effort and resources that
derives from a mutual understanding of how best to expedite an area’s full recovery from
disruption” (DHS 2014a). Stakeholders can develop more comprehensive plans, that report’s
authors suggest, through “a series of actions and interactions that lead to an understanding by all
parties of the salient elements of all response and recovery plans, and a commitment by all
parties to amend their individual plans where possible, to eliminate incompatibilities, while still
preserving the autonomy of the private [and public sector stakeholders] to develop a plan
consistent with [their respective interests and obligations]” (Ibid.). The prevalence of the
planning gaps noted throughout the RRAP data suggests that far greater attention should be
given to such integration strategies.
C. The presence of single or critical points of failure is a frequently recurring resilience gap across all infrastructure sectors and geographic regions represented in the studied RRAP data.
In 25 of the 33 RRAP cases, evidence emerged concerning critical components among
interconnected infrastructure systems whose failure or comprise had the potential to drastically
94
affect one or more core functions of the various systems under study. This effort’s coding
scheme captured evidence where the removal of a given component would shut down its
associated system or core function as a “single point of failure.” A component whose loss would
create significant, but not total, system disruption is often described in the RRAP data as either a
“critical” or “high consequence” point of failure. Despite being technically distinct, these
situations were coded as “single” points of failure as well for later analysis. In studying the
material coded to this gap node, both “single” and “critical” failure points could be seen in
reports from all regions and sectors as indicated in the following representative data.
The pervasiveness of single points of failure is particularly well stated in one rural
Resiliency Assessment. That report’s researchers noted how the agriculture and food sector “is
vulnerable to single points of failure throughout its supply chain. The loss of electrical power,
communications, natural gas, roads, water, or wastewater at any one of [the 12 representative
facilities visited during the project] will result in a 100 percent business disruption” (DHS
2014a).
A separate commercial facilities-focused case study provides further evidence of just how
common single points of failure are. The assessment in question notes that while one particular
facility is “fed by six water pipelines that pull from separate points along the water main … a
single point of failure [exists due to the reliance on a single] pumping station that supplies this
water main” (DHS 2009.) With respect to the delivery of electricity to this very same asset,
another single point of failure was identified: “the single transformer that steps down power
entering the facility” (Ibid.) Additionally, in the broader surrounding power infrastructure,
another single point of failure results from the fact that the power lines from the nearby, but
separate, substations “all terminate at the same service connection point” (Ibid.). Regarding
95
wastewater service to the same region, the RRAP researchers found “no redundant facility or
overlapping service that could provide the same service if [a specified water treatment plant] was
disabled” (Ibid.).
Beyond the representative failure nodes within the power, fuel distribution, water, and
wastewater systems noted above, there was RRAP case evidence detailing critical choke points
in communications, healthcare, and transportation systems as well. For example, in another
commercial facilities-focused study, researches found several instances in which “all
telecommunications pass through servers and switches in [one] room” such that the “IT room
itself is a single point of failure” (DHS 2014a). Similarly, as one public health-focused case
study noted, “area hospitals are likely to have single points of failure in their supply chains (i.e.,
mass distribution centers and warehouses). Severe damage or destruction of these critical nodes
or the routes they typically utilize to make deliveries could disrupt healthcare....” (DHS 2014a).
In sum, the case study data yields ample evidence to support the notion that all types of lifeline
critical infrastructure systems suffer from the presence of this particular resilience gap, and that
this system architecture problem is truly pervasive.
The dangers of such gaps, wherever they are found, are succinctly summarized in one of
the program’s initial projects:
Though the single points of failure vary, any one of them could lead to disastrous results. Single points of failure for critical components and systems and for critical dependencies diminish [resilience]. Single input and intake components for critical services – power, water, and communications – exist, some of which are aging, and these are a priority. Some of these important components and systems are located in areas that are not under surveillance or protected, making them more vulnerable. Single points of failure are more problematic because of the lack of redundancy for critical components and systems. (DHS 2014a).
Before turning to the related, and compounding, problem presented by the lack of system
redundancy (as suggested in the quote above), it is important to note another type of critical node
96
that emerged from the coded data: the point-of-failure gap that arises from “geographic
interdependency” (Rinaldi, Peerenboom, and Kelly 2001; Pederson et al. 2006). In 11 (i.e., one
third) of the studied RRAP projects, which together represent a diverse array of regions and
sector focus areas, there is evidence of vulnerabilities tied to the co-location of lifeline
infrastructure assets in common rights-of-way. Grouping critical infrastructure assets often
minimizes installation, access, and other maintenance costs – not to mention the costs of
procuring the rights-of-way themselves, if applicable. Inevitably such grouping also ends up
increasing the potential for cascading failures. As one Resiliency Assessment explains:
These geographical interdependencies are complex, and the involved systems regularly interact with one another. These interactions can create vulnerabilities when a failure in one system cascades into other systems, creating widespread consequences much greater than the impact to the original system. For example, the failure to repair a deteriorating water main could lead to a break in the main; the broken main could then flood the adjacent area; and since utilities often share physical rights-of-way, underground power cables could become saturated and a short-circuit could occur, culminating in the loss of power for a large community and causing a cascading failure rather than just a loss of drinking and fire suppression water. (DHS 2014a).
Whether arising from more familiar physical (input-output) dependency nodes, or those based on
geographic interdependencies, the prevalence of this condition underscores a continued need for
broader awareness of the system dependencies and interdependencies which these nodes
represent, and the need for greater planned redundancies wherever practical to avoid or minimize
the effect of their loss.
D. A lack of redundancy, insufficient system capacity, or both, impairs the resilience of many infrastructure systems.
The case data coded to each of the categories and specific types of resilience gaps just
discussed also contains significant related evidence concerning the lack of redundancy,
insufficient capacity, or both, inherent in many systems. In the present context this dissertation
considers redundancy as it is defined by DHS itself in its Resiliency Assessments: “the ability of
97
[an infrastructure asset or system] to back up or reproduce its system’s critical functions either
on site or at another location.” Relatedly, when reviewing the case data, I viewed capacity as the
ability of a specified asset or system, regardless of whether or not it has redundant components,
to fulfill the demand for its given function. While separate ideas, these two system
characteristics are related, at least where a given system can function through redundant, parallel
supply, transmission, or delivery mechanisms.
Throughout the RRAP cases, there are pervasive capacity and redundancy-based gaps,
which compound the vulnerabilities created by other gaps. As indicated in Table 4-1, there is
evidence of a lack of redundancy in infrastructure systems 206 times across 28 case studies, and
there is evidence of insufficient system capacity 160 times in 23 different case reports. Given
the frequency with which these gaps appeared, the following section provides further detail
concerning their nature.
In general, non-single-point-of-failure redundancy issues are less prevalent than
conditions described as directly resulting from single (or “critical”) points-of-failure themselves.
These closely related conditions could have been coded together as a single point of failure
exhibits, by definition, a lack of redundancy. To the extent a lack of sufficient redundancy may
exist even in the absence of a single point of failure, however, the coding scheme was designed
to make the single-point-of-failure node a child node within the redundancy parent. It is worth
better understanding what types of additional redundancy gaps exists. Accordingly, I removed
the single-point-of-failure data from the redundancy parent node and noted 87 coding references
across 19 RRAP reports.
With respect to these 87 coding references to system redundancy gaps in particular,
collectively, the RRAP cases contain evidence concerning everything from the frequent lack of
98
any backup communications systems for many critical infrastructure systems, to the absence of
alternate roads, bridges, or tunnels in certain key transit areas; to the frequent reliance on one
type, and often one source, of fuel for primary and emergency power generation.
Interestingly, there is evidence of impaired systems resilience resulting from limited
capacity in a wider array of contexts. Over two-thirds (23 separate cases) of the RRAP projects
included in this analysis detail resilience gaps arising from an insufficient amount of one or more
of the following categories of assets and capabilities: electric generation, transmission, or
distribution; fuel distribution; sufficiently trained personnel (including first responders, security
specialists, specialized technical professionals such as HAZMAT teams, and qualified
infrastructure inspectors), emergency response assets (including for debris removal,
decontamination, and critical care transportation in mass causalities); hospital bed capacity; and
on-site water and wastewater storage.
The existence and omnipresence of each of these gaps is not surprising. Indeed, system
redundancy and capacity sufficient to absorb disruption (which again, in some ways, are the very
antithesis of having single points of failure) are key aspects of most every conceptualization and
study of resilience. These critical characteristics are widely acknowledged weaknesses in many
modern systems. Importantly, though, as documented in the preceding discussion, the coding
and qualitative review of the RRAP case materials suggest that our dependence on energy, as
aggravated by the lack of sufficient backup power systems; and the prevalence of under-
inclusive (i.e., not comprehensive) public and private response, recovery, and continuity plans
and planning are far more prevalent problems.
99
II. To what extent and how do these gaps differ across geographic regions and infrastructure sectors?
To advance this dissertation’s objective of better understand resilience gaps, I next
explored the conditions noted above (and others that emerged in the RRAP cases, albeit with less
frequency) to determine the extent to which they might vary across critical infrastructure sector
focus areas and geographic regions. NVivo’s coding query functionality enables a researcher to
query material coded to any selected node or combinations of nodes, or node(s) and
combinations of source characteristics. Accordingly, I ran a series of coding queries using each
of the major nodes and sub-nodes in the respective “gap” (and later, “barrier”) coding schemes to
explore potential correlations with the nine geographic megaregions15 and eight different critical
infrastructure sector focus areas16 represented in the RRAP projects included in this research.
(The final portion of this chapter examines differences in resilience barriers within and across
different sectors and regions.) NVivo returns the number of coding references and source counts
for each selected combination of nodes in a spreadsheet style cross tabulation screen.
Table 4-2, on the following four pages, depicts the coding references and source counts
that NVivo produced for each of the gap codes in the final coding scheme, broken out by the
designated infrastructure sector-focus area of the coded RRAP case studies. As with the study of
the overall prevalence of gaps within and across infrastructure sectors and regions, the coding
reference and source count information represented in Table 4-2 guided a qualitative review
15 The 33 RRAP analyzed herein involved projects that fell within the following megaregions: Arizona Sun Corridor, Cascadia, Florida, Great Lakes, Northeast, Piedmont Atlantic, Northern California, Southern California, and Texas Triangle. Notable, 10 RRAP projects fell outside the confines of any defined megaregion. 16 As indicated in Table 3-1 in the preceding chapter, the RRAP Reports on which this dissertation is based focused on the following sectors: Agriculture and Food, Commercial Facilities, Dams, the Florida Defense Industrial Base, Energy, Healthcare & Public Health, Transportation, and Water.
100
Table 4-2 – Resilience Gap Coding by RRAP Report Infrastructure Sector Focus Area Cross Tabulation
# of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap) Infrastructure Sector Focus Area of Resiliency Assessment
Coded Resilience Gap A
gric
ultu
re a
nd
Food
(4)
Com
mer
cial
Fa
cilit
ies (
7)
Dam
s (1)
Def
ense
In
dust
rial B
ase
(1)
Ener
gy (9
)
Hea
lthca
re &
Pu
blic
Hea
lth
(2)
Tran
spor
tatio
n (7
)
Wat
er &
W
aste
wat
er (2
)
All
Cas
es (3
3)
Age of Infrastructure (in general) 0 5(2) 0 0 7(3) 1(1) 13(3) 1(1) 27(10)
Capability 30(4) 101(7) 2(1) 3(1) 73(8) 33(2) 53(5) 17(2) 312(30)
− Access to Classified Information 0 1(1) 0 0 0 0 0 0 1(1)
− Backup Power (no or limited) 9(3) 70(6) 2(1) 0 32(7) 15(2) 34(4) 11(1) 173(24)
− Building & Engineering Design Issues 0 3(1) 0 0 0 1(1) 0 0 4(2)
− Communications 2(1) 7(5) 0 3(1) 17(5) 15(1) 8(5) 5(2) 57(20)
− Emergency Response 0 8(3) 0 0 16(2) 0 3(1) 1(1) 28(7)
− Energy and Fuel Transmission / Distribution
0 0 0 0 8(2) 0 1(1) 0 9(3)
− Integrated IT Platform (lacking) 0 0 0 0 0 2(1) 0 0 2(1)
− Modeling Capability (lacking)) 2(1) 0 0 0 0 0 0 0 2(1)
− Surveillance and Detection Systems (inadequate)
16(2) 1(1) 0 0 0 0 6(2) 0 23(5)
− System Cross Connections (lack of) 0 4(3) 0 0 0 0 0 0 4(3)
− Training (lack of) 1(1) 8(2) 0 0 0 0 0 0 9(3)
101
Table 4-2 – Resilience Gap Coding by RRAP Infrastructure Sector Focus Area Cross Tabulation (Continued) # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Infrastructure Sector Focus Area of Resiliency Assessment
Coded Resilience Gap A
gric
ultu
re
and
Food
(4)
Com
mer
cial
Fa
cilit
ies (
7)
Dam
s (1)
Def
ense
In
dust
rial B
ase
(1)
Ener
gy (9
)
Hea
lthca
re &
Pu
blic
Hea
lth
(2)
Tran
spor
tatio
n (7
)
Wat
er &
W
aste
wat
er (2
)
All
Cas
es (3
3)
Capacity 27(4) 29(6) 0 0 47(4) 43(2) 14(4) 0 160(23) − Debris Removal 0 0 0 0 0 1(1) 0 0 1(1) − Decontamination Equipment 6(1) 0 0 0 0 0 0 0 6(1) − Electric 2(1) 5(3) 0 0 27(6) 1(1) 7(1) 0 42(12) − Emergency Response Assets 1(1) 2(1) 0 0 0 0 2(2) 0 5(4) − Evacuation (Assets and Procedures) 0 0 0 0 0 2(1) 0 0 2(1) − Fuel 0 6(3) 0 0 5(3) 0 3(1) 0 14(7) − Hospitals and Healthcare 0 2(1) 0 0 0 32(2) 0 0 34(3) − Natural Gas Pipeline 0 0 0 0 10(2) 0 0 0 10(2) − Personnel & Inspectors 9(3) 5(2) 0 0 2(1) 4(1) 0 0 20(7) − Rail Line Capacity 0 0 0 0 1(1) 0 2(1) 0 3(2) − Spare Parts 0 1(1) 0 0 0 0 0 0 1(1) − Threat Monitoring 9(2) 0 0 0 0 0 0 0 9(2) − Water (or Wastewater) 0 7(4) 0 0 2(1) 3(1) 0 0 12(6) Redundancy 19(3) 56(6) 2(1) 4(1) 58(9) 16(2) 27(4) 24(2) 206(28) − in Fuel Transportation Options 0 1(1) 0 0 20(2) 0 10(1) 0 31(4) − in Water Interconnections 1(1) 1(1) 0 0 0 0 0 1(1) 3(3) − Single Points of Failure 13(3) 46(6) 1(1) 4(1) 26(7) 3(2) 11(3) 18(2) 122(25)
102
Table 4-2 – Resilience Gap Coding by RRAP Infrastructure Sector Focus Area Cross Tabulation (Continued) # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Infrastructure Sector Focus Area of Resiliency Assessment
Coded Resilience Gap A
gric
ultu
re a
nd
Food
(4)
Com
mer
cial
Fa
cilit
ies (
7)
Dam
s (1)
Def
ense
In
dust
rial B
ase
(1)
Ener
gy (9
)
Hea
lthca
re &
Pu
blic
Hea
lth
(2)
Tran
spor
tatio
n (7
)
Wat
er &
W
aste
wat
er (2
)
All
Cas
es (3
3)
Dependencies and Interdependencies 56(4) 128(7) 9(1) 5(1) 191(9) 25(2) 125(7) 35(2) 574(33) − Bridges 0 1(1) 0 1(1) 0 0 3(1) 0 5(3) − Chemicals 0 8(4) 0 0 7(3) 1(1) 2(2) 1(1) 19(11) − Communications 2(2) 15(6) 0 1(1) 13(5) 1(1) 7(4) 5(1) 44(20) − Critical Manufacturing 0 0 0 0 2(1) 0 0 0 2(1) − Dams (and Locks) 0 1(1) 1(1) 0 0 0 13(3) 0 15(5) − Energy (in general) 18(4) 42(7) 3(1) 3(1) 101(9) 9(2) 32(6) 12(2) 220(32)
o Electricity (for core function) 14(4) 24(6) 1(1) 3(1) 55(9) 3(2) 17(5) 10(2) 127(30) o Fuels 4(2) 15(5) 2(1) 0 51(6) 6(2) 14(4) 14(2) 96(22)
− Finance 0 2(2) 0 0 0 0 0 0 2(2) − Food / Feed 3(2) 0 0 0 0 0 0 0 3(2) − Healthcare 0 7(2) 0 0 3(1) 0 0 0 10(3) − Information Systems / Technology 3(2) 10(4) 3(1) 0 16(3) 0 13(4) 12(2) 57(16) − Transportation 11(4) 17(5) 1(1) 0 44(7) 4(2) 25(7) 4(1) 106(27) − Water or Wastewater 21(4) 25(6) 2(1) 0 12(3) 10(2) 13(3) 4(1) 97(20) − Workers / Personnel 0 0 0 0 0 0 5(1) 0 5(1)
103
Table 4-2 – Resilience Gap Coding by RRAP Infrastructure Sector Focus Area Cross Tabulation (Continued) # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Infrastructure Sector Focus Area of Resiliency Assessment
Coded Resilience Gap A
gric
ultu
re a
nd
Food
(4)
Com
mer
cial
Fa
cilit
ies (
7)
Dam
s (1)
Def
ense
In
dust
rial B
ase
(1)
Ener
gy (9
)
Hea
lthca
re &
Pu
blic
Hea
lth
(2)
Tran
spor
tatio
n (7
)
Wat
er &
W
aste
wat
er (2
)
All
Cas
es (3
3)
Planning 76(4) 121(7) 1(1) 7(1) 115(7) 57(2) 98(7) 21(2) 496(31) − Business Continuity Planning (deficient) 16(4) 18(6) 0 1(1) 13(5) 4(2) 21(4) 6(1) 79(23) − Comprehensive Approach (lacking) 55(4) 48(6) 1(1) 6(1) 53(4) 18(2) 26(5) 11(2) 218(25) − Crisis Communications (lacking) 3(1) 8(3) 0 0 0 0 9(2) 0 20(6) − Emergency Action Plan (lacking) 0 1(1) 0 0 0 0 0 0 1(1) − Failure to Prioritize (below and other) 2(1) 17(4) 0 0 22(4) 13(2) 1(1) 0 55(12)
o Ambulance / At-Risk Populations 0 0 0 0 7(1) 0 0 0 7(1) o Communications (restoration, access) 0 1(1) 0 0 1(1) 0 1(1) 0 3(3) o Electric (restoration) 2(1) 14(3) 0 0 14(3) 0 0 0 30(7) o Fuel Distribution 0 2(1) 0 0 0 0 0 0 2(1) o Route Access (roadway restoration) 0 0 0 0 0 6(1) 0 0 6(1)
− Hazard not Identified or Planned For 1(1) 18(6) 0 0 28(4) 19(2) 44(7) 4(2) 114(22) − Long-Range 0 2(1) 0 0 0 4(1) 0 0 6(2) − Security 0 10(4) 0 0 0 0 0 0 10(4) Protective Measures 27(3) 71(6) 2(1) 0 12(3) 8(1) 23(3) 17(2) 160(19) − Cyber Security Deficiencies 0 19(3) 0 0 1(1) 0 4(1) 12(2) 36(7) − Physical Security Deficiencies 27(3) 51(6) 2(1) 0 11(2) 8(1) 19(3) 5(1) 123(17)
104
of the substance of the text or data underlying these coding references. The following discussion
explains how.
