The concept of Full SpectrumResilience (FSR), proposed in this paper, provides an effective organizing principle which relates individual elements of critical infrastructure work and scholarship to each other and to the body as a whole, and which can assist in the formation of a coherent infrastructure resilience doctrine. All elements of this thesis map directly to the effective and appropriate protection of our NCIs as context.
It is instructive to decompose the thesis statement to provide clarity to each of the three key concepts of Resilience, Doctrine, and Full Spectrum in order to understand the contribution that each makes in forming the framework for Critical Infrastructure Protection and Resilience (CIP/R).
The first key element of the thesis is resilience, which in common parlance is the ability to take a hit and recover. Resilience answers the question of “what” is required for an effective defensive posture, or desired end state. Yossi Sheffi, a professor of engineering systems at the Massachusetts Institute of Technology, drew his concept of resilience from the materials sciences as “the ability of a material to recover its original shape following a deformation” and then applied it to enterprises as “those that can quickly ‘return to their normal performance level following a high-impact/low probability disruption’” . The NIPP takes a wider approach, defining resilience as “the ability to resist, absorb, recover from, or successfully adapt to adversity or a change in conditions” . Public Safety Canada (PSC) defines it as “strengthening social and physical … capacity of a system … to adapt to disturbances resulting from hazards [threats] by persevering, recuperating or changing to reach and maintain an acceptable level of functioning” . Key attributes occurring at the community or regional level include “robustness, redundancy, self-organization, and efficiency, … adaptability and flexibility guided by the principles in the Framework” . The Infrastructure Security Partnership defines resilience as “a capacity to absorb or mitigate the impact of hazard events while maintaining and restoring critical services” (TISP, 2010). The requirement for resilience is based on the premise that protective, preventive and deterrent safeguards will not always be effective (i.e., successful in keeping out a threat) and therefore will require response, recovery and restorative action. It is highly likely at some point that a service or some part of it will be lost for a period of time. This is especially relevant for the protection of NCIs, which by their nature are difficult to move physically and must therefore be able to withstand the effects of an attack or hazard event.
Redundancy and agility are the key components of achieving resilience for any effective AP&S program. Redundancy within an NCI facility includes provision for alternate power sources; hot spares of key equipment (including IT and telecom); technical cross-training of staff; and a core of trained emergency staff. Redundancy measures also includes current, tested plans for contingency, business continuity and disaster recovery, and the supporting service level and alternate supply arrangements. These plans should be part of an effective emergency management/continuity of operations (EMCO) program under the supervision of competent AP&S professionals. Redundancy also includes empowering all stakeholders “to share the responsibility to keep hazards from becoming disasters”. Agility is simply the proven ability to implement redundancy measures before Maximum Allowable Downtimes (MADs[i]) are reached. These capabilities are typically tested by exercises or deployment.
Both concepts discussed here should find themselves included, with other key concepts and approaches, in an appropriate FSR doctrine.
Doctrine is the second key concept in the FSR thesis, and answers the question “how” resilience will be achieved. At its essence, doctrine is simply that which is taught. From the Latin doctrina,[ii]it refers to instruction, teaching, erudition and learning of principles and positions in a branch of knowledge. Doctrine exists at the strategic, operational and tactical levels of activity. The North Atlantic Treaty Organisation (NATO) defines doctrine as “fundamental principles by which the military forces guide their actions in support of objectives. It is authoritative but requires judgment in application”. Doctrine is regarded as a guide for consideration in each situation, not strict rules to be followed blindly and unthinkingly. The premise suggested by Hoiback is that if practitioners understand the spirit or intent of a practice, then they will be able to develop specific implementation processes and procedures as the letter, “with sincere conviction and entire faith” .
Why have doctrine
Doctrine provides the initial frame and focus for all activities, which lead ultimately to the effective implementation of a capability. Doctrine in general, and the doctrine of FSR in particular, guides each step in the development of a capability, in this case the effective protection of our National Critical Infrastructures (NCIs). Doctrine tells the “what” and the “why” of any required capability, after which the “how” of implementation can be developed in procedures, while the measurement of “how much” or “how well” the capability is implemented can be addressed by -standards. After doctrine has been used to establish the “policy” framework for a required capability, the conditions are set to provide the actual capability to analyze and assess risks. A needs assessment can be conducted to determine resource requirements including personnel, facilities and infrastructure, equipment and materiel, information, IT and telecommunications support.
Next, training plans can be developed to ensure appropriate and consistent performance by all contributors to the capability, commensurate with the agreed-upon doctrine. Individual skills can be taught, and will contribute to developing trusted expertise in: analysis of asset values, threats and vulnerabilities; assessment of risks; recommendation of safeguards; effective response to physical or electronic intrusions; and contingency and continuity planning, including recovery of mission-critical business functions, and restoration of all business functions to a level as before the intrusion or major interruption. The resultant plans should be consistent with doctrine, and should be used to drive collective training focused on integration of emergency operations, incident management, and information-sharing based on a full understanding of interdependencies, and interoperability of personnel, equipment, processes and capabilities.
Finally, confirmatory exercises can be conducted and umpired according to the doctrine to provide a snapshot of capability at a certain point in time and within a representative subset of one or more NCIs. From a programmatic perspective, this information will drive follow-on efforts for continuous improvement by adjusting the doctrine, which in turn will identify and address outstanding capability requirements (e.g., training, education, information-sharing, equipment, etc.).
In all cases of program establishment and capability maintenance, doctrine provides the “lightning rod” and the framework to which