As before, I began by simply looking for comparatively high coding reference and source
counts in the cross-tabulation cells. The counts reflected in Table 4-2’s columns associated with
the commercial facilities, energy, and transportation-focused cases are generally more numerous
than coding references in other sector focus areas. A closer look at the distribution of cases
(parenthetically noted in the column headings for each sector), however, reveals the challenge of
drawing any meaningful inferences from this observation. The designated sector focus areas are
not equally distributed among the coded RRAP case studies. Indeed, the nine energy, seven
transportation, and seven commercial facilities-focused cases collectively constitute two thirds of
the RRAP projects coded in this research. Accordingly, higher counts are to be expected for
these sectors.
The availability of count data for gaps (and barriers) across the various infrastructure
sectors (and regions) naturally invites the calculation of rudimentary statistics (e.g., percentages,
relative frequencies, etc.). Using this approach, the data in Table 4-2 reveals apparent anomalies,
highlighted in bold, associated with the commercial facilities-focused case studies. Specifically,
these cases contain a disproportionately high percentage of gap coding references concerning the
lack of back-up power, single-points-of-failure, and physical security deficiencies. Table 4-3, on
the following page, highlights the specific counts (drawn from Table-4-2) and relevant
percentages for these three anomalous gap categories. To determine why the RRAP studies of
commercial facilities, which include casinos, universities, and other private sector buildings,
accounted for approximately ~40% of the coding references to each of these three gaps (despite
105
this sector constituting
only 21% of the RRAP
cases studied), I
scrutinized the
underlying material
coded to each of the associated coding references.
This review revealed two reasons that might explain the heightened coding percentages.
First, the commercial facility-focused RRAP projects considered more individual buildings and
assets than projects in other sector-focus categories. Second, commercial facilities, especially
those in which humans are situated, typically require greater service (and connections) from all
lifeline critical infrastructures sectors. For one or both of these reasons, it is reasonable to expect
that asset-specific gaps (such as back-up power and security deficiencies), as well as single-
points-of-failure would be more prevalent in the commercial facilitates cases.
The above findings notwithstanding, percentages and relative frequencies proved
analytically problematic in this research for at least four reasons. First, as the many zeros
throughout Table 4-2 attest, many gaps do not appear at all in certain sector’s cases. The
absence of a count, however, does not necessarily reflect the absence of its corresponding gap.
This is true because, as discussed in Chapter 3, the scoping of each RRAP case study depends in
large part on the desires of each unique project’s “client” and what participants choose to
contribute to this voluntary program. Thus, a given gap may not appear simply because it fell
outside the scope of what was those participating agreed to help study.
Second, half of the infrastructure sector focus areas included in the studied RRAP
projects (dams, defense industrial base, public health, and water and wastewater) are the subject
Table 4-3: Commercial Facilities Resilience Gap Anomalies
Coding References % Attributable to
Commercial Facilities Gap
Commercial Facilities (7)
All Cases (33)
Coding References
Source Count
Capability - Backup Power 70(6) 173(25) 40% 24%
Redundancy - Single-points-of-failure 46(6) 122(25) 38% 25%
Protective Measures - Physical Security 51(6) 123(17) 41% 35%
106
of only one or two case studies. As Table 4-2 reveals, the number of coding references and case
counts available for many gaps – in general, but especially for those associated with these
sparsely covered sector focus areas – is relatively small. Thus, a change of (or error in) a single
count or case would change associated percentages markedly.
Third, the number of coding references to any given node is influenced by a number of
coding factors not related to the presence or absence of its associated gap. As previously
detailed, the way data was portioned while coding (i.e., using smaller segments of data or coding
entire paragraphs) affects the number of coding references. Additionally, the evolving nature of
the RRAP report format, and the program’s use of multiple annexes in some reports to document
the same gaps, but with more sensitive information and in greater detail, creates redundant
coding that artificially inflates the number of coding references for some, but not all, gaps and
cases.
Finally, a deeper dive into cross-sector themes and differences – involving a methodical
review of the underlying coded information, cell-by-cell, sector-by-sector – reveals a more
troublesome analytic challenge to discerning sector-based differences. As described elsewhere
in this work, each RRAP project focuses on a specific infrastructure sector. Each project also
analyzes numerous lifeline infrastructure sectors that support that focus sector. Accordingly, a
water sector-focused report may contain a good deal of information (including resilience gap
information) on a given region’s power grid, for example. Because the cross-sector queries
executed with NVivo were based upon each project’s designated focus area, however, gaps
concerning the electric grid documented in a water-focused case, which may or may not concern
the water system under study directly, appear in the “water” column of Table 4-2, not in the
107
“energy” case column. This complication is an inescapable consequence of the messy
interconnectedness of these systems and the discussion of multiple lifeline sectors in each report.
For all of the foregoing reasons, the focus of this analysis is on the substance of the coded
material, not on the numbers of sources or coding references in the cross tabulations; although
the latter proved indispensible in structuring the exploration of the data in an orderly fashion.
Through a methodical reading and rereading of the data coded to each cell of the cross
tabulation, sector by sector, it was possible to look for inter-sector gap trends and distinctions.
The material coded to the lack of comprehensive planning node across the different
sectors-focus areas revealed an interesting disparity with respect to the energy sector.
Specifically, the previously discussed widespread lack of comprehensive plans and planning is
surprisingly less prevalent, if anywhere, in RRAP studies in which energy (to include electricity,
natural gas, coal, ethanol and petroleum fuels) was a designated focus of the study. Of the eight
RRAP projects for which the lack of comprehensive planning was not coded as a significant gap,
five focused on the energy sector.17 This is not to say there are no planning deficiencies in case
evidence coded within the energy sector. There are. Indeed, the coded case data reveals a lack
of prioritized asset lists that could be used to inform power restoration efforts as a problem in
numerous cases. As indicated in Table 4-2, this lack of prioritization appeared in 14 coding
references across three of the nine energy-focused case studies alone. A closer sector-by-sector
look at the material coded to the (lack of) comprehensive planning node, however, shows that
when the energy sector itself was the focus of a given RRAP case study, there was generally less
evidence concerning deficient planning as such. That is, the lack of planning involving energy
17 These five energy-focused case studies in question are the 2012 Maine RRAP, the 2013 National Capital Regional RRAP, the 2014 Nebraska RRAP, the 2014 North Dakota RRAP, and 2014 Southeast New Hampshire RRAP.
108
issues was more prevalent when viewed from the perspective of other sectors. Phrased another
way, the dependence on energy, and the need for more comprehensive plans to account for it,
surfaced more readily when viewing the issue from the demand versus supply side.
It could be that the inherently sprawling, transboundary nature of the energy industry,
combined with the regionally and nationally based regulatory spheres in which it operates, leads
to necessarily greater coordination and planning within this particular sector, especially for
electricity providers in the wake of the Northeast blackout of 2003 and the systems
improvements implemented thereafter. It may be that all elements of the energy sector are
generally more attuned to energy issues, include their own dependencies on power and fuel.
Thus, it could be that the energy sector is comparatively better at planning within its own sector,
but that other sectors and governmental coordinating bodies need to better integrate energy
considerations more fully into their respective planning efforts. This analysis did not yield
further insight. Accordingly, this observation merits further study.
Next, I considered the extent to which resilience gaps vary across geographic regions.
Table 4-4, on the following pages, depicts the coding references and source counts that NVivo
produced for each of the gap codes contained in the final coding scheme, as broken out by the
megaregion (or presence outside of any megaregion) in which the coded RRAP projects fall. As
before, the coding reference and source count information represented in Table 4-4 was used to
structure the qualitative analysis. Unfortunately, as the column headings in Table 4-4 show, the
RRAP cases are not equally distributed geographically. Only three megaregions – Northeast,
Great Lakes, and Piedmont Atlantic – had three or more of the RRAP projects conducted within
them. Three of the nine megaregions represented in this research had only one
109
Table 4-4 – Resilience Gap Coding by Regional Plan Association Megaregion Cross Tabulation # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Regional Plan Association Megaregion of Resiliency Assessment
Coded Barrier to Resilience N
ot A
ssoc
. w/
Meg
a R
egio
n (1
0)
Ariz
ona
Sun
Cor
ridor
(2)
Cas
cadi
a (1
) Fl
orid
a (2
) Fr
ont
Ran
ge (2
)
Gre
at L
akes
(2)
Nor
thea
st (8
) N
orth
ern
&
Sout
hern
Cal
if. (2
)
Pied
mon
t A
tlant
ic (3
) Te
xas T
riang
le (1
)
All
Cas
es (3
3)
Age of Infrastructure (in general) 1(1) 0 4(1) 0 0 8(1) 12(5) 0 1(1) 1(1) 27(10)
Capability 106(10) 2(1) 39(1) 4(2) 6(2) 5(1) 66(7) 40(2) 31(3) 13(2) 312(30)
− Access to Classified Information 0 0 0 0 0 0 0 1(1) 0 0 1(1)
− Backup Power (no or limited) 42(8) 0 27(1) 1(1) 4(2) 2(1) 43(7) 22(1) 20(2) 12(1) 173(24)
− Building & Engineering Design 0 0 3(1) 0 0 0 0 0 0 1(1) 4(2)
− Communications 32(6) 2(1) 2(1) 3(1) 2(1) 1(1) 11(6) 1(1) 3(2) 0 57(20)
− Emergency Response 17(2) 0 4(1) 0 0 0 3(2) 3(1) 1(1) 0 28(7)
− Energy/Fuel Transmission / Dist. 5(2) 0 0 0 0 0 4(1) 0 0 0 9(3)
− Integrated IT Platform (lacking) 2(1) 0 0 0 0 0 0 0 0 0 2(1)
− Modeling Capability (lacking)) 2(1) 0 0 0 0 0 0 0 0 0 2(1)
− Surveillance and Detection Systems 4(2) 0 1(1) 0 0 0 5(1) 13(1) 0 0 23(5)
− System Cross Connections (lack of) 0 0 1(1) 0 0 2(1) 0 0 1(1) 0 4(3)
− Training (lack of) 1(1) 0 2(1) 0 0 0 0 0 6(1) 0 9(3)
110
Table 4-4 – Resilience Gap Coding by Regional Plan Association Megaregion Cross Tabulation (Continued) # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Regional Plan Association Megaregion of Resiliency Assessment
Coded Barrier to Resilience N
ot A
ssoc
. w/
Meg
a R
egio
n (1
0)
Ariz
ona
Sun
Cor
ridor
(1)
Cas
cadi
a (1
) Fl
orid
a (2
) Fr
ont
Ran
ge
(2)
Gre
at L
akes
(3)
Nor
thea
st (8
) N
orth
ern
&
Sout
hern
C
alif.
(2)
Pied
mon
t A
tlant
ic (3
) Te
xas T
riang
le
(1)
All
Cas
es (3
3)
Capacity 48(6) 0 9(1) 0 3(2) 6(3) 38(5) 7(2) 20(3) 29(1) 160(23) − Debris Removal 0 0 0 0 0 0 0 0 0 1(1) 1(1) − Decontamination Equipment 6(1) 0 0 0 0 0 0 0 0 0 6(1) − Electric 12(3) 0 2(1) 0 3(2) 2(1) 22(4) 0 0 1(1) 42(12) − Emergency Response Assets 2(2) 0 0 0 0 1(1) 0 0 2(1) 0 5(4) − Evacuation (assets and procedures) 0 0 0 0 0 0 0 0 0 2(1) 2(1) − Fuel 4(2) 0 2(1) 0 0 0 4(2) 3(1) 1(1) 0 14(7) − Hospitals and Healthcare 10(1) 0 0 0 0 0 0 0 2(1) 22(1) 34(3) − Natural Gas Pipeline 2(1) 0 0 0 0 0 8(1) 0 0 0 10(2) − Personnel & Inspectors 10(2) 0 1(1) 0 0 0 2(1) 1(1) 6(2) 0 20(7) − Rail Line Capacity 1(1) 0 0 0 0 2(1) 0 0 0 0 3(2) − Spare Parts 0 0 1(1) 0 0 0 0 0 0 0 1(1) − Threat Monitoring 1(1) 0 0 0 0 0 0 0 8(1) 0 9(2) − Water (or Wastewater) 0 0 3(1) 0 0 1(1) 2(1) 2(1) 1(1) 3(1) 12(6) Redundancy 71(10) 5(1) 8(1) 4(1) 14(1) 12(2) 48(6) 9(2) 33(3) 2(1) 206(28) − in Fuel Transportation Options 24(2) 0 1(1) 0 0 0 6(1) 0 0 0 31(4) − in Water Interconnections 0 0 1(1) 0 0 0 1(1) 0 1(1) 0 3(3) − Single Points of Failure 21(8) 5(1) 6(1) 4(1) 12(1) 9(2) 31(5) 7(2) 25(3) 2(1) 122(25)
111
Table 4-4 – Barrier Coding by Regional Plan Association Megaregion Cross Tabulation (Continued) # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Regional Plan Association Megaregion of Resiliency Assessment
Coded Barrier to Resilience N
ot A
ssoc
. w/
Meg
a R
egio
n (1
0)
Ariz
ona
Sun
Cor
ridor
(1)
Cas
cadi
a (1
) Fl
orid
a (2
) Fr
ont
Ran
ge
(2)
Gre
at L
akes
(3
) N
orth
east
(8)
Nor
ther
n &
So
uthe
rn
Cal
if(2
) Pi
edm
ont
Atla
ntic
(3)
Texa
s Tr
iang
le (1
)
All
Cas
es
(33)
Dependencies and Interdependencies 180(10) 13(1) 25(1) 15(2) 28(2) 61(3) 159(8) 41(2) 44(3) 8(1) 574(33) − Bridges 0 0 0 2(2) 0 0 3(1) 0 0 0 5(3) − Chemicals 3(3) 0 2(1) 0 0 1(1) 7(3) 3(1) 2(1) 1(1) 19(11) − Communications 8(6) 0 1(1) 3(2) 2(2) 1(1) 18(5) 8(2) 3(2) 0 44(20) − Critical Manufacturing 0 0 0 0 0 0 2(1) 0 0 0 2(1) − Dams (and Locks) 3(2) 0 0 0 0 9(1) 2(1) 0 1(1) 0 15(5) − Energy (in general) 82(10) 6(1) 7(1) 6(2) 13(2) 15(2) 64(8) 11(2) 14(3) 2(1) 220(32)
o Electricity (for core function) 43(10) 5(1) 3(1) 4(2) 10(2) 10(1) 38(8) 7(2) 6(2) 1(1) 127(30) o Fuel 43(8) 1(1) 4(1) 2(1) 3(1) 5(1) 28(4) 4(1) 5(2) 1(1) 96(22)
− Finance 0 0 1(1) 0 0 0 0 0 1(1) 0 2(2) − Food / Feed 1(1) 0 0 0 0 0 0 0 2(1) 0 3(2) − Healthcare 0 0 0 0 0 0 0 2(1) 0 2(1) − Information Systems / Technology 21(5) 7(1) 1(1) 0 2(1) 11(2) 13(4) 1(1) 1(1) 0 57(16) − Transportation 44(10) 0 6(1) 0 5(1) 8(3) 29(6) 4(2) 9(3) 1(1) 106(27) − Water or Wastewater 25(6) 0 4(1) 0 7(2) 19(2) 10(3) 15(2) 13(3) 4(1) 97(20) − Workers / Personnel 0 0 0 0 0 5(1) 0 0 0 0 5(1)
112
Table 4-4 – Resilience Gap Coding by Regional Plan Association Megaregion Cross Tabulation (Continued) # of Coding References to Gap (# of RRAP Case Studies with Coding References to Gap)
Regional Plan Association Megaregion of Resiliency Assessment
Coded Barrier to Resilience N
ot A
ssoc
. w/
Meg
a R
egio
n (1
0)
Ariz
ona
Sun
Cor
ridor
(1)
Cas
cadi
a (1
) Fl
orid
a (2
) Fr
ont
Ran
ge (2
)
Gre
at L
akes
(3)
Nor
thea
st (8
) N
orth
ern
&
Sout
hern
Cal
if.(2
)
Pied
mon
t A
tlant
ic (3
) Te
xas T
riang
le (1
)
All
Cas
es (3
3)
Planning 168(9) 15(1) 29(1) 27(2) 33(2) 51(3) 60(7) 30(2) 56(3) 27(1) 496(31) − Business Continuity Planning 27(6) 6(1) 7(1) 1(1) 9(2) 9(2) 8(3) 3(2) 7(3) 2(1) 79(23) − Comprehensive Approach (lacking) 78(7) 6(1) 7(1) 15(2) 16(1) 12(3) 20(4) 23(2) 34(3) 7(1)` 218(25) − Crisis Communications (lacking) 4(2) 0 3(1) 0 0 8(1) 0 1(1) 4(1) 0 20(6) − Emergency Action Plan (lacking) 0 0 1(1) 0 0 0 0 0 0 0 1(1) − Failure to Prioritize (below & other) 15(5) 0 0 12(1) 2(1) 0 15(1) 1(1) 4(2) 6(1) 55(12)
o Ambulance / At-Risk Pop. 0 0 0 0 0 0 7(1) 0 0 0 7(1) o Comms (restoration, access) 2(2) 0 0 0 0 0 0 0 1(1) 0 3(3) o Electric (restoration) 5(2) 0 0 12(1) 2(1) 0 9(1) 1(1) 1(1) 0 30(7) o Fuel Distribution 0 0 0 0 0 0 0 0 2(1) 0 2(1)
− Route Access (roadway restoration) 0 0 0 0 0 0 0 0 0 6(1) 6(1) − Hazard not ID’d or Planned For 46(6) 3(1) 8(1) 0 2(1) 21(3) 17(5) 2(1) 6(3) 9(1) 114(22) − Long-Term Recovery 0 0 2(1) 0 0 0 0 0 0 4(1) 6(2) − Security 0 0 1(1) 0 5(1) 3(1) 0 0 1(1) 0 10(4) Protective Measures 23(5) 8(1) 17(1) 0 11(1) 9(1) 32(4) 19(2) 33(3) 8(1) 160(19) − Cyber Security Deficiencies 1(1) 8(1) 0 0 9(1) 6(1) 8(2) 4(1) 0 0 36(7) − Physical Security Deficiencies 22(4) 0 17(1) 0 2(1) 3(1) 24(4) 15(2) 32(3) 8(1) 123(17)
113
RRAP conducted in each. Moreover, ten of the coded Resiliency Assessments involved areas
outside of any defined megaregion. According to the RRAP personnel interviewed for this
research, this allocation of projects reflects an intentional effort by DHS to spread the benefits of
the RRAP initiative throughout the country (and across infrastructure sectors.) The relatively
small numbers of RRAP projects falling within any given megaregion (aside the from the eight
falling within the Northeast region), combined with the different focus sectors associated with
each, make it difficult to disentangle potential differences associated with specific regions from
those potentially arising from the different sector foci of these reports. Perhaps this is why
RRAP administrators have not attempted to classify or analyze the RRAP projects by geographic
region to date. It could also be that the more persistent gaps that emerged through my coding
methodology do not vary to any significant18 degree by region.
Not surprisingly, a review of the underlying data shows that gap differences are often tied
to specific hazards that are considered more likely in certain regions, or that emerged because of
the unique focus of a given study. For example, RRAP projects conducted in coastal regions
more frequently contained resilience gaps directly related to storm surge inundation. There are
limits to drawing inferences from these observations, however. While the coded RRAP case data
would suggest that Alaska is the only region with noted resilience gaps related to possible
disruption from space weather events, this is, in part, because it was the only case study reviewed
in this research that explores that particular hazard. There is more evidence of planning
deficiencies and capacity gaps related to a chemical incident or biological attack in the
transportation-focused Chicago Resiliency Assessment than in any other case study, but this is
18 The use of the word “significant” here is not meant to imply any test for statistical significance. Given the nature of the coding, and the redundancies inherent in the RRAP report format, any such test would be dubious at best.
114
because it was the only project that focused on that particular hazard in great detail. (An RRAP
official indicated that this was done at the request of the client specifically because it was not a
hazard that region’s transportation sector had given much attention to previously.)
More recent RRAP reports, including some undertaken since the inception of this
research, have occasionally employed a more hazard-agnostic approach to exploring a region’s
resilience. The following chapter discusses the extent to which resilience can or should be
considered threat-dependent or hazard-agnostic. For present purposes, any threat-specific or
hazard-based analysis of resilience gaps and barriers was beyond the scope of this research.
(Such might be an interesting focus for future research using the RRAP data, however.) Beyond
hazard-based distinctions noted across regions, no meaningful correlations to regional
characteristics emerged from the review of the coded case evidence. If anything, the gap-region
cross tabulation reinforced subtle differences noted concerning the energy sector itself, as
previously detailed above.
The gaps that have been the focus of this chapter thus far are only part of the resilience
picture. This dissertation now turns to an exploration of the systemic conditions that enable them
to develop, or to persist.
III. Are there any recurring, empirically evident barriers to addressing resilience
gaps? If so, what are they?
The second objective of this work, which distinguishes it from many of the current efforts
devoted to developing better metrics and models for assessing resilience, is to identify and better
understand any recurring, systemic barriers to improving it. To this end I developed and
employed a resilience barrier coding scheme based on the previously discussed Post-Sandy
Study (Flynn 2015), which itself synthesizes ideas previously developed by the National
Infrastructure Advisory Council (2009; 2013), the Homeland Security Advisory Council (2011),
115
and National Academies work with Disaster Resilience (2012). Even though resilience barriers
are not a specific focus of the program, there is evidence in the RRAP case data substantiating
the presence of each of the four major types of barriers presented in the Post-Sandy Study:
namely, as a society: (1) we do not recognize how unprepared we are to handle foreseeable risks
and uncertainties; (2) we do not know how to measure resilience because there is not yet
consensus on how to create it; (3) we do not have incentives to create resilience; and (4) there are
organizational and governance barriers to creating resilience.
Table 4-5, on the following page, presents the coding references and source counts for
each of these barrier nodes, which, as conceptualized by Flynn, include multiple (child) sub-
components. As indicated in this table, there is evidence of all but one of the barrier sub-
components.19 As with the results derived from applying my resilience gap coding scheme to the
RRAP cases, the “parent” barrier nodes, which aggregate the counts of their respective sub-
components, generally contain the highest numbers of coding references and source counts.
Importantly, the counts produced by coding the 33 RRAP projects with this barrier
coding scheme indicate that four of Flynn’s sub-components in particular (and a related fifth
“child” barrier not articulated by Flynn as such) recurred routinely. These top five coding
references and case counts among non-parent barriers are highlighted in bold in Table 4-5 for
ease of reference.
19 One subcomponent of the broader notion that as a nation we do not recognize how unprepared we are to handle foreseeable risks or to respond to uncertainties, is the idea that elected officials are loathe to look for, or acknowledge, resilience gaps to the extent doing so without adequate resources to address them creates a political liability (see generally Rabkin 2008; see also National Institute of Standards and Technology 2015). There was not any evidence in the RRAP cases that appeared to support this specific barrier. To extent elected officials and other politicians were not primary participants in the RRAP case studies, the lack of evidence on this point is not necessarily surprising.
116
Thus, the specific (non-parent)
barriers to improving resilience that
appear most strongly in the case data
are: (1) the nation continues to face
critical shortcomings in emergency
response and recovery coordination
and collaboration efforts; (2) “systems
ignorance,” (i.e., the lack of visibility
or understanding of how critical
infrastructure components are inter-
connected and how systems are
dependent or interdependent) is
widespread; (3) there is a paucity of
important critical infrastructure
information cognizant authorities and
operators need to know, but do not
(either because as a society we do not
understand why it is important, or because those in possession of it are reluctant to share); (4)
there are insufficient funds (or incentives more broadly) for investing in resilience; and,
relatedly, (5) efficiency is often valued over ensuring continuity of function. The following
sections presents representative RRAP case evidence to help further describe the prevalence and
nature of these recurring systemic conditions.
Table 4-5: Resilience Barrier Coding Results # of Barrier Coding References (# of RRAP Sources)
Barrier Behaviors .......................................................... 8(5)
− Narrow Timelines and Issue Framing ..................... 6(5)
− Simplified Decision Rules ...................................... 1(1)
− Status Quo Bias ...................................................... 1(1)
Failure to Recognize Risks & Uncertainties ........... 138(28)
− Assumptions of Stationarity .................................... 9(5)
− Inappropriately Discounting Risks ....................... 19(5)
− Overestimating Current Capabilities ..................... 15(9)
− Politically Risky to Acknowledge Gap ........................ 0
− Unknown Information ........................................ 95(27)
Lack of Definition or Integrative Approach .............. 76(24)
− Failure to Recognize Interdependencies ............. 47(16)
− Lack of Agreed Upon Standards or Measures .... 25(10)
Lack of Incentives or Presence of Disincentives ....... 82(27)
− Confusion and Lack of Common Definition ........... 1(1)
− Disincentives .......................................................... 6(5)
− Efficiency Valued over Continuity of Function .. 33(14)
− Few Rewards (or $) for Investing in Resilience . 41(18)
Organizational or Governance Challenges ............. 300(33)
− Coordination or Collaboration .......................... 233(33)
− Fighting the Last Battle ...................................... 32(12)
− Law or Regulation (lack of or mismatched) ....... 32(14)
117
A. The nation continues to face shortcomings in emergency response and recovery coordination at the regional and cross-regional level.
The most prevalent barrier that emerged from the RRAP cases, appearing in over 233
instances across all 33 of the analyzed Resiliency Assessments, is the lack of coordination
among all relevant stakeholders in a given region. This particular systemic problem arises
among government agencies and officials, across adjoining jurisdictions and levels of
government, and between public and private entities. There is evidence of this barrier in each
type of infrastructure focus area, and across all geographic regions studied.
One repeatedly noted shortcoming within this barrier is simply who is included in (or
excluded from) various coordinating entities. As explained in Chapter 2’s brief exploration of
challenges that result from humans’ cognitive limitations and tendency toward simplified
decision-making, the structure of organizations – including who is “at the table” and thus, what
collective perspectives and experiences can be brought to bear – can have a dramatic impact on
how effectively any given community or organization can respond to a particularly messy,
complicated issue. The RRAP data shows a clear need for greater inclusiveness in local and
regional coordinating (and planning20) bodies.
For example, an energy and water-focused RRAP project found that one state’s
emergency council, “which makes recommendations to the Governor on the assignment of
responsibilities to [] state agencies relative to emergency planning, does not include as a member
the [state’s] regulatory body for electric and water utilities” (DHS 2014a). A separate study
involving national defense-related infrastructure assets highlighted a similar shortcoming. That
report noted a clear need to “improve communication and coordination among electric power
20 The inherent and close relationship between coordination and planning is discussed in the following chapter.
118
and water utilities … to share information about single points of failure” (DHS 2014a). A port-
focused RRAP documented how one regional Emergency Operations Center included one port
authority and the local Coast Guard, but excluded other ports in the same region, and all private
sector port entities (DHS 2014a).
Regarding public and private coordination deficiencies, several RRAP studies
specifically highlighted the need for state stakeholders “to improve their situational awareness of
the fuel supply network by building or reinforcing permanent relationships with the private
sector; becoming knowledgeable about the business continuity plans of fuel supply network
facilities within their jurisdictions; developing compatible disaster response policies; and
incorporating knowledge gained into official response and recovery plans” (DHS 2014a).
In many instances, the RRAP case evidence documents useful informal relationships,
especially between individual asset owners or operators and local law enforcement or emergency
management officials. There is a clear need, however, to formalize and broaden such networks.
The hazards of failing to do so are well stated in one Resiliency Assessment as follows: “Lack
of coordination and documentation of multijurisdictional response activities based on individual
agency assumptions concerning critical infrastructure within impacted areas can lead to
ineffective emergency management during a large-scale incident” (DHS 2014a). Moreover, the
broader common operating picture that comes from increased coordination will enable cognizant
authorities to better prioritize response and recover efforts by considering the dependencies and
interdependencies of the lifeline critical infrastructures on which they depend. As another
Resiliency Assessment explained, “[w]ithout a predefined list of critical assets, each lifeline
sector will determine the restoration order for customers on the basis of its procedural and
organizational guidelines” (DHS 2014a). Such actions may not further overarching needs.
119
Greater coordination is needed to develop the enhanced situational awareness on which effective
response and recover efforts depend.
This challenge, of course, is not new. Emergency management officials and scholars
have noted the need for more effective coordination for decades (see, e.g., Donahue and Tuohy
2006). The case evidence amassed on this point while coding the RRAP cases simply suggests
that this problem persists, especially with respect to the interaction between emergency
management personnel and critical infrastructure owners and operators.
B. “Systems ignorance” is a pervasive condition.
The coded information for this second prolific barrier, which appeared 47 times across 16
case studies, indicates a widespread lack of visibility and understanding among policymakers,
other government officials, and private sector interests of how critical infrastructure components
are inter-connected and how the lifeline infrastructure systems on which they depend are
dependent or interdependent on one another. This “systems ignorance” arguably flows, in part,
from the lack of coordination (and the consequent lack of information sharing) discussed above.
On the one hand, whenever “systems ignorance” appears, the RRAP case evidence
suggests it is often extensive. The following selections from the case data illustrate this point.
“Stakeholders are insufficiently aware of the complexities of the energy-water nexus” (DHS
2014a). The “lack of awareness of the dependencies and mitigation capabilities of [the studied
food industry] impact the response, recovery, and restoration decisions” (Ibid.). As one
healthcare-focused RRAP noted, emergency response plans that were studied in that project “do
not consider cross-sector dependencies or test priority lifeline restoration and recovery scenarios
and timelines with key stakeholders” (DHS 2014a). Perhaps a Northeast-based RRAP report
best characterizes the nature of this barrier:
120
While baseline data on dependencies and interdependencies of the critical infrastructure in the region has been compiled through [this] RRAP study, no detailed analysis has been executed that describes external critical needs required for response and recovery from specific all-hazards events. State and local leadership lack a decision-making framework regarding the specific support required in these recovery efforts. There exists a lack of understanding of the implications of each of these decisions on the recovery effort as a whole as well as on the surrounding dependent and interdependent infrastructure (DHS 2014a).
On the other hand, each Resiliency Assessment helps to address this barrier by increasing
awareness to, and understanding of, system dependencies, interdependencies, single points of
failure, and the potential for cascading failures. The program’s (and others’) ability to do so,
however, is arguably limited by the (in)ability to share and widely publicize such information.
Indeed, the prevalence of “unknown information” was an unexpected theme that emerged in the
RRAP data. It is to this third barrier that this dissertation now turns.
C. There is a dearth of important critical infrastructure information cognizant authorities and operators need, but do not know.
In the second-cycle coding and analysis of data coded to this third prevalent barrier,
which appeared 95 times across 27 RRAP case studies, several insightful themes emerged. The
RRAP case data suggest that some information is unknown because of the sheer age of the
infrastructure assets in question.21 This is especially common in the context of water and
wastewater systems. (One studied city, for example, reportedly does not have documentation for
nearly one third of its water pipes!) The word “unknown” is frequently used in the RRAP data to
21 It is surprising that the (old) age of infrastructure did not emerge as a more prevalent resilience gap in the RRAP data. (As noted in Table 4-1, above, specific evidence of this condition appears only 27 times in 10 cases.) RRAP officials interviewed for this dissertation indicated that project regions and substantive focus areas were generally selected and designed to explore and discover unknown issues, not well-documented conditions. To the extent the problem of America’s aging infrastructure is widely understood, it ended up a lesser component of the studied cases. In one notable counter-example, the 2013 Pittsburgh project, which reportedly was selected expressly because of the age of the lock and dams in the study area, asset “age” features prominently throughout the case report. Other age-related gaps typically were documented tangentially in the context of water and wastewater systems, and some nature gas distribution pipelines that supported other areas of focus.
121
describe “unknown” attackers or assailants in malicious activities catalogued in the descriptive
threat assessment background sections of some reports, as well as in other irrelevant contexts.
Importantly, the data coded to the (lack of) coordination barrier previously discussed
suggests that much of the unknown information noted in the RRAP cases is tied to the lack of
inclusive coordinating bodies and cooperation among stakeholders. A RRAP project from the
Great Lakes megaregion provides a representative example of this condition. It notes how “[a]n
information-sharing mechanism, comprising both a forum or steering group and protocols for
sharing cybersecurity information, has not been defined at the regional, local, or organizational
levels. Without such a mechanism, lessons learned, operational threats, and other relevant
information cannot routinely be shared, coordinated, or brought to a level of cyber-related
community awareness” (DHS 2014a).
The coded material also contains evidence suggesting that stakeholders often do not
know critical infrastructure information because they do not understand why it is important, and
thus worth knowing; or because those in possession of it are reluctant to share it, if not actually
prohibited from doing so. This first of these two sub-themes is closely tied to, and highlights the
ramifications of, the systems ignorance barrier discussed above. Other RRAP case data suggests
policymakers, infrastructure owners and operators, and emergency and first responders
sometimes “don’t know what they don’t know” largely because they do not have a broad,
systems-based understanding of their environment. As a water sector-focused RRAP project
explained, the “lack of demand and supply information from water systems [available for the
region under study] could affect the ability of State and local emergency responders to prioritize
recovery actions effectively during a significant event, such as a long-term electric outage” (DHS
2014a). Yet emergency managers and first responders in that case had apparently not sought out
122
this vital information. In another related example, a regional water treatment plan in the
Piedmont Atlantic megaregion was unaware of where it fell on any prioritization lists (to the
extent they might exist) for the restoration of natural gas service on which its emergency pump
generators run. Unknown information appears to feed systems ignorance, and vice versa.
Perhaps not surprisingly, the proprietary nature of much infrastructure information, and
the regulatory protections placed thereon, further aggravate this information blindness. This
theme appears most clearly in case data concerning the communications sector. As one energy-
focused RRAP report noted, “information about the Communications Sector’s architecture
elements is proprietary; collecting information about network access architecture, usage,
location, and functions at the customer level can therefore be challenging. The ever-changing
nature of communications technology further complicates the process. As a result, sector owners
and operators must rely on each customer to identify customer-level critical assets” (DHS
2014a). Another case study from the same region contained a similar observation: “limited data
regarding the locations, interconnectedness, and resilience of voice and data communication
networks in the study area were available” (Ibid.)
Ironically, the protections afforded to Protected Critical Infrastructure Information
(PCII), which limit access and distribution of materials so-labeled to those specifically cleared by
DHS to handle such information, stand in tension with the RRAP’s own efforts to address the
very systems ignorance and unknown information barriers suggested by its data. Numerous
Resilience Assessments contain the following disclaimer: “Because of the sensitive, site-specific
nature of this key finding, resilience enhancement options are limited to the PCII section of this
report.” While the program has taken steps to facilitate wider distribution of its products,
including by placing PCII information in annexes to its Resiliency Assessment so that it can
123
release the main reports under the For Official Use Only label (which allows state clients to
decide what additional actors can have access to any given Resiliency Assessment that state
holds), the prevalence of “unknown information” reflected in the RRAP case evidence
underscores the need for a wider distribution and greater awareness of how infrastructure
systems are interconnected and interdependent
D. There are insufficient funds (and incentives) for investing in resilience.
In general, the RRAP data provides far greater insight into resilience gaps, than into
barriers to removing them. This is not surprising to the extent the program’s design and efforts
are not focused on exploring how or why current system configurations and conditions came to
be. Accordingly, much of the case evidence providing insight into the barriers noted thus far in
this chapter is anecdotal, and appears in background details or recommendation justifications that
are tangential to the Resiliency Assessments’ main findings. An exception to this, however, is
the prevalence of evidence directly addressing a lack of funding for needed improvements. No
other resilience barrier was addressed as expressly in the RRAP reports as financial constraints
that enabled substandard conditions, or that hinder improvements thereto. The following
representative examples illustrate the directness with which this subject is addressed in the
RRAP case studies.
In one agriculture and food-focused RRAP, the report authors succinctly note, “State []
budget cuts are impacting disease response operations” (DHS 2014a). In a commercial facilities-
focused case report, one facility representative is quoted as explaining how “budget constraints
often impede the implementation of protective measures to mitigate identified security gaps”
(Ibid.). Similarly, in an energy production-focused RRAP project, the authors note that “due to
[poor] economic conditions, plants often have less money to spend on improving resilience,
including improving planning, installing backup generators, implementing cyber-security
124
enhancements, maintaining response equipment and procuring mobile transloading equipment”
(Ibid.). Relatedly, a water-focused Resilience Assessment recounts how, “preparedness practices
that increase resourcefulness are expensive to implement and/or maintain; furthermore, training
can be costly and time-consuming. Recently, within the region’s Water Sector, there has been a
lack of support for security and preparedness initiatives; this remains a significant barrier”
(Ibid.). Similarly, both healthcare-focused RRAP projects scoped within this research note the
negative effects of tight budgets in that sector. As one detailed, “all hospitals visited during this
RRAP identified that diminishing security budget issues were a concern, as that reduces their
ability to properly monitor healthcare operations or provide a direct deterrent to adversaries.”
While there are only 41 express references to the lack of funds as the reason for a
specified condition, which appear across 18 (i.e., just over half) of the RRAP cases studied, the
clarity and strength of these statements suggests – albeit not likely to be surprising to anyone
familiar with infrastructure – that the scarcity of financial resources remains a significant barrier
to improving resilience.
E. Efficiency is often valued over ensuring continuity of function.
A final related, but potentially under-appreciated, barrier to resilience merits discussion
as the fifth most prevalent barrier to emerge from the RRAP data, appearing 33 times. As Flynn
explains, the decision by many commercial entities to use just-in-time delivery systems often
effectively eliminates redundancies in order to make these systems “leaner” (Flynn 2015, 13). It
simultaneously makes them less resilient, however, as excess capacity – capacity and redundancy
that would be useful in response to disruptions – is intentionally removed. Just under half (14) of
the RRAP cases, representing a range of sectors and regions, contained evidence of this
phenomenon. The following representative examples illustrate the prevalence of this preference.
125
As one RRAP report explains:
Over the last fifty years the U.S. broiler industry has moved toward commercialization and consolidation under a business concept known as “vertical integration.” This means one corporation has ultimate ownership or tight contractual control over every aspect of production, including the breeding and hatching of young birds; all intermediate steps in the growth cycle; provision of feed; transportation; slaughter; and consumer marketing. Ninety-five percent of broiler operations are controlled by vertically integrated (breeder to slaughter control) operations, while 5% of farmers raise their chickens on company owned farms. …. This time-sensitive, tightly controlled system allows broiler companies to birth, raise, and slaughter chickens according to “just-in time” domestic and international consumer demands. ...[T]his controlled system can make the same broiler companies vulnerable to certain hazards. (DHS 2014a).
As another Resiliency Assessment describes:
Ethanol production relies on the “almost just-in-time” delivery of raw products and shipment of refined products. Ethanol plants often have a limited ethanol storage …; without rail to transport the ethanol away from the plant to its next destination, production would stop. In addition, the plants may not be capable of storing byproduct for more than a few days to a week, owing to space limitations or the potential for it to rot; therefore, the loss of road transportation to truck it offsite to feedlots would also cause a facility to stop production. Any delay in transportation might have cascading effects on the entire ethanol supply chain, from farmers sending corn to the plant, to ethanol being shipped to blender customers, and to byproduct being shipped to feedlots. (DHS 2014a).
Liquid fuel systems similarly suffer from this “lean” approach to business. As one RRAP
found, “[m]ost bulk fuel terminals operate on a “just-in-time” basis. Those markets which rely
heavily on pipelines to supply terminals will experience fuel shortfalls from interruptions of
pipeline deliveries lasting longer than the replenishment cycle...” (DHS 2014a).
Even hospitals are vulnerable to disruption because of this preference for efficiency.
While they generally “have mature emergency response and medical surge plans,” hospitals
often “lack recovery plans that address the catastrophic loss of key dependencies such as …
disruptions to vital transportation routes that support their ‘just in time’ supply chain delivery
126
systems” (DHS 2014a). This potentially shortsighted premium placed on the efficiency of
operations is truly pervasive.
As each of the five strongly recurring themes found in the cases data suggest, there are
deep-seated systemic challenges to recognizing, understanding, and communicating resilience
gaps, and to creating the broader culture of resilience necessary to address them. A necessary
step to confronting these barriers is better understanding them. The fourth and final research
question, to which this dissertation now turns, was designed to advance this issue.
IV. To what extent do the presence and significance of these barriers differ across regions and critical infrastructure sectors?
This dissertation’s attempt to delve into regional differences and sector-based barrier
correlations was impaired by the limits of the RRAP case data, and its distribution, in much the
same ways that it was for exploring potential cross-sector resilience gap distinctions. As
explained above, the relatively few RRAP case studies undertaken in any given megaregion (or
other geographic area, for that matter), combined with DHS’s intentional distribution of
substantive areas of emphasis in each, made it difficult to detect any strong correlations between
the observed systemic barriers and any given geographic locale or infrastructure sector. These
difficulties were further aggravated by the relative scarcity of evidence in the case studies
directly substantiating barriers to resilience. As discussed further in the following chapter, there
is only one third as much case evidence in the case studies concerning observable barriers to
resilience as compared to the amount of data concerning specific resilience gaps.
Table 4-6, on the following two pages, depicts the coding references and source counts
produced with an NVivo coding query with the nodes from the barrier coding scheme and the
eight infrastructure sector focus areas from the coded RRAP projects.
127
Table 4-6 – Barrier Coding by RRAP Infrastructure Sector Focus Area Cross Tabulation # of Coding References to Barrier (# of RRAP Case Studies with Coding References to Barrier)
Infrastructure Sector Focus Area of Given Resiliency Assessment
Coded Barrier to Resilience A
gric
ultu
re a
nd
Food
(4)
Com
mer
cial
Fa
cilit
ies (
7)
Dam
s (1)
Def
ense
In
dust
rial B
ase
(1)
Ener
gy (9
)
Hea
lthca
re &
Pu
blic
Hea
lth
(2)
Tran
spor
tatio
n (7
)
Wat
er &
W
aste
wat
er (2
)
All
Cas
es (3
3)
Failure to Recognize Foreseeable Risks and Uncertainties
7(4) 14(4) 0 7(1) 39(8) 16(2) 38(7) 11(2) 132(28)
− Assumptions of Stationarity 0 0 0 0 4(3) 0 5(2) 0 9(5)
− Inappropriately Discounting Risks 0 0 0 0 0 10(1) 9(4) 0 19(5)
− Overestimating Current Capabilities 0 2(1) 0 0 2(2) 1(1) 8(3) 2(2) 15(9)
− Politically Risky to Acknowledge Gap 0 0 0 0 0 0 0 0 0
− Unknown Information
7(4) 13(4) 0 7(1) 32(7) 6(2) 20(7) 10(2) 95(27)
Lack of Definition or Integrative Approach
9(3) 18(5) 0 1(1) 18(6) 6(2) 15(5) 9(2) 76(24)
− Failure to Recognize Inter/dependencies 5(2) 13(3) 0 1(1) 8(5) 2(1) 11(3) 7(1) 47(16)
− Lack of Agreed Upon Standards or Measures
4(2) 4(2) 0 0 9(2) 4(1) 2(2) 2(1) 25(10)
128
Table 4-6 – Barrier Coding by RRAP Infrastructure Sector Focus Area Cross Tabulation (Continued)
# of Coding References to Barrier (# of RRAP Case Studies with Coding References to Barrier) Infrastructure Sector Focus Area of Given Resiliency Assessment
Coded Barrier to Resilience A
gric
ultu
re a
nd
Food
(4)
Com
mer
cial
Fa
cilit
ies (
7)
Dam
s (1)
Def
ense
In
dust
rial B
ase
(1)
Ener
gy (9
)
Hea
lthca
re &
Pu
blic
Hea
lth
(2)
Tran
spor
tatio
n (7
)
Wat
er &
W
aste
wat
er (2
)
All
Cas
es (3
3)
Lack of Incentives or Presence of Disincentives
12(4) 14(6) 0 0 25(8) 10(2) 18(6) 3(1) 82(27)
− Confusion and Lack of Common Definition 0 0 0 0 0 0 0 1(1) 1(1)
− Disincentives 1(1) 0 0 0 1(1) 1(1) 3(2) 0 6(5)
− Efficiency Valued over Continuity of Function
5(2) 1(1) 0 0 14(7) 7(2) 6(2) 0 33(14)
− Few Rewards (or funds) for Investing in Resilience
6(3) 12(5) 0 0 10(3) 3(2) 7(4) 3(1) 41(18)
Organizational or Governance Challenges
34(4) 65(7) 1(1) 8(1) 71(9) 24(2) 79(7) 18(2) 300(33)
− Coordination or Collaboration 25(4) 54(7) 1(1) 7(1) 58(9) 13(2) 60(7) 15(2) 233(33)
− Fighting the Last Battle 0 5(3) 0 1(1) 2(1) 8(2) 15(4) 1(1) 32(12)
− Law or Regulation (lack of or mismatched) 9(2) 6(4) 0 0 11(5) 1(1) 5(2) 0 32(14)
129
Comparing Table 4-6’s coding references with Table 4-2’s counts, the relative scarcity of barrier
evidence as opposed to gap evidence is clear. Nevertheless, as with the study of gaps within and
across infrastructure sectors and regions, I attempted to use the coding reference and source
count data to guide the qualitative exploration of barrier-sector relationships.
Ultimately, however, with respect to sector-based barrier distinctions, themes emerged
more strongly during the review of the case data when considering the gaps and barriers
previously noted. For example, gaps related to dependencies on the communications sector are
attributed more than once to end users’ lack of (i.e., “unknown”) information about their service
provider’s limitations, which arises from the proprietary nature of many portions of the
telecommunications industry. It is not possible to quantitatively substantiate a sector-barrier
correlation (i.e., a recurring link between the communications sector and “unknown”
information) in Table 4-6, however, as communications is not a designated focus sector for any
of the studied RRAP reports. To further investigate this theme, I re-read all matter coded to the
communications dependency gap node, and then re-read the materials coded to the “unknown
information” node (across all sectors and regions). In doing so I found that these references
actually came from two energy sector-focused cases, which discussed communications
dependencies. While these few references to the proprietary nature of the communications
industry cannot substantiate a barrier-sector relationship, this example underscores the
difficulties encountered in quantitatively exploring such linkages.
Similarly, the previously reviewed gap-coded case data associated with healthcare and
public health-focused cases contained several statements suggesting a lack of incentives for
investing in resilience frequently impair the resilience of hospitals. The ten barrier coding
references noted in Table 4-6 on this broader point do not support the notion that this type of
130
barrier is appreciably more or less prevalent in the healthcare sector, as compared to others. As
the observations concerning hospitals were based on only two RRAP cases, and a few coded
textual references therein, there is arguably insufficient evidence to support a larger sector-
barrier correlation. This problem was prevalent in finding sector-based differences in other
contexts as well given the distribution of the RRAP cases. Ultimately, neither the second-cycle
coding and analysis, nor the coding queries and NVivo cross tabulations yielded clearly
discernable, empirically supportable barrier distinctions based on infrastructure sectors.
This effort’s exploration of the extent to which barriers vary by geographic region was
slightly more enlightening. Table 4-7, on the following pages, depicts the results of another
coding query based on all barrier nodes and the megaregions represented in the coded RRAP
cases. In reviewing the underlying barrier-coded data represented in this table in a structured
region-by-region fashion, an interesting theme emerged.
The Regional Resilience Assessment Program itself does not use the Regional Plan
Association’s (RPA’s) 11 megaregion scheme (2015) to sort or analyze RRAP case studies
geographically. This dissertation did so to explore differences between these inter-connected
major metropolitan areas. A closer look at the coded data reveals a barrier-based difference
between RRAP projects that fell within any of these regions, and those that were conducted
outside them. The Resiliency Assessments for cases undertaken in more remote regions,22 in
general, contained case data and descriptions that lent themselves better to barrier coding. That
is, the data and discussion in RRAP cases studies that were undertaken outside of designated
megaregions provide clearer insights concerning barriers than cases falling squarely
22 I classified the RRAP case studies form the following areas as falling outside of the designated megaregion: Alaska, Denver, Nebraska, North Dakota, Oklahoma, Puerto Rico, Salt Lake City, Texas Panhandle, West Virginia, and Wyoming.
131
Table 4-7 – Barrier Coding by Regional Plan Association Megaregion Cross Tabulation # of Coding References to Barrier (# of RRAP Case Studies with Coding References in Barrier)
Regional Plan Association Megaregion of Resiliency Assessment
Coded Barrier to Resilience N
ot A
ssoc
. w/
Meg
a R
egio
n (1
0)
Ariz
ona
Sun
Cor
ridor
(2)
Cas
cadi
a (1
) Fl
orid
a (2
) Fr
ont R
ange
(2)
Gre
at L
akes
(2)
Nor
thea
st (8
) N
orth
ern
&
Sout
hern
Cal
if.
(2)
Pied
mon
t A
tlant
ic (
3)
Texa
s Tria
ngle
(1
)
All
Cas
es (3
3)
Failure to Recognize Foreseeable Risks and Uncertainties
34(8) 6(1) 0 11(2) 3(1) 12(3) 44(8) 3(2) 5(2) 14(1) 132(28)
− Assumptions of Stationarity 2(1) 0 0 0 0 0 7(4) 0 0 0 9(5)
− Inappropriately Discounting Risks
3(2) 0 0 0 0 0 6(2) 0 0 10(1) 19(5)
− Overestimating Current Capabilities
3(2) 1(1) 0 2(1) 0 1(1) 7(3) 0 0 1(1) 15(9)
− Politically Risky to Acknowledge Gap
0 0 0 0 0 0 0 0 0 0 0
− Unknown Information 25(8) 5(1) 0 10(2) 3(1) 12(3) 28(7) 3(2) 5(2) 4(1) 95(27)
Lack of Definition or Integrative Approach
22(7)
7(1) 1(1) 9(2) 4(1) 7(3) 17(5) 2(1) 3(2) 4(1) 77(24)
− Failure to Recognize Inter/dependencies
8(5) 7(1) 1(1) 8(2) 4(1) 6(2) 13(4) 0 0 0 47(16)
− Lack of Agreed Upon Standards or Measures
13(4) 0 0 0 0 1(1) 2(1) 2(2) 3(2) 4(1) 25(10)
132
Table 4-7 – Barrier Coding by Regional Plan Association Megaregion Cross Tabulation (Continued) # of Coding References to Barrier (# of RRAP Case Studies with Coding References in Barrier)
Regional Plan Association Megaregion of Resiliency Assessment
Coded Barrier to Resilience N
ot A
ssoc
. w/
Meg
a R
egio
n (1
0)
Ariz
ona
Sun
Cor
ridor
(2)
Cas
cadi
a (1
) Fl
orid
a (2
) Fr
ont R
ange
(2)
Gre
at L
akes
(2)
Nor
thea
st (8
) N
orth
ern
&
Sout
hern
Cal
if.
(2)
Pied
mon
t A
tlant
ic (
3)
Texa
s Tria
ngle
(1
)
All
Cas
es (3
3)
Lack of Incentives or Presence of Disincentives
28(7) 0 4(1) 1(1) 4(2) 7(3) 19(8) 2(1) 12(3) 5(1) 82(27)
− Confusion and Lack of Common Definition
0 0 0 0 0 0 1(1) 0 0 0 1(1)
− Disincentives 3(2) 0 0 0 0 0 1(1) 1(1) 0 1(1) 6(5)
− Efficiency Valued over Continuity of Function
14(6) 0 0 0 1(1) 1(1) 11(4) 0 4(1) 2(1) 33(14)
− Few Rewards (or funds) for Investing in Resilience
12(5)
0 4(1) 0 3(2) 6(3) 5(2) 1(1) 8(3) 2(1) 41(18)
− Organizational or Governance Challenges
97(10)
8(1) 11(1) 23(2) 11(2) 16(3) 67(8) 18(2) 33(3) 16(1) 300(33)
− Coordination or Collaboration 78(10) 8(1) 7(1) 22(2) 11(2) 14(3) 49(8) 14(2) 22(3) 8(1) 233(33)
− Fighting the Last Battle 10(3) 0 1(1) 1(1) 0 1(1) 9(4) 0 3(1) 7(1) 32(12)
− Law or Regulation (lack of or mismatched)
8(4) 0 3(1) 0 0 1(1) 7(2) 4(2) 8(3) 1(1) 32(14)
133
within the clustered networks of cities and interconnected transportation hubs. This did not
result in more gaps being identified or coded in non-megaregion case studies, although that was
the case for some RRAP reports. (The Puerto Rico and Wyoming Resiliency Assessments have
among the most barrier coding references of any of the RRAP reports, ranking first and fourth,
respectively.) As a group, the non-megaregion RRAP cases provide 181 of the 592 barrier
coding references (approximately 30%), which generally aligns with this sector’s overall
representation (ten of 33 cases) within the studied projects.
The case evidence does not itself suggest a clear answer as to why the non-megaregion
cases provide clearer evidence of systemic barriers to resilience. The ten coded RRAP projects
that fall outside the RPA’s designated megaregions cover five of the eight sector focus areas
represented elsewhere in this study, such that an over or under-representation of sector focus
areas outside the megaregion studies is not likely the cause. It may be that the megaregions
inherently provide a more complicated research setting due to the more numerous and more
interconnected infrastructure systems they, by definition, contain. In other words, it may simply
be easier to identify, articulate, and understand barriers to resilience when the subjects under
study are more remote. To be clear, case studies conducted outside of the RPA megaregions are
replete with interconnected and interdependent infrastructure systems. It is certainly possible, if
not likely, however, that the scale of those systems, and their potential interaction with even
larger sets of systems, affects a given operator’s understanding and (potentially subconscious)
articulation of why those gaps exist. To the extent future RRAP projects, or other research
efforts, desire to better understand systemic barriers to improving resilience, this apparent
distinction is worthy of further investigation.
134
Despite the noted limitations of this research, and the lingering questions just discussed,
there are broader implications to be drawn from my findings. It is to these bigger picture issues
that this dissertation now turns in the following, final chapter.
135
Chapter 5
The ultimate findings of this effort’s coding and analysis, as detailed in the preceding
chapter, can be succinctly summarized as follows. Four recurring resilience gaps appeared most
clearly in the RRAP data across many, if not most, of the studied infrastructure sectors and
geographic regions. These recurring gaps are: (1) a dependence on energy, aggravated by an
insufficiency or complete absence of back-up power systems; (2) the fact that response and
recovery plans and planning seldom include all relevant stakeholders necessary to address known
hazards in a comprehensive manner; (3) the presence of numerous single or critical points of
failure; and (4) a lack of redundancy, insufficient system capacity, or both, that diminishes the
resilience of many infrastructure systems. The limitations of the data used in this effort –
including the limited distribution of RRAP projects among infrastructure sectors and
megaregions – impaired the ability to detect strong regional or cross-sector difference in these
(or other) gaps, with a possible exception related the comprehensiveness of planning efforts
involving the energy sector.
With respect to systemic barriers that likely enabled these resilience gaps to develop or
persist, the coding and analysis of the RRAP case evidence affirmed the presence the four major
barriers, and numerous sub-components thereof, noted by Flynn’s Post Sandy Study (2015).
More specifically, the cross-case analysis of the RRAP data revealed that five specific barriers
are particularly prevalent: (1) the nation continues to face significant shortcomings in
emergency response and recovery coordination efforts at the regional and cross-regional levels;
(2) there is a widespread lack of visibility or understanding of how critical infrastructure
components are inter-connected and how systems are dependent or interdependent on one
another; relatedly, (3) there is a dearth of important critical infrastructure information (beyond
136
dependencies and interdependencies) that is available to cognizant authorities and operators –
either because they do not understand why they should seek or insist on gaining access to
information that would resolve certain “unknowns”, or because those in possession of relevant
information are reluctant to share; (4) there are insufficient incentives (and funding, in particular)
for investing in resilience; and, (5) efficiency is often valued over ensuring continuity of
function. As with the efforts to detect regional or infrastructure sector-based resilience gap
differences, the limitations of the data, compounded by a comparative scarcity of evidence
concerning barriers as such – which are admittedly not a focus of the RRAP’s efforts – leave the
last of this effort’s four research questions largely unanswered. The ability to discern barrier
conditions more easily in RRAP case studies conducted outside of designated “megaregions,”
however, raises an interesting issue that merits further study.
This final chapter considers the broader implications of this research and suggests ways
to advance and improve upon this work, related resilience research, the Regional Resiliency
Assessment Program, and homeland security itself. It does so in five major sections. First, it
draws on the findings set forth in Chapter 4, and on the evolution of the RRAP process, to
reconsider the various theories of resilience and ways to assess it as set forth in the current
literature. It suggests why there is clear benefit to adopting a systems-based, function-focused
view of resilience that is hazard-agnostic. The second section argues the importance of further
study concerning systemic barriers to improving resilience gaps to facilitate broader
understanding of the challenges we face. Relatedly, the third section proposes a framework for
divining and analyzing linkages between common gaps and barriers. Next, it suggests ways to
further exploit the RRAP program data, and the need to make it more available to researchers.
The final section then moves beyond considerations based on specific findings and draws on the
137
fuller array of experiences and insights gained from conducting this research. It proposes (1)
ways to leverage the mixed quantitative and qualitative methodology adopted for this dissertation
in conducting other public policy research; (2) insights from the research experience gained
throughout this effort that might inform ongoing interdisciplinary initiatives to better understand
and advance critical infrastructure (and other types of) resilience; and (3) options for enhancing
DHS’s strategic approach to resilience, and homeland security more broadly.
I. The RRAP Process and Data Affirm the Utility of Resilience as a Construct for Improving Homeland Security, and Suggest Three Practical Considerations for How It Might Be Best Conceptualized and Applied.
The overarching objective of this research has been to facilitate a better understanding of
the potential for – and challenges with – using the concept of resilience to improve homeland
security. The common gaps and barriers that emerged from the RRAP data, as detailed in the
preceding chapter, provide a useful context with which to reconsider, and potentially cut through,
the morass of resilience definitions and components recounted in Chapter 2. Indeed, this data,
and the evolution of RRAP process itself, provide several practical insights that should be
considered if the concept is to facilitate tangible homeland security improvements. Three such
key insights are highlighted here: (1) the importance of approaching resilience from a
functional, adaptive, systems-based orientation; (2) the need to think, design, and plan, in terms
of tiered levels of function and acceptable timelines for restoring them in response to disruption,
and (3) the ability, and utility, of approaching resilience in a hazard-agnostic fashion.
One practical insight arising from this study’s work is the benefit of exploring resilience
first and foremost through a focus on function; as opposed to a sterile or stove-piped study of
which attributes “make” a given asset, system, or community resilient. This observation is a
tangential outgrowth of the idea, expressed in the Resilience Engineering literature, that
138
resilience is not something a system "has," but something it "does" (Hollnagel, Woods, and
Leveson 2006, 347). The RRAP’s data collection activities, especially its facilitated stakeholder
discussions, table top exercises, and affiliated interviews, carefully guide participants to thinking
beyond a given asset’s or system’s physical boundaries and characteristics (i.e., “beyond the
fence line”), to exploring its dependencies and interdependencies with lifeline infrastructure
systems, and ultimately the corresponding vulnerabilities, dependencies, and interdependencies
among those supporting systems. The ability to consistently produce specific key findings and
actionable enhancement options suggests that RRAP participants were able to effectively assess
their respective abilities to “prepare for, adapt to, withstand, and recover from” an adverse event
simply by considering the essence of what their respective asset or sector does (i.e., what its
outputs are), and by then thinking about the supporting systems on which it depends to do so
(i.e., its required inputs). The case evidence suggests that this approach proved productive, at
least to some degree, regardless of how many, and which specific, “R” components of resilience
(i.e., robustness, redundancy, reparability, recovery, response) were employed. As the RRAP
process evolved, and less emphasis was placed on specific components or characteristics of
resilience in favor of simply using PPD-8 and PPD-21’s broader definition of the concept, key
findings actually became more focused. As explained by senior RRAP coordinators, DHS
Headquarters Team Leads, and other RRAP process owners, the sharpened “key findings” were
due, in part, to a conscious shift to more customer-focused final products. Beyond that, however,
the case reports and supporting interviews suggest that the broader conceptualization of
resilience provided by PPD-8 and PPD-21 proved more useful to the infrastructure asset owners
and system operators participating in the RRAP projects, as they were freer to explore and define
for themselves what resilience meant in their respective domains. Given the ample cross-case
139
evidence documenting rampant unknown and under-appreciated interconnections with and
among lifeline infrastructures – e.g., the repeatedly under-estimated dependency on electricity
for core function; and the electric system’s corresponding interdependency with fuel and
transportation systems that support electric generation and distribution – any conceptualization
of resilience that gets communities, infrastructure owners and operators, and government
regulators thinking about how their interests and domains intersect with one another is useful
from the perspective of improving homeland security. (Indeed, a senior RRAP program official
noted, anecdotally, that nearly half of the RRAP project “customers” to date have viewed
participating in cross-sector discussions of dependencies and interdependencies as one of the
most important benefits of the program.) By approaching resilience in terms of inputs and
outputs – the hallmark of a systems approach – and thinking about how these systems “behave,”
the RRAP program has generated numerous practical paths to improvement that are grounded
more in facilitating broader understanding than on applying precise metrics and measurement.
This growing body of work and its numerous actionable “resilience enhancement options” is a
testament to the value in this functional approach.
To be sure, the many assessment and visualization tools, dashboards, and resilience
indexes that underlie each RRAP project provide useful quantitative data for comparative
analysis. The key findings and actionable resilience enhancement options, however, flow more
from the program’s overarching systems-based, function-focused methodology to studying
resilience than from any one specific metric. The ongoing inter-disciplinary academic debate
over the best way to conceptualize and operationalize resilience through multiple components
across multiple domains remains important for developing a means of conducting further
quantitative cross-case analysis. It is also vitally important for developing tools that can help
140
policymakers and asset owners better visualize interdependencies. That debate tends to
overlook, however, the benefits to be gained from further qualitative comparative analysis, made
possible by the growing body of knowledge created by the RRAP, as further analyzed in this
dissertation, and from society’s growing appreciation and interest in understanding the
dependencies and interdependencies among critical infrastructure systems.
A second broader insight that emerged from the RRAP case data is the importance of
identifying and then designing to, or otherwise implementing, tiered levels of function and
acceptable recovery timelines for critical functions and systems. Doing so allows communities
and operators (who themselves are ultimately a part of the systems and functions under study) to
better allocate scarce response and recovery resources in the wake of a disruption and to better
target limited enhancement monies even before an adverse event occurs. Over two-thirds of the
33 Resiliency Assessments used in this study contain specific evidence documenting a
widespread lack of understanding of what assets or sectors in a given study area were positioned
to operate independently on organic resources, whether at full or reduced capacity, and which
needed to receive priority attention post-disruption to restore critical function for themselves, and
for assets that depend on them. This “systems ignorance” significantly impeded response and
recovery operations in RRAP capstone tabletop exercises and in historic event operations
recalled by RRAP participants.
Relatedly, 12 of the Resiliency Assessments studied noted a lack of any attempt, in
emergency response and continuity planning (whether public or private sector), to prioritize the
restoration of one or more critical infrastructure services. Program leaders interviewed for this
research indicated that the absence of such evidence in early RRAP reports is, in part, a
reflection of “how much we didn’t know we didn’t know,” and the evolution of the RRAP
141
process itself. That is, those conducting assessments in the early years of the program did not
know to inquire as deeply into planning and coordinating processes as they do today.
Accordingly, the lack of prioritized planning schemes is likely much more pervasive than the
studied cases suggest.
Not surprisingly, the case evidence revealed that the frequent failures to triage response
and recovery activities in advance (a repeatedly noted planning gap) is often tied to evidence
suggesting a systemic lack of understanding of system dependencies and interdependencies (a
prevalent barrier). Successful prioritization, however, is also contingent on better understanding
which systems can operate independently at reduced levels, and for how long. Theories of
resilience that expressly incorporate notions such as graceful degradation, and graceful
extensibility are well suited to promoting further consideration of this important component.
Fortunately, this aspect of resilience is already being addressed in government planning
documents to some degree. As part of its six-step process, the National Institute of Standards
and Technology’s recently released “Community Resilience Planning Guide for Buildings and
Infrastructure Systems” prompts communities to “establish desired recovery performance goals
for the built environment at the community level based on social needs, and dependencies and
cascading effects between systems” (2015). This guidance squarely addresses the lack of such
information that is noted in numerous RRAP reports. It dovetails with federal efforts such as the
critical infrastructure risk management framework and sector-specific plans contemplated by the
National Infrastructure Protection Plan, as well as the Threat and Hazard Identification and Risk
Assessment (THIRA) process required by the Post-Katrina Emergency Management Reform Act
for those states seeking DHS federal preparedness grants (the later of which is designed to
prompt communities to identify their core capabilities, as set forth in the National Preparedness
142
Goal (DHS 2011; DHS 2015f), and the resources needed locally to achieve and maintain them).
This increasingly prolific preparedness assessment and planning approach underscores the
strength and practicality of those views of resilience (see, e.g., Bruneau et al. (2003), and Haimes
(2009)) that advance the idea of a “resilience curve” that emphasizes both maintaining
functionality and minimizing recovery times for any degradation in capability.
What is less clear, from this study of the RRAP data, is the necessity of any express link
between risk – or its familiar components: threat, vulnerability, and consequence – and
resilience. That is, a third practical insight for leveraging the concept of resilience for improving
Homeland Security suggested by this study of the RRAP cases is the potential, and utility, in
approaching resilience from a hazard-agnostic perspective. As recounted in Chapter 2, Haimes
argues that resilience, like robustness, is a function of a specific threat vector, and as such,
cannot be measured outside the context of a specific threat. While such may be the case for the
purposes of precisely modeling and quantitatively measuring resilience in certain fashions, recent
RRAP reports suggest that approaching resilience from a hazard-agnostic perspective is
nonetheless a very productive exercise. The earliest RRAP reports spend a good deal of ink
cataloguing the threats and hazards a given region or sector focus area is likely to face, and the
consequences of various associated scenarios, before exploring gaps to successfully maintaining
function in the face of such threats. This is not at all surprising given the federal government’s
longstanding risk management-based approach to homeland security. Some later reports,
however, depart from this orientation somewhat and place greater priority on fostering and
exploring a better understanding of how the major systems under study will behave when
subjected to a given disruption, regardless of its cause. Even without considering the probability
and consequences of a specific disruption, these later, threat-agnostic RRAP projects developed
143
just as much practical insight into the workings and weaknesses of the focus sector under study
and its supporting critical infrastructure systems, and yield just as many specific resilience
enhancement options for addressing them as those tied more expressly to specific threats and
hazards.
It is true that the RRAP projects universally use some hazard or threat to prime
discussions about possible, if not likely, systems disruptions. Moreover, risk analysis principles
will always play an important role in helping to identify which improvements will provide the
probabilistically greatest return on investment. Deemphasizing the threat or vulnerability aspect,
however, and disabusing stakeholders of the notion that resilience discussions are necessarily
risk-based assessments is useful for a least two reasons. The first is related to the National
Academy of Sciences’ 2010 review of the Department of Homeland Security’s use of risk
analysis in executing that agency’s missions. Importantly, that study concluded that:
[a] fully integrated analysis that aggregates widely disparate risks by use of a common metric is not a practical goal and in fact is likely to be inaccurate or misleading given the current state of knowledge of methods used in quantitative risk analysis. The risks presented by terrorist attack and natural disasters cannot be combined in one meaningful indicator of risk, and so an all-hazards risk assessment is not practical. The science of risk analysis does not yet support the kind of reductions in diverse metrics that such a purely quantitative analysis would require. (National Research Council 2010)
If the Academies’ assessment remains valid, pending further advances in the science of risk
analysis itself, any true all-hazards comparative risk prioritization must necessarily include a
combination of quantitative and qualitative approaches, using multiple metrics (see e.g.,
Lundberg and Willis 2015). With the overall comparative risk of natural hazards and terrorist
threats thus somewhat unclear, if not unobtainable, tightly tying resiliency assessments and
improvement efforts to first determining the perceived “riskiest” disruptions and vulnerabilities
144
is inherently problematic. Fortunately, as the viability of the more recent, threat-agnostic RRAP
projects indicate, it is also generally unnecessary.
Second, if, as many scholars and a growing number of definitions suggest, resilience is
construed to include the ability to adapt and react to the unforeseen and unknown (see, e.g., The
White House 2011; Alderson, Brown, and Carlyle 2014; Woods 2015) focusing analyses and
discussion of resilience exclusively around predictable events, let alone probabilistically likely
ones, seems illogical.
II. Future Resilience Research Should Incorporate Greater Consideration of the Barriers to Enhancing Resilience that Underlie Noted Gaps.
Another broader insight that emerges from this dissertation’s work with the RRAP cases
is the importance of further study concerning the barriers to enhancing resilience. While over
1,800 chunks of data proved useful in developing and populating an intricate scheme of
descriptive, recurring resilience gap nodes, only 611 snippets of information from over 4,000
pages of RRAP reports provided clear insights into the barriers that either facilitated such gaps in
the first place, or allowed them to remain over time. This disparity is not surprising to the extent
the mission of the RRAP program is to “identify dependencies, interdependencies, cascading
effects, resilience characteristics, and gaps; assess the status of the integrated preparedness and
protection capabilities of critical infrastructure owners and operators, local law enforcement, and
emergency response organizations; [and c]oordinate[] protection and response efforts to enhance
resilience and address security gaps within [each targeted] geographic region” (DHS 2014c).
Notably absent from this statement of purpose is any tasking to discern how and why such
conditions came to be, or why they persist. While there was sufficient data to code resilience
barriers – and lessons to be learned therefrom – the information and comments used to do so
145
were largely anecdotal. (The fact that I coded only one third as many chunks of case evidence
regarding barriers to enhancing resilience than I did for resilience gaps is also likely due, at least
in part, to the care I took to avoid “reading too far” into data or comments or otherwise inferring
causation based on descriptions of a given asset’s or actor’s state, as explained previously in
Chapter 3.) Interestingly, many of the insights into why a specific resilience gap existed (or
persisted) surfaced in text concerning proposed resilience enhancement options aimed at
addressing a particular gap. The report authors apparently felt the need to explain the context
and background in greater detail when suggesting changes, investments, or resilience
enhancement strategies to better justify their specific recommendations. This confirms that
information as to “why” and “how” a gap came to be is in fact obtainable, at least in some
instances; it was just not the focus of the RRAP research.
While this contextual information is certainly useful in making the case for specific
improvements, better understanding the underlying barriers to resilience has the potential to
bring far broader benefits. Efforts focused on highlighting gaps, and on recommending specific
fixes (i.e., resilience enhancement options), facilitate removal of the specific gaps identified.
Indeed, as suggested by the very eight-step “Resilience Management Framework” used in the
first RRAP reports, and as confirmed by the RRAP process owners interviewed for this research,
a selling point of the RRAP process for many state and local governments was, and remains, its
ability to generate a “punch list” of items, that at the same time serves as supporting
documentation when seeking various grant monies to implement the very enhancement options
the RRAP products propose. Such improvements, especially those noted in early RRAP reports
targeting specific assets and technical deficiencies associated therewith (e.g., the inability of a
given back-up generator to run on more than one type of fuel; the lack of CCTV systems, or the
146
lack of the personnel capacity to monitor them in real time), often only improve resilience in a
very specific, limited sense. To prevent similar gaps from developing over time, however, and to
achieve more systemic improvement – i.e., to engrain a broader “culture” of resilience, as is
called for in the National Security Strategy (The White House 2010), the National Preparedness
Goal (DHS 2011), the National Infrastructure Protection Plan (DHS 2013), and by the National
Academy of Sciences (2012), and the National Infrastructure Advisor Council (2009), among
many others – it is important to understand and communicate the cognitive, organizational,
governance, policy, and incentive-based barriers that we face. If the concept of resilience is to
facilitate practical, systemic solutions to improving preparedness and homeland security more
broadly, our conceptualization and study of it must expressly include greater inquiry and
consideration of the barriers to its improvement.
Of course, some of the “gaps” and “barriers” noted in this research turn out to be two
sides of the same coin. As suggested above, the pervasive planning gaps detailed in the previous
chapter that emerged from the case evidence regarding the lack of a comprehensive approach to
planning (e.g., where regional or state-wide governmental response plans were not adequately
integrated with agency-specific or smaller jurisdictions’ plans, or failed to include non-
governmental actors; or where private business continuity plans either stopped at the boundary of
a given company’s property, failed to consider all of the lifeline infrastructures on which they
depend, or failed to incorporate the role of governmental actors in the continuity of their private
business operations) corresponded, in most instances, to additional evidence of a “failure to
recognize system dependencies and interdependencies” - a key barrier repeatedly identified in
the data.
147
Similarly, gaps, to include a failure to identify or adequately plan for a specific hazard or
vulnerability, surfaced in the same context as information implicating the general barrier node
“failure to recognize foreseeable risks and uncertainties.” Indeed, the case evidence suggests
that many such planning-related resilience gaps are strongly tied to assumptions of stationarity,
inappropriately discounting risks, overestimating (or simply not understanding) current
capabilities, a general lack of information, or some combination of these conditions; all
conditions noted in Flynn’s post-Sandy study (2015).
In these areas of tight gap-barrier overlap and interaction, the RRAP reports generally
contained more detailed information as to why and how a problem came to be. In such cases, the
path to more systemic improvement through recommendations with potentially longer-lasting
effects (as opposed to targeted, asset-based fixes) were more prevalent. This underscores the
value of considering the barriers to resilience enhancement more broadly.
III. Further Resilience Research Is Needed On How Specific Barriers are Related to Specific Gaps.
Beyond the need for further scholarly inquiry into the systemic barriers to improving
resilience, a related take-away arising from this effort’s focus on both gaps and systemic barriers
to addressing them is the need for a structured framework for better analyzing and understanding
the relationships between these two dimensions. The interplay between various gaps and barriers
to removing them was not always as strong or obvious as the examples provided in the preceding
section may suggest. In many cases such linkages were barely discernable from the case data, if
at all.
A potential remedy might be to adopt the Authority, Capability, Competency, Capacity,
Partnership (“ACCCP”) construct. As a Coast Guard Duty Attorney, I have been called on
148
repeatedly to help discern the best way to address complex, multi-agency problems. Based on
that experience23 I believe this approach can be helpful when pondering the possible
interrelationships among documented resilience gaps, DHS-recommended resilience
enhancement options for addressing them, and any recurring systemic barriers to resilience
suggested by the case evidence.
The ACCCP construct is presented, among other places, in Coast Guard Publication 7-0;
that agency’s doctrine for strategically managing its overall “capability,” which it defines as the
“ability to execute a specified course of action” to fulfill any of its many statutorily imposed
missions or other responsibilities (USCG 2013, 1–5).24 For present purposes, I adapted this
construct when considering a given infrastructure asset or system’s ability to execute its intended
core function. According to the ACCCP framework, ensuring the existence and continuity of
this ability requires having appropriate authorities, capabilities, competencies, capacity, and
partnerships. The following discussion briefly reviews each concept as applied here.
Authority is simply the legal or regulatory power to undertake a certain act or function.
(It is often considered alongside jurisdiction: the substantive, personal, and geo-political domains
in which authority may be lawfully exercised.) In considering a given resilience gap or barrier, I
found it useful to consider what entities or agencies had, or perhaps should have, the authority to
address the identified gap or systemic roadblock to improvement. In some cases a lack of
23 Elements of this construct appear in the definition of resilience gaps that I adopted for this work (in the absence of any clear definition of “gap” in the RRAP reports themselves), and in the parent nodes of my resilience gap coding scheme. 24 The exact origin of the ACCCP framework is unclear, although many attribute the construct to Brad Kieserman, then-head of the Coast Guard Operation’s Law Group within the Office of Maritime and International Law (CG-0941). Mr. Kieserman later went on to serve as Chief Counsel for FEMA, and most recently as that agency’s Deputy Associate Administrator for Federal Insurance before leaving that post to serve as Vice President of Disaster Operations and Logistics with the American Red Cross.
149
authority, or overlapping authorities, was itself a governance-related barrier to improving
resilience.
Capability, within the Coast Guard’s ACCCP construct, “refers to platforms or systems
that are physical assets, such as planes, ships, buildings, information systems, etc.” (USCG 2013,
1–5). Clearly, many resilience gaps are asset-focused. Quickly distinguishing whether
something was an asset-based or authority-related issue proved useful in considering and
evaluating the case evidence for indications of what types of barriers might have led to (or
perpetuated) the gap.
The competency component of the ACCCP construct brings in the human dimension,
and refers to the presence (or absence) of operators and technicians, first responders, etc. who are
appropriately suited to perform a specified function or role. Numerous gaps in the case evidence
involved the inadequate training of first responders, or the lack of knowledge or awareness of
facility owners and operators. Looking for evidence as to why a lack of competency issue
existed raises fundamentally different questions than those prompted by a noted lack of authority
or capability.
Capacity, the third “C” in the ACCCP construct, is related to both the capability and
competency components. It refers to the relative depth and ability of these resources compared
to the demand. Furthering the previous examples, a capacity problem arises when there are some
first responders who are sufficiently trained to deal with a given contingency (e.g., qualified
HAZMAT personnel), but not enough of them for the scope of the situation at hand. Capacity
issues also surfaced in the context of physical assets such as available hospital beds, sufficient
electric transmission and distribution lines, alternative sources of water. Importantly, viewing a
given identified gap as a capacity issue often implicates different barriers than an overall lack of
150
capability or competency in the first place; the later potentially implicating more troublesome
awareness and cognitive issues more so than simple ever-present resource constraints.
The partnerships component of the ACCCP construct is meant to trigger thought about
the broader field of potential players, resources, and the dependencies/interdependencies among
them that are implicated in a given situation. This component has clear relevance for resilience,
especially when it is viewed from a systems perspective.
This ACCCP model served as my mental crosswalk when looking for barriers underlying
noted gaps. That is, it proved useful in framing my thoughts and inquiries in the iterative
inductive/deductive coding and analysis process. As such, it could also serve as a useful
construct for divining, or confirming the appropriateness of any suggested, resilience
enhancement options. If a given gap arises from a lack of authority, and is thus perpetuated by a
governance barrier, asset or personnel-based resilience enhancement options may be ineffective
in removing the underlying systemic barrier, at least in the long term. Moreover, “fixing”
authority issues – or any governance issue – implicates a different set of necessary actors than
simply hardening an asset, or increasing the number of redundant components. This ACCCP is
but one possible way to discern which systemic barriers might underlie any noted resilience gap.
Whatever systems are developed or refined to this end, better understanding this linkage is an
important step to advancing the value of resilience-related research for improving homeland
security.
IV. Additional RRAP Data should be Exploited to Further this Effort; Greater Access to PCII Information Would Facilitate This Needed Research.
According to the RRAP program managers interviewed for this research, less than ten
people have read all 33 RRAP reports coded and analyzed in this research, let alone studied them
151
in any detail. These cases – the only ones available at the time this effort began – enabled me to
discern and share the numerous findings and broader implications set forth above. It is
appropriate to pause here to reiterate and acknowledge three important limitations of this data.
First, the included RRAP reports focused on only eight of the 16 categories of critical set
forth in the National Infrastructure Protection Plan: agriculture and food, commercial facilities
(including port facilities), dams, defense industrial base, energy, healthcare and public health,
transportation, and water. This effort’s assessment of “common” gaps is thus limited to
commonalities associated within this relatively narrow field. The “member checking” process –
which, as detailed in Chapter 3, involved several group conference calls and four individual
interviews with key RRAP process owners and administrators – bolsters this effort’s findings to
some degree. The RRAP officials interviewed for this research confirmed, to a person, that they
are seeing the same key gaps (and barriers, while admittedly still not an official subject of their
inquiry) identified in this cross-case study in subsequent RRAP projects involving additional
sectors (and regions) not considered here. Still, further research is needed to confirm the
pervasiveness of the gaps highlighted in this work in other infrastructure sectors and regions (i.e.,
to test the transferability of these findings to other research settings).
Second, the over-representation of energy, transportation, and commercial facility-
focused projects, which collectively account for nearly 75% of the RRAP projects studied in this
research, limited the robustness of this study’s intra and cross-sector analyses. Public health,
water and wastewater, dams, and the defense industrial base were each the focus of only one or
two studied RRAP projects. While numerous critical infrastructure sectors are addressed in each
project in some fashion, they are not necessarily the focus of attention.
152
Third, while the coded RRAP projects covered nine of 11 mega regions (and ten
geographic areas that fell outside of these conglomerations of interconnected metropolitan areas),
the distribution of sector focus areas researched within these regions was far from uniform and
limited by the small number of projects with the limited focus areas noted above. Future
research can address the threats to validity imposed by these limitations by simply adopting the
coding schemes and methodology developed in this work, and applying them to future RRAP
projects, including the 15 (and counting) that have been finalized since this research began.
In addition to considering a broader swath of data, there is an opportunity, if not need, to
dig deeper into the RRAP body of work. As explained in Chapter 3, this research is based on a
line-by-line coding and analysis of the RRAP Resilience Assessments (i.e., each project’s final
product). As this was the first attempt to explore this body of work in a systematic fashion, it
made sense to develop a process that could be employed consistently across all past case studies.
(An implied objective of this research was to assess the potential value of the RRAP data itself.)
Accordingly, this effort did not explore the various underlying interviews and assessment tools,
which vary in number and type for each project, that provide the raw data on which the final
RRAP reports are based. Future researchers should mine this underlying field of information for
additional insights into the gaps and barriers noted herein. To the extent barrier evidence often
surfaced anecdotally in text justifying specific proposed resilience enhancement options, it is
likely that this underlying material contains valuable evidence that was excluded from the final
reports, especially as the final products were honed down over time to provide more tightly
written analyses targeted to the needs of each project’s client. Such data was simply beyond the
scope of the present effort.
153
Of course, any further analysis of additional RRAP reports, or the underlying data
collected to support them, depends on researchers having access to this valuable information. As
critical insights were often embedded in sections of the Resiliency Assessments labeled as
Protected Critical Infrastructure Information – the distribution of which is closely controlled –
the Department of Homeland Security should continue to carefully evaluate how RRAP products
are marked to ensure that only that information meriting enhanced protections is so labeled.
To the extent the program itself sees value in the present work, or in the promise of future
related efforts, it should look for ways to grant other researchers similar access, with the
understanding that cross-sector and cross-region themes discerned from sensitive information
can be generalized and shared with a broader audience with appropriate review. (Ensuring the
present work was devoid of Protected Critical Infrastructure Information, for example, took only
three weeks from submission for review.)
The RRAP personnel interviewed in this effort acknowledged the value of a more open
and accessible approach to resilience research. It is to this, and similar broader recommendations
that this dissertation now turns.
V. This Research Provides Important Insights for Academics Concerning Policy-Focused Research Methodologies and the Study of Resilience itself; as well as for Senior Policymakers interested in Strengthening Resilience, and through it, Homeland Security.
The lessons and insights this research provides extend beyond those, set forth above, that
are tied to specific research questions and findings. This final section builds upon the
conclusions and recommendations set forth above by considering the broader experience of the
entire research process and the underlying literatures on which it is based to offer suggestions
for: (1) expanding policy-relevant research through similar qualitative study of diverse
154
government case studies and reports; (2) improving interdisciplinary efforts that seek to better
understand and advance the concept of critical infrastructure (and other forms of) resilience; and
(3) enhancing the Department of Homeland Security’s approach to strengthening resilience and
homeland security more broadly. Each is discussed in turn.
A. DHS and other researchers should consider wider use of qualitative, cross-case research methodologies to analyze the expanding universe of extant, but under-studied, homeland security assessments and reports.
As explained in Chapter 3, this research project adopted a qualitative, case-based research
design to discern common characteristics and barriers to resilience that might be captured, but
not readily apparent or fully explored, in a series of multi-year government case studies produced
by an evolving voluntary assessment program. While the limitations of the cases – namely, the
relatively small number of projects available for study, their disparate focus, and their
intentionally wide geographic distribution – limited the ability to fully answer every research
question of interest, the underlying data nonetheless yielded many important themes and
findings. Future research should employ similar methodologies to analyze other underutilized
government case studies and reports. This effort’s ability to pull useful themes from the RRAP
case data affirms that there is value in secondary analyses of the ever-growing number of
existing government reports being generated to inform resilience and homeland security
improvement efforts. All too often, the government simply has not found the time or resources
to analyze and integrate the data already in its possession.
For example, a recent Government Accountability Office (GAO) study concerning
critical infrastructure protection found that DHS offices and component agencies frequently
require or invite critical infrastructure owners and operators to undertake numerous assessments
155
of the same assets and systems (Caldwell 2014). This fragmented,25 overlapping,26 and
sometimes duplicitous27 approach to studying critical infrastructure has led to what some have
called “federal fatigue” – a “weariness among [critical infrastructure] owners and operators who
have been repeatedly approached or required by multiple federal agencies and DHS offices to
participate in or complete assessments” (Ibid., 30). Table 5-1, below, reproduces a figure created
by the GAO to illustrate the degree of overlap among ten critical infrastructure assessment tools
deployed by DHS offices and component agencies from 2011-2013.
Table 5-1: Overlap of DHS Voluntary or Required Critical Infrastructure Assessments
(adapted from Caldwell 2014) DHS Office or Component U.S. Coast Guard National Protection & Programs Directorate TSA
Critical Infrastructure Sector
Federal Protective
Service
Infrastructure Security
Compliance Division
Protective Security
Coordination Division
Chemical x x x Commercial Facilities x x x x Communications x x Critical Manufacturing x x x Dams x x Emergency Services x x Information Technology x x x Nuclear Reactors, Material, and Waste x Food and Agriculture x x x x Defense Industrial Base x x x x Energy x x x x x Healthcare and Public Health x x Financial Services x x x Water and Wastewater Systems x x x Government Facilitates x x x x Transportation Systems x x x x
25 The GAO uses the term “fragmentation” to describe a situation where more than one office or agency “is involved in the same broad area of national interest” (Caldwell 2014, 12). 26 The term “overlap” is used in this context to indicate “when multiple programs have similar goals, engage in similar activities or strategies to achieve those goals, or target similar beneficiaries. Overlap may result from statutory or other limitations beyond the agency’s control” (Ibid., 12). 27 Duplication exists, in the GAO’s classification scheme, “when two or more agencies or programs are engaging in the same activities or providing the same services to the same beneficiaries” (Ibid., 12).
156
Importantly for present purpose, an overarching conclusion of the GAO’s investigation
was that the lack of common standards, definitions, and metrics in the Department’s various
infrastructure assessment instruments makes it difficult for DHS to integrate the findings of these
various reports to look for common themes. It is unclear to what extent DHS has attempted to do
so. Regardless, the methodology in this research is ideally suited to this end.
As discussed elsewhere in this dissertation, the RRAP process that produced the data on
which this research was based is changing and continues to mature through time. That
maturation, which includes different areas of emphasis, participants, and reporting formats, did
not preclude the ability to conduct a productive cross-case analysis. It was possible to track the
progression of RRAP processes by developing supplemental coding schemes for key definitions
and research activities used in each case study. After re-reading the material coded to these
schemes, which provided a sense of the evolution itself, I interviewed RRAP process owners to
further explore and understand the program’s changes through time. The qualitative analysis of
gap and barrier coding references reflected an enhanced understanding of this evolution. (A true
longitudinal study of the Regional Resilience Assessment Program across a longer span of time
would be a worthwhile subject for future research.)
If academia can be granted greater access to the broad range of vulnerability reports and
critical infrastructure assessments that DHS already produces – subject to appropriate controls –
academic researchers could provide DHS (and wider audiences) important insights into
underappreciated cross-case and cross-program themes that are buried in existing government
data. As documented in this dissertation, there are challenges with attempting to compare
diverse studies that involve differing settings, researchers, participants, and analytic processes.
For example, Chapter 4 shows how the relatively few RRAP case studies undertaken in any
157
given geographic area, combined with the program’s intentionally wide distribution of
substantive areas of emphasis for each, makes it difficult to detect any strong correlations
between the observed systemic barriers and any given geographic locale or infrastructure sector.
Moreover, the comparatively higher percentage of law enforcement and security participants in
the first RRAP projects yielded – as is referenced later in this chapter – a disproportionately
greater number of physical security-based resilience gaps in the early project reports.
Additionally, the differing report formats – from long narratives structured around a changing
definition of resilience; to shorter, more client-focused key findings – provide differing levels of
insight into the underlying data. Despite such complications, strong themes emerged in a
diversity of contexts, making them all the more legitimate. They are also potentially more
generalizable to other contexts as a result. Such “hidden” insights are worth seeking in similar
bodies of understudied DHS work, such as the waterfront and chemical facility assessments
required by the Marine Transportation Security Act (MTSA) and the “Protecting and Securing
Chemical Facilities from Terrorist Attacks Act of 2014 (“the CFATS Act”), which are produced
by the Coast Guard and the National Protection and Programs Directorate, respectively. The
methodology in this dissertation can help to do so.
Numerous agencies outside of DHS conduct infrastructure assessments that could be
targeted for future research using this, or similar, methodologies as well. Table 5-2, on the
following page, provides a representative list of instruments – developed by the GAO – that
likely also contain prevalent, but currently underappreciated resilience (and security) gap and
barrier themes. Moreover, the research design in this dissertation has potential application
beyond the myriad critical infrastructure assessments that GAO found (although there is clearly
ample work to be done in that particular context).
158
Table 5-2: Infrastructure Assessments Conducted by Agencies External to DHS That Could Be Further Exploited By This Dissertation’s Secondary Analysis Methodology
(portions reprinted verbatim from Caldwell 2014, Table 9) Agency Assessment Tool Description Environmental Protection Agency (EPA)
Vulnerability Self-Assessment Tool (VSAT)
VSAT is a risk assessment software tool for water, wastewater, and combined utilities of all sizes to assist owners and operators in performing security threats and natural hazards risk assessments, among other things.
Climate Resilience Evaluation and Awareness Tool (CREAT)
CREAT is a self-assessment tool that allows users to evaluate potential impacts of climate change on their utilities and to evaluate adaptation options to address these impacts using both traditional risk assessment and scenario-based decision-making. CREAT includes a database of drinking water and wastewater utility assets (e.g., water resources, treatment plants, and pump stations) that could be affected by climate change, possible climate change-related threats (e.g., flooding, drought, or water quality), and adaptive measures that can be implemented to reduce the impacts of climate change.
Federal Energy Regulatory Commission (FERC)
Dam Assessment Matrix for Security Vulnerability and Risk (DAMSVR)
DAMSVR is a vulnerability assessment methodology for dams developed by FERC in association with state dam safety officials. It is one tool that can be used to meet FERC regulatory requirements. FERC requires owners and operators of the higher criticality-ranked dam facilities to complete a vulnerability assessment of their facility and update it periodically.
U.S. Department of Health and Human Services (HHS) Food and Drug Administration (FDA) U.S. Department of Agriculture (USDA)
Vulnerability Assessment Software Tool
The Vulnerability Assessment Software Tool uses the CARVER+ Shock methodology to identify areas that may be vulnerable to an attacker. CARVER is an acronym for the following six attributes used to evaluate the attractiveness of a target for attack: • Criticality – measure of public health and economic impacts of an
attack • Accessibility – ability to physically access and egress from target • Recuperability – ability of system to recover from an attack • Vulnerability – ease of accomplishing attack • Effect – amount of direct loss from an attack as measured by loss in
production • Recognizability – ease of identifying a target • A seventh attribute, Shock, has been added to the original six to assess
the combined health, economic, and psychological impacts of an attack within the food industry.
Department of Energy (DOE)
Radiological Voluntary Security Enhancements
Under this program, security experts from DOE’s national laboratories, led by NNSA staff, provide security assessments, share observations, and make recommendations for enhancing security at facilities that house high-risk radioactive sources.
National Nuclear Security Administration (NNSA)
Research and Test Reactors Voluntary Security Enhancement Program
NNSA conducts site visits and makes recommendations for voluntary security enhancements at research and test reactors. Security enhancements are jointly determined by NNSA and the facility owner and operator and are funded by NNSA.
159
The close relationship between resilience and preparedness28 suggests that much could be
learned from further detailed study of the Threat and Hazard Identification and Risk Assessments
(THIRA) and annual State Preparedness Reports required of those seeking DHS grants. Even
the grant applications tied to these reports themselves potentially could be mined through this
research’s methodology to discern cross-sector and cross-region trends and themes. Many of the
RRAP personnel interviewed for this research expressed regret that the “tyranny of the present,”
and the lack of appropriations to undertake cross-case or longitudinal studies of their own work
prevented them from doing so. Rather than risk further “federal fatigue” by simply deploying
additional assessment tools, DHS should also invest in leveraging this study’s methodology and
in utilizing the abundant resources that academia can bring to bear to further exploit its existing
data and refine future analyses.
B. To advance national understanding and application of resilience, future research efforts must incorporate a broader array of academic disciplines and professional backgrounds.
The absence of comprehensive plans and planning, the pervasiveness of “systems
ignorance,” and the prevalence of unknown information documented in this work together
suggest that future research, planning, and public-private partnership efforts – including, but not
limited to, the Regional Resiliency Assessment Program itself – must incorporate more
disciplines and perspectives if we are to better understand and advance infrastructure, regional,
and, ultimately, national resilience. As the review of various definitions of resilience and
28 The Community and Regional Resilience Institute (CARRI) distinguishes resilience from preparedness by noting that resilience includes more activities that are further “upstream” (or, “left of boom”), to address chronic conditions within communities that many conceptualizations of preparedness omit (CARRI 2011, 13). Kahan, for his part, suggests that the current emphasis on preparedness set forth in PPD-8 and the National Preparedness Goal will ultimately lead to improved resilience. Interestingly, he suggests that “too much of a focus on operationalizing resilience would have the effect of putting the resilience cart before the preparedness horse” (2015, 11). However this relationship is conceptualized, there is sufficient overlap to make study of THIRA and state preparedness reports valuable to resilience researches, if not for its own sake.
160
associated measurement and assessment schemes in Chapter 2 made clear, the concept of
resilience, however defined, is consistently conceptualized as having multiple component aspects
that must be viewed and assessed across multiple domains. Whether adopting Bruneau et al.’s
“TOSE” dimensions (technical, organization, social, and economic) (2003) or Cutter, et al.’s
five-dimension formulation involving social, economic, institutional, infrastructure, community,
and capital aspects (2010), scholars agree that resilience cannot be effectively studied, or
improved, exclusively through focusing on a specific infrastructure asset or system. The
numerous gaps and barriers noted in the RRAP cases that are tied to the human interactions with
these systems, our failure to understand them, and the planning and coordination deficiencies
that impair our ability to restore system function in the wake of disruption underscore this point.
The need to consider multiple domains when researching resilience is made all the more
critical in light of our cognitive limitations with handling the complexity and uncertainty
associated with critical infrastructure. As detailed in Chapter 2, the work of Kahneman (2013)
and others (see, e.g., Steinbruner 1973; Allison and Zelikow 1999; Kunreuther and Michel-
Kerjan 2013; Woods et al. 2010) collectively suggests that decision makers – and researchers –
will have a natural tendency to interpret messy, complicated issues through frameworks with
which they are most comfortable or familiar. (This tendency can be clearly seen in the
disproportionately high presence of physical security-focused “resilience” gaps in the earliest
RRAP reports in which law enforcement and security personnel were the primary study
participants.)
One way to overcome these challenges and limitations is to rethink which individuals and
agencies are included – and through them, what collective perspectives and experiences can be
brought to bear – in future research. To do this, researchers must carefully consider the scope of
161
subjects and perspectives that should be incorporated in future inquiries. Future RRAP projects,
for example, should include a broader array of participants to supplement the perspectives of
infrastructure owners, operators, and regulators that have been traditionally included. The
growing literature on disaster resilience supports this approach and is instructive to this end.
Longstaff et al. (2010); Cutter, Burton, and Emrich (2010); and the Community and Regional
Resilience Initiative’s “Community Resilience System” (2011; 2013) all suggest, in some form
or fashion, that to understand the resilience of any given region, the concept must be considered
across several key domains: critical infrastructure, economics (to include the viewpoint of
commercial business interests), institutions (i.e., governance), and society (e.g., social
organizations and other members of civil society). Future RRAP projects should be sure to
include representatives from each of these domains given the inextricable link between
infrastructure, its surrounding environment, and human interactions with each. The additional
perspectives of community groups and non-governmental organizations – including but not
limited to churches, chambers of commerce, economic development organizations, parent-
teacher associations, and local chapters of the American Red Cross, United Way, and Salvation
Army – as well as the perspectives of citizens and policymakers are critical to understanding the
essential functions and capabilities that a given region or community needs, and for determining
the acceptable levels of degradation and recovery timelines that should be incorporated into truly
comprehensive planning efforts.
We must also broaden the range of academic specialties and research methodologies that
are included in resilience research. My research findings and broader experience suggest that
improving infrastructure, and ultimately, national resilience, will require expertise and insights
drawn from a much larger array of academic disciplines and professional backgrounds than were
162
included in any of the projects examined in this work. The RRAP projects themselves reflect a
growing incorporation and appreciation for the perspectives of emergency managers and
contingency planners in resilience research. More recent RRAP projects, for example, have
involved far more detailed planning analyses that build on a given region’s system dependencies
and interdependencies by evaluating response and restoration prioritization for individual assets
and systems in emergency management and business continuity plans. Such professional
perspectives help communities to shift their efforts “left of boom” to be better prepared to
respond effectively and recover faster from disruptions. The insights of city managers, urban
planners, and architects; as well as civil, environmental, and resilience engineers could be
leveraged in resilience research in a similar fashion to shift analysis and efforts even further
“upstream” (CARRI 2011, 13). These disciplines would shed greater light not only on how
existing infrastructure systems could be made more resilient, but on how communities
themselves might be reconsidered and potentially redesigned to remove critical points of failure,
or a region’s (over)dependence on some systems entirely.
C. DHS should explore ways to be more open and transparent with it processes and information, create incentives to ensure broader participation in resilience enhancement efforts, and shift its emphasis from sector-focused studies to more inclusive, regional, multi-sector projects.
The foregoing observations collectively suggest the need for DHS to rethink its approach
to resilience and homeland security in at least three areas. First, DHS must address the need for
more inclusive research, planning, and partnerships, as outlined above, by finding ways to make
its overall approach to resilience and homeland security more open and transparent. It could start
by lessening the barriers to research associated with how the Department handles For Official
Use Only (FOUO) and Protected Critical Infrastructure Information (PCII). We cannot afford
the indiscriminate release of critical infrastructure vulnerabilities that could potentially be
163
exploited by terrorists. The nature of the RRAP data used in this research project however,
suggests that there has been a frequent and reflexive tendency to over-classify information. The
difficulty in parsing out precisely what information should be protected from public release is a
solvable problem that has not received sufficient attention.
As outlined elsewhere in this work, access to critical infrastructure information is
frequently impaired by the Department’s routine practice of labeling entire reports, or large
sections thereof, as either PCII or FOUO without any attempt to delineate the specific
information contained therein that merits the associated handling and dissemination restrictions.
Two simple changes to this practice would provide more open access to less sensitive, but
potentially insightful information. First, DHS should adopt an information-labeling regime
similar to that used for “classified” national security information (i.e, “confidential,” “secret,”
and “top secret” materials). In that system, every individual sentence or paragraph is generally
marked with its corresponding level of classification. This approach dramatically eases the
process of redacting sensitive data to produce derivative documents with lower classification
levels that are suitable for wider audiences. Second, using the aforementioned labeling scheme,
DHS should routinely make publicly releasable versions (or summaries) of its resilience studies
and related reports. To my knowledge, there are no such versions of any RRAP reports. Much
of the government’s invaluable research data has not been fully exploited simply because few
people outside of (and within) DHS, beyond those entities that have participated in a specific
project or program, know it exists. Taking these two simple steps will ensure sensitive data
remains appropriately protected, while providing regional stakeholders, interested researchers,
and concerned citizens a better sense of the programs that exist, and their respective bodies of
work, that may merit further study and engagement.
164
A more open, transparent approach aligns with, and would facilitate, the “whole
community” concept set forth in the National Preparedness Goal. Proper planning and
preparedness – and through them, greater infrastructure understanding and resilience – are
dependent on eliminating systems ignorance and unknown information. In order for more
perspectives and disciplines to be better leveraged in addressing the messy, complex problems of
homeland security, a larger array of personnel must be trusted to be “at the table.” In addition to
making public summaries of its reports available, DHS should grant more researches access to its
protected critical infrastructure information. As a Coast Guard officer, I was able to leverage my
federal status to gain access to all RRAP data. To the extent federal contractors are routinely
granted access to far more sensitive information, the Department should explore an analogous
academic credentialing program that grants researchers (whether at federal, public, or private
institutions) access to PCII and FOUO material.
It will always be individually “safer” for government employees to over-classify and
retain information than to sign off on its release or to share it. (The RRAP management team
should be commended for their willingness to do so for this work; they saw the value of an
external, objective review of their work.) As the National Commission on Terrorist Attacks
against the United States (the “9/11 Commission”) famously pointed out, it may not be “safer”
for the nation in the long when agencies retain information. Senior executives and political
appointees within DHS and beyond should engage on this issue to continually re-evaluate the
costs and benefits of the current balance between information protection and sharing and the
process used to achieve it. The documented prevalence of infrastructure systems ignorance, the
pervasive lack of comprehensive planning and poor coordination suggest the need to strike a new
165
balance. Ultimately, the government must decide the extent to which it trusts the very people it
exists to protect.
Beyond ensuring researchers have greater access to its infrastructure resilience data, DHS
should leverage existing grant programs to generate greater interest and participation in its
critical infrastructure protection and resilience enhancement activities. The voluntary nature of
the RRAP, and many other DHS assessment initiatives, impairs the ability to draw certain cross-
sector or cross-case conclusions from these growing bodies of work. As a 2013 GAO study of
the Regional Resiliency Assessment Program highlighted, the ability to have meaningful
measures of resilience for any given sector is largely dependent on the willingness of, and extent
to which, critical infrastructure stakeholders within that sector agree to engage with DHS
(Caldwell 2013, 27). The RRAP management team’s tendency, if not need, to adjust the scope
of its projects to the stated desires of its “clients” is perfectly understandable given the voluntary
nature of the program. Moreover, there is great value in ensuring any federal funds that are
expended to study regional resilience are used to address those needs identified by the state and
local entities that know them best.
This approach, however, undermines the program’s, and other potential researchers’,
ability to draw inferences from the absence of gaps or barriers in any specific study. For this
research, the drastically different scoping of RRAP studies, among other factors, significantly
limited the ability to conduct further quantitative analyses of the coding counts. In the
qualitative evaluation of coded RRAP case data, the absence of an otherwise common gap or
barrier in any one case could often be attributed to the limited inquiry of the project in question.
More consistent scoping of future projects would enable a broader resilience picture while also
facilitating deeper secondary, cross-case analysis. Given the tendency for “federal fatigue” noted
166
above, creating unfunded mandates to garner increased participation in such programs may be
counter-productive. Instead, DHS should consider other ways to incentivize participation to
ensure future projects benefit from the broadest sector representation possible while avoiding the
need to drastically scale the emphasis and depth of inquiry to entice cooperation. An obvious
start would be to consider making any number of DHS preparedness grants contingent on
participating in one or more resiliency assessments. The Department should also work with
other cabinet departments and agencies to link other federal infrastructure improvement funds,
such as those administered by the Departments of Transportation, Energy, and Housing and
Urban Development, to the resilience enhance options the RRAP and related programs produce.
Finally, the challenges and shortcomings to studying resilience through the perspective of
one, or a select few, of 16 specified critical infrastructure sectors, underscore the need to attempt
more ambitious, regionally focused, multi-sector studies. By design, each RRAP case focuses on
one or more of the critical infrastructure sectors outlined in the National Infrastructure Protection
Plan. Unlike many other DHS assessment initiatives, each RRAP project also explores that
sector’s dependencies, and interdependencies, with the lifeline critical infrastructure sectors that
support it. This broader perspective is important, but it only begins to reveal the full picture of
how these systems are connected with others in a given community, region, or megaregion.
The sector-based approach of the National Infrastructure Protection Plan (NIPP), which
includes Sector-Specific Agencies (SSAs) and Sector Coordinating Councils (SCCs), arguably
stems from a desire to find common challenges and best practices within each sector. To some
extent, this framework simplifies the challenge of infrastructure protection by partitioning it into
familiar, more manageable chunks. Given the unavoidable, messy interconnections of these
167
sectors and systems, however, this approach inevitably leads to the fragmentation, overlap, and
duplicity of assessment initiatives discussed above.
To address this inevitable interconnectivity, the NIPP also provides for cross-sector
coordination structures such as the Critical Infrastructure Cross-Sector Council, which includes
the chairs and vice-chairs of the various SCCs. DHS should employ a similar cross-sector
approach in its regional assessments of resilience by including more sector perspectives in each
project. That is, for at least some future projects, rather than undertaking regional resilience
assessments that focus on one or a few designated sectors and the lifeline systems that support
them, DHS should attempt to include the perspective of as many sectors as possible that are
operating in any given region. The Coast Guard’s Area Maritime Security Committees
(AMSCs), which bring together all stakeholders within a given port community to identify and
address its threats and vulnerabilities, could serve as a potential model. Adopting a true a multi-
sector approach to addressing regional resilience will facilitate better understanding of how each
of the 16 sectors place different demands on the supporting lifeline systems, and through them,
each other. While the increased number of participants and analytic complexity associated with
such more encompassing projects would surely require greater funding and manpower, this is the
type of investment we must make to become a more resilient nation.
Conclusion
This research identified and explored recurring “resilience gaps” and systemic barriers
that enable them in the hope that a greater awareness and understanding of such widespread
shortcomings and systemic challenges will facilitate their removal. The limitations of the data
scoped within this effort, the complexities of the systems involved, and the prevalence of
168
unknown (or unshared) information ultimately made some aspects of this dissertation’s four
research questions difficult to fully answer. At the same time, these very conditions suggest
areas for future research and policies (including those related to the disclosure of critical
infrastructure information and lessons learned) that merit further review. Importantly, the four
recurring resilience gaps, and five pervasive systemic barriers to their removal that emerged in
this effort’s cross-case analysis of the RRAP data, as detailed above, provide a critical
contribution to better understanding the homeland security and critical infrastructure-related
challenges we face as a nation. It is my hope that the continuing work of the Regional
Resiliency Assessment Program, and research, such as this, that builds thereon, will indeed
enable deeper and wider understanding of infrastructure systems, and spur the associated policy
improvements needed to enhance homeland security, minimize property damage, and, ultimately,
save lives.
Appendix A
173
References
Abramson, David M., and Irwin Redlener. 2012. “Hurricane Sandy: Lessons Learned, Again.” Disaster Medicine and Public Health Preparedness 6 (04): 328–29. doi:10.1001/dmp.2012.76.
Alderson, David L., Gerald G. Brown, and W. Matthew Carlyle. 2014. “Assessing and Improving Operational Resilience of Critical Infrastructures and Other Systems.” In Tutorials in Operations Research: Bridging Data and Decision, edited by A. Neuman and J. Leung, 180–215. Hanover, MD: Institute for Operations Research and Management Science.
———. 2015. “Operational Models of Infrastructure Resilience.” Risk Analysis 35 (4): 562–86. doi:10.1111/risa.12333.
Alderson, David L., Gerald G. Brown, W. Matthew Carlyle, and Louis Anthony Cox. 2013. “Sometimes There Is No ‘Most-Vital’ Arc: Assessing and Improving the Operational Resilience of Systems.” Military Operations Research 18 (1): 21–37. doi:10.5711/1082598318121.
Allenby, Brad, and Jonathan Fink. 2005. “Toward Inherently Secure and Resilient Societies.” Science 309 (5737): 1034–36.
Allison, Graham, and Philip Zelikow. 1999. Essence of Decision: Explaining the Cuban Missile Crisis. 2 edition. New York: Pearson.
Anderson, W. A:, P. J. Kennedy, and E. Ressler. 2007. Handbook of Disaster Research. Edited by Havidan Rodriguez, Enrico L. Quarantelli, and Russell Dynes. 2006 edition. New York: Springer.
Aven, Terje. 2011. “On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience.” Risk Analysis 31 (4): 515–22. doi:10.1111/j.1539-6924.2010.01528.x.
Birkland, Thomas A. 1997. After Disaster : Agenda Setting, Public Policy, and Focusing Events. Washington, DC: Georgetown University Press.
———. 2006. Lessons of Disaster: Policy Change After Catastrophic Events. Georgetown University Press.
———. 2011. An Introduction to the Policy Process: Theories, Concepts, and Models of Public Policy Making. Armonk, NY: Sharpe.
Birkland, Thomas A., and Sarah E. DeYoung. 2011. “Emergency Response, Doctrinal Confusion, and Federalism in the Deepwater Horizon Oil Spill.” Publius 41 (3): 471–93.
174
Birkland, Thomas A., and S. Waterman. 2008. “Is Federalism the Reason for Policy Failure in Hurricane Katrina?” Publius 38 (4). doi:10.1093/publius/pjn020.
Brouillette, John R, and E. L Quarantelli. 1971. “Types of Patterned Variation in Bureaucratic Adaptations to Organizational Stress.” Sociological Inquiry 41 (1): 39–46.
Bruneau, Michel, Stephanie E. Chang, Ronald T. Eguchi, George C. Lee, Thomas D. O’Rourke, Andrei M. Reinhorn, Masanobu Shinozuka, Kathleen Tierney, William A. Wallace, and Detlof von Winterfeldt. 2003. “A Framework to Quantitatively Assess and Enhance the Seismic Resilience of Communities.” Earthquake Spectra 19 (4): 733–52. doi:10.1193/1.1623497.
Caldwell, Stephen. 2011. “Critical Infrastructure Protection: An Implementation Strategy Could Advance DHS’s Coordination of Resilience Efforts across Ports and Other Infrastructure.” GAO-13-11. Government Accountability Office. http://www.gao.gov/products/GAO-13-11.
———. 2013. “Critical Infrastructure Protection: DHS Could Strengthen the Management of the Regional Resiliency Assessment Program.” GAO-13-616. Government Accountability Office. http://www.gao.gov/products/GAO-13-616.
———. 2014. “Critical Infrastructure Protection: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts.” GAO-14-507. Government Accountability Office. http://www.gao.gov/products/GAO-14-507.
Carlson, L., G. Bassett, W. Buehring, M. Collins, M. Folga, B. Haffenden, F. Petit, J. Phillips, D. Verner, and R. Whitfield. 2012. “Resilience: Theory and Applications.” ANL/DIS-12-1. Argonne National Laboratory, Decisions and Information Sciences Division. http://www.dis.anl.gov/pubs/72218.pdf.
CARRI. 2011. “Community Resilience System Initiative (CRSI) Steering Committee Final Report — a Roadmap to Increased Community Resilience.”
———. 2013. “Building Resilience in America’s Communities: Observations and Implications of the CRS Pilots.” http://www.resilientus.org/wp-content/uploads/2013/05/CRS-Final-Report.pdf.
Center for Resilience Studies. 2015. “After Superstorm Sandy - Bolstering the Resilience of Metro-New York’s Infrastructure.” Center for Resilience at Northeastern University. Accessed March 18. http://www.northeastern.edu/resilience/programs/sloan-foundation/.
Christopher, Martin. 2011. Logistics and Supply Chain Management. 4 edition. Harlow, England ; New York: FT Press.
Christopher, Martin, and Helen Peck. 2004. “Building the Resilient Supply Chain.” The International Journal of Logistics Management 15 (2): 1–14. doi:10.1108/09574090410700275.
175
Coulam, Robert F. 1977. Illusions of Choice: The F-111 and the Problem of Weapons Acquisition Reform. Y First edition edition. Princeton, N.J: Princeton Univ Pr.
Coutu, Diane. 2002. “How Resilience Works.” Harvard Business Review. May. https://hbr.org/2002/05/how-resilience-works.
Cranfield University. 2002. “Why Companies Need To Constantly Build Their ‘Survival Mode’ Skills.” Cranfield, UK: Cranfield School of Business.
Creswell, J. W. 2013. Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 4th Edition. 4th edition. Thousand Oaks: SAGE Publications, Inc.
Creswell, J. W., and D. Miller. 2000. “Determining Validity in Qualitative Inquiry.” Theory Into Practice 39 (3): 124.
Cutter, Susan L., Lindsey Barnes, Melissa Berry, Christopher Burton, Elijah Evans, Eric Tate, and Jennifer Webb. 2008. “Community and Regional Resilience: Perspectives from Hazards, Disasters, and Emergency Management.” CARRI Report 1. Community and Regional Resilience Initiative. http://www.resilientus.org/publications/research-reports/.
Cutter, Susan L., Christopher G. Burton, and Christopher T. Emrich. 2010. “Disaster Resilience Indicators for Benchmarking Baseline Conditions.” Journal of Homeland Security and Emergency Management 7 (1). http://www.degruyter.com/view/j/jhsem.2010.7.1/jhsem.2010.7.1.1732/jhsem.2010.7.1.1732.xml;jsessionid=42EE6FE88F6C463F298F91D6CDECF3DB.
DHS. 2008. “Department of Homeland Security Strategic Plan FY2008-2013: One Team, One Mission.” https://www.hsdl.org/?view&did=235371.
———. 2010a. “2010 Quadrennial Homeland Security Review (QHSR).” http://www.dhs.gov/publication/2010-quadrennial-homeland-security-review-qhsr.
———. 2010b. “New Jersey Exit 14 Integrated Protective Measures Analysis.” Resiliency Assessment.
———. 2011. “National Preparedness Goal.” http://www.fema.gov/national-preparedness-goal.
———. 2012. “Department of Homeland Security Strategic Plan FY2012-2016.” http://www.dhs.gov/strategic-plan-fiscal-years-fy-2012-2016.
———. 2013. “National Infrastructure Protection Plan: Partnering for Critical Infrastructure Security and Resilience.” http://www.dhs.gov/national-infrastructure-protection-plan.
———. 2014a. “Regional Resiliency Assessment Program: 33 Resiliency Assessments.”
———. 2014b. “2014 Quadrennial Homeland Security Review (QHSR).” June 18. http://www.dhs.gov/publication/2014-quadrennial-homeland-security-review-qhsr.
176
———. 2014c. “Regional Resiliency Assessment Program.” October 8. http://www.dhs.gov/regional-resiliency-assessment-program.
———. 2014d. “Enhanced Critical Infrastructure Protection.” December 4. http://www.dhs.gov/ecip.
———. 2015a. “Homeland Security Advisory Council.” April 20. http://www.dhs.gov/homeland-security-advisory-council.
———. 2015b. “Multi-Jurisdiction Improvised Explosive Device Security Planning (MJIEDSP) Program.” April 28. http://www.dhs.gov/mjiedsp.
———. 2015c. “National Infrastructure Advisory Council.” May 12. http://www.dhs.gov/national-infrastructure-advisory-council.
———. 2015d. “Enhanced Critical Infrastructure Protection Visit and the Infrastructure Survey Tool Fact Sheet.” https://www.dhs.gov/sites/default/files/publications/ecip-ist-fact-sheet-508.pdf.
———. 2015e. “Computer-Based Assessment Tool.” July 23. http://www.dhs.gov/computer-based-assessment-tool.
———. 2015f. “National Preparedness Goal (Second Edition).” http://www.fema.gov/media-library-data/1443799615171-2aae90be55041740f97e8532fc680d40/National_Preparedness_Goal_2nd_Edition.pdf.
Donahue, Amy K., and Robert V. Tuohy. 2006. “Lessons We Don’t Learn: A Study of the Lessons of Disasters, Why We Repeat Them, and How We Can Learn Them.” Homeland Security Affairs II (July): 1–28.
Dynes, Russell Rowe. 1970. Organized Behavior in Disaster. Lexington, Mass.: Heath Lexington Books.
FEMA. 2012. “Buffer Zone Protection Program (BZPP) Guidance and Application Kit.” February 29. https://www.fema.gov/media-library/assets/documents/20601.
Fiksel, Joseph. 2006. “Sustainability and Resilience: Toward a Systems Approach.” Sustainability: Science, Practice and Policy 2 (2): 14.
Finkel, Meir. 2011. On Flexibility: Recovery from Technological and Doctrinal Surprise on the Battlefield. Stanford University Press.
Fisher, R.E., G.W. Bassett, W.A. Buehring, M.J. Collins, D.C. Dickinson, L.K. Eaton, R.A. Haffenden, et al. 2010. “Constructing a Resilience Index for the Enhanced Critical Infrastructure Protection Program.” ANL/DIS 10-9. Argonne, Illinois: Argone National Laboratory, Decision and Information Sciences Division. http://www.ipd.anl.gov/anlpubs/2010/09/67823.pdf.
177
Flynn, Stephen. 2004. America the Vulnerable: How Our Government Is Failing to Protect Us from Terrorism. New York: HarperCollins.
———. 2015. “Bolstering Critical Infrastructure Resilience After Superstorm Sandy – Lessons for New York and the Nation.” Boston, MA: Center for Resilience Studies. http://www.northeastern.edu/resilience/programs/sloan-foundation/.
Gallardo, Luis. 2013. “Why Companies Need To Constantly Build Their ‘Survival Mode’ Skills.” Business Insider, March. http://www.businessinsider.com/the-case-for-resilience-redefining-the-terms-for-success-and-survival-2013-3.
Gilbert, S. W. 2010. “Disaster Resilience: A Guide to the Literature.” NIST Special Publication 1117. National Institution of Standards and Technology. http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906887.
Guba, Egon G., and Yvonna S. Lincoln. 1992. Effective Evaluation: Improving the Usefulness of Evaluation Results Through Responsive and Naturalistic Approaches. San Francisco: Jossey-Bass.
Gunderson, Lance H., Craig Reece Allen, and C. S. Holling, eds. 2009. Foundations of Ecological Resilience. 2 edition. Washington: Island Press.
Haimes, Yacov Y. 2006. “On the Definition of Vulnerabilities in Measuring Risks to Infrastructures.” Risk Analysis 26 (2): 293–96. doi:10.1111/j.1539-6924.2006.00755.x.
———. 2009. “On the Definition of Resilience in Systems.” Risk Analysis 29 (4): 498–501. doi:10.1111/j.1539-6924.2009.01216.x.
———. 2011. “Responses to Terje Aven’s Paper: On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience.” Risk Analysis 31 (5): 689–92. doi:10.1111/j.1539-6924.2011.01587.x.
Heinrich, H. W. 1931. Industrial Accident Prevention: A Scientific Approach. McGraw-Hill book Company, Incorporated.
Heinrich, H. W., Dan Petersen, and Nestor R. Roos. 1980. Industrial Accident Prevention : A Safety Management Approach. 5th ed. New York: McGraw-Hill.
Holling, C. S. 1973. “Resilience and Stability of Ecological Systems.” Annual Review of Ecology and Systematics 4: 1–23.
Hollnagel, Erik. 2007. “Resilience - the Challenge of the Unstable.” In Resilience Engineering: Concepts and Precepts, edited by Erik Hollnagel, David D. Woods, and Nancy Leveson, 410. Ashgate Publishing, Ltd.
Hollnagel, Erik, David D. Woods, and Nancy Leveson, eds. 2006. Resilience Engineering: Concepts And Precepts. Aldershot, England ; Burlington, VT: Ashgate Pub Co.
178
———. , eds. 2007. Resilience Engineering: Concepts and Precepts. Ashgate Publishing, Ltd.
Homeland Security Coucil. 2007. “The National Strategy For Homeland Security.” http://www.dhs.gov/national-strategy-homeland-security-october-2007.
HSAC. 2011. “Community Resilience Task Force Recommendations.” Homeland Security Advisory Council. http://www.dhs.gov/xlibrary/assets/hsac-community-resilience-task-force-recommendations-072011.pdf.
Kahan, Jerome H. 2013. “What’s in a Name? The Meaning of Homeland Security.” The Journal of Homeland Security Education 2: 1–18.
———. 2015. “Resilience Redux: Buzzword or Basis for Homeland Security.” Homeland Security Affairs 11 (February). doi:10.2202/1547-7355.1675.
Kahan, Jerome H., Andrew C. Allen, and Justin K. George. 2009. “An Operational Framework for Resilience.” Journal of Homeland Security and Emergency Management 6 (1). doi:10.2202/1547-7355.1675.
Kahneman, Daniel. 2013. Thinking, Fast and Slow. Reprint edition. New York: Farrar, Straus and Giroux.
Kanter, Rosabeth Moss. 2013. “Surprises Are the New Normal; Resilience Is the New Skill.” Harvard Business Review. July 17. https://hbr.org/2013/07/surprises-are-the-new-normal-r.
Kingdon, John W. 2011. Agendas, Alternatives, and Public Policies. Second. Boston: Longman.
Kunreuther, Howard, and Erwann Michel-Kerjan. 2013. “Overcoming Decision Biases to Reduce Losses from Natural Catastrophes.” In Behavioral Foundations of Policy, edited by Eldar Shafir. Princeton University Press.
Kunreuther, Howard, Erwann Michel-Kerjan, Neil A. Doherty, Martin F. Grace, Robert W. Klein, and Mark V. Pauly. 2009. At War with the Weather: Managing Large-Scale Risks in a New Era of Catastrophes. Cambridge, Mass: The MIT Press.
Kunreuther, Howard, Erwann Michel-Kerjan, and Mark Pauly. 2013. “Making America More Resilient toward Natural Disasters: A Call for Action.” Environment: Science and Policy for Sustainable Development 55 (4): 15–23. doi:10.1080/00139157.2013.803884.
Lambert, Douglas M., Sebastián J. García-Dastugue, and Keely L. Croxton. 2005. “An Evaluation of Process-Oriented Supply Chain Management Frameworks.” Journal of Business Logistics 26 (1): 25–51. doi:10.1002/j.2158-1592.2005.tb00193.x.
Lang, R. E, and D. Dhavale. 2005. “Beyond Megalopolis: Exploring America’s New ‘megapolitan’geography.” Metropolitan Institute Census Report Series 5 (01).
179
Lindblom, Charles E. 1959. “The Science of ‘Muddling Through.’” Public Administration Review 19 (2): 79–88.
Linkov, Igor, Daniel A. Eisenberg, Matthew E. Bates, Derek Chang, Matteo Convertino, Julia H. Allen, Stephen E. Flynn, and Thomas P. Seager. 2013. “Measurable Resilience for Actionable Policy.” Environmental Science & Technology 47 (18): 10108–10. doi:10.1021/es403443n.
Linkov, Igor, and Thomas P. Seager. 2011. “Coupling Multi-Criteria Decision Analysis, Life-Cycle Assessment, and Risk Assessment for Emerging Threats.” Environmental Science & Technology 45 (12): 5068–74. doi:10.1021/es100959q.
Longstaff, Patricia H., Nicholas J. Armstrong, Keli Perrin, Whitney May Parker, and Matthew A. Hidek. 2010. “Building Resilient Communities: A Preliminary Framework for Assessment.” Homeland Security Affairs 6 (September). https://www.hsaj.org/articles/81.
Lundberg, Russell, and Henry Willis. 2015. “Assessing Homeland Security Risks: A Comparative Risk Assessment of 10 Hazards.” Homeland Security Affairs 11 (December): Article 10.
MacKenzie, Cameron A., and Christopher W. Zobel. 2015. “Allocating Resources to Enhance Resilience, with Application to Superstorm Sandy and an Electric Utility.” Risk Analysis, August, n/a – n/a. doi:10.1111/risa.12479.
Manuj, Ila, and John T. Mentzer. 2008. “Global Supply Chain Risk Management.” Journal of Business Logistics 29 (1): 133–55. doi:10.1002/j.2158-1592.2008.tb00072.x.
Martin-Breen, Patrick, and J. Marty Anderies. 2011. “Resilience: A Literature Review.” Rockefeller Foundation. http://www.rockefellerfoundation.org/blog/resilience-literature-review.
Martinez-Fonts. 2014. U.S. Chamber of Commerce Efforts to Promote Resilience.
McCreight, Robert. 2014. “A Pathway Forward in Homeland Security Education: An Option Worth Considering and the Challenge Ahead.” Homeland Security & Emergency Management 11 (1): 25–38.
Mentzer, John T., William DeWitt, James S. Keebler, Soonhong Min, Nancy W. Nix, Carlo D. Smith, and Zach G. Zacharia. 2001. “Defining Supply Chain Management.” Journal of Business Logistics 22 (2): 1–25. doi:10.1002/j.2158-1592.2001.tb00001.x.
Miles, Matthew B., A. Michael Huberman, and Johnny Saldaña. 2013. Qualitative Data Analysis: A Methods Sourcebook. Third Edition edition. Thousand Oaks, Califorinia: SAGE Publications, Inc.
Mileti, Dennis. 1999. Disasters by Design: A Reassessment of Natural Hazards in the United States. Washington, D.C: Joseph Henry Press.
180
Milly, P. C. D., Julio Betancourt, Malin Falkenmark, Robert M. Hirsch, Zbigniew W. Kundzewicz, Dennis P. Lettenmaier, and Ronald J. Stouffer. 2008. “Stationarity Is Dead: Whither Water Management?” Science 319 (5863): 573–74. doi:10.1126/science.1151915.
Moynihan, Donald P. 2009. “The Network Governance of Crisis Response: Case Studies of Incident Command Systems.” Journal of Public Administration Research and Theory 19 (4): 895–915. doi:10.1093/jopart/mun033.
National Academy of Sciences. 2012. Disaster Resilience: A National Imperative. National Academies Press. http://www.nap.edu/catalog/13457/disaster-resilience-a-national-imperative.
National Commission on Terrorist Attacks. 2004. The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States. New York: W. W. Norton & Company.
National Institute of Standards and Technology. 2015. “International Resilience Symposium: Understanding Standards for Communities and Built Infrastructure Resilience.” NIST GCR 15-917-37. Gaithersburg, MD: National Institute of Standards and Technology. http://dx.doi.org/10.6028/NIST.GCR.15-917-37.
National Research Council. 2010. Review of the Department of Homeland Security’s Approach to Risk Analysis. Washington, D.C.: National Academies Press. http://www.nap.edu/catalog/12972.
NIAC. 2009. “Critical Infrastructure Resilience, Final Report and Recommendations.” Washington, D.C.: U.S. Department of Homeland Security. http://www.dhs.gov/xlibrary/assets/niac/niac_critical_infrastructure_resilience.pdf.
———. 2013. “Strengthening Regional Resilience.”
NIST. 2015. “Community Resilience Planning Guide for Buildings and Infrastructure Systems.” National Institute of Standards and Technology. http://dx.doi.org/10.6028/NIST.SP.1190v2.
Norris, Fran H., Susan P. Stevens, Betty Pfefferbaum, Karen F. Wyche, and Rose L. Pfefferbaum. 2007. “Community Resilience as a Metaphor, Theory, Set of Capacities, and Strategy for Disaster Readiness.” American Journal of Community Psychology 41 (1-2): 127–50. doi:10.1007/s10464-007-9156-6.
OECD. 2003. Emerging Risks in the 21st Century: An Agenda for Action. Paris: OECD Publishing.
Ovans, Andrea. 2015. “What Resilience Means, and Why It Matters.” Harvard Business Review. January 5. https://hbr.org/2015/01/what-resilience-means-and-why-it-matters.
181
Pederson, P., D. Dudenhoeffer, S. Hartley, and M. Permann. 2006. “Critical Infrastructure Interdependency Modeling: A Survey of U.S. and International Research.” Idaho National Lab. www.inl.gov/technicalpublications/Documents/3489532.pdf.
Perry, Ronald W. 2007. “What Is a Disaster?” In Handbook of Disaster Research, edited by Havidan Rodriguez, Enrico L. Quarantelli, and Russell R. Dynes, 1–15. Springer.
Pettit, Timothy J., Joseph Fiksel, and Keely L. Croxton. 2010. “Ensuring Supply Chain Resilience: Development of a Conceptual Framework.” Journal of Business Logistics 31 (1): 1–21. doi:10.1002/j.2158-1592.2010.tb00125.x.
Phillips, Brenda D. 2014. Qualitative Disaster Research. Oxford University Press.
Ponomarov, Serhiy Y., and Mary C. Holcomb. 2009. “Understanding the Concept of Supply Chain Resilience.” The International Journal of Logistics Management 20 (1): 124–43. doi:10.1108/09574090910954873.
Rabkin, Norman J. 2008. Strengthening the Use of Risk Management Principles in Homeland Security. Washington, D.C. http://www.gao.gov/assets/130/120506.pdf.
Reason, James. 1990. Human Error. 1 edition. Cambridge England ; New York: Cambridge University Press.
Reese, Shawn. 2013. “Defining Homeland Security: Analysis and Congressional Considerations.” R42462. Congressional Research Service. http://fas.org/sgp/crs/homesec/R42462.pdf.
Regional Plan Association. 2015. “Megaregions - America 2050.” Accessed March 18. http://www.america2050.org/megaregions.html.
Renschler, C.S., A.E. Frazier, L.A. Arendt, G. Cimellaro, A.M. Reinhron, and M. Bruneau. 2010. “A Framework for Defining and Measuring Resilience at the Community Scale.” NIST GCR 10-930. National Institute of Standards and Technology. http://peoplesresilience.org/references.
Rinaldi, S.M., J.P. Peerenboom, and T.K. Kelly. 2001. “Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies.” IEEE Control Systems Magazine, December. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=969131.
Risk Steering Committee. 2010. “DHS Risk Lexicon.” DHS. http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf.
Saldaña, Johnny. 2012. The Coding Manual for Qualitative Researchers. Second Edition edition. Los Angeles: SAGE Publications Ltd.
Samuelson, William, and Richard Zeckhauser. 1988. “Status Quo Bias in Decision Making.” Journal of Risk & Uncertainty 1 (1): 7–59.
182
Scanlon, T. Joseph. 1988. “Disaster’s Little Known Pioneer: Canada’s Samuel Henry Prince.” International Journal of Mass Emergencies and Disasters 6 (3): 213–32.
Schneider, Saundra. 2008. “Who’s to Blame? (Mis) Perceptions of the Intergovernmental Response to Disasters.” Publius 38 (4).
Shafir, Eldar, ed. 2013. The Behavioral Foundations of Public Policy. Princeton: Princeton University Press.
Sheffi, Yossi. 2007. The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage. Cambridge, Mass.; London: The MIT Press.
Snyder, Steven. 2011. “Why Is Resilience So Hard?” Harvard Business Review. April. https://hbr.org/2013/11/why-is-resilience-so-hard.
Steinbruner, John D. 1973. The Cybernetic Theory of Decision: New Dimensions of Political Analysis. With a New Preface by the Author edition. Princeton University Press.
Subcommittee on Disaster Reduction. 2005. “Grand Challenges for Disaster Reduction.” National Science and Technology Council.
Tesch, Renata. 1990. Qualitative Research: Analysis Types and Software. 1 edition. New York: Routledge.
Thaler, Richard H., and Cass R. Sunstein. 2009. Nudge: Improving Decisions About Health, Wealth, and Happiness. Revised & Expanded edition. New York: Penguin Books.
The White House. 2010. “National Security Strategy.” http://www.whitehouse.gov/sites/default/files/rss_viewer/national_security_strategy.pdf.
———. 2011. “Presidential Policy Directive 8: National Preparedness.” http://www.dhs.gov/presidential-policy-directive-8-national-preparedness.
———. 2013. “Presidential Policy Directive 21: Critical Infrastructure Security and Resilience.” http://www.whitehouse.gov/embeds/footer.
Tierney, Kathleen J. 2003. “Conceptualizing and Measuring Organizational and Community Resilience: Lessons From The Emergency Response Following The September 11, 2001 Attack on The World Trade Center.” http://udspace.udel.edu/handle/19716/735.
Torens Resilience Institute. 2015. “Resilience of Individuals.” Accessed March 3. http://www.torrensresilience.org/resilience-of-individuals.
Trochim, William. 2005. Research Methods: The Concise Knowledge Base. 1 edition. Cincinnati, Ohio: Atomic Dog.
UNISDR. 2011. “Terminology.” http://www.unisdr.org/we/inform/terminology.
183
———. 2013. “Global Assessment Report on Disaster Risk Reduction: From Shared Risk to Shared Value – The Business Case for Disaster Risk Reduction.” Geneva, Switzerland.
US-CERT. 2015. “Cyber Resilience Review (CRR).” Accessed July 28. https://www.us-cert.gov/ccubedvp/self-service-crr.
USCG. 2013. “Coast Guard Publication 7-0: Capability Management.”
Weinstein, Neil D., Kathryn Kolb, and Bernard D. Goldstein. 1996. “Using Time Intervals Between Expected Events to Communicate Risk Magnitudes.” Risk Analysis 16 (3): 305–8. doi:10.1111/j.1539-6924.1996.tb01464.x.
Woods, David D. 2015. “Four Concepts for Resilience and the Implications for the Future of Resilience Engineering.” Reliability Engineering & System Safety, Special Issue on Resilience Engineering, 141 (September): 5–9. doi:10.1016/j.ress.2015.03.018.
Woods, David D., Sidney Dekker, Richard Cook, Leila Johannesen, and Nadine Sarter. 2010. Behind Human Error. 2 edition. Farnham ; Burlington, VT: Ashgate Pub Co.
Yin, Robert K. 2012. Applications of Case Study Research. Third. Thousand Oaks, CA: SAGE Publications, Inc.
———. 2014. Case Study Research: Design and Methods. Fifth. SAGE Publications, Inc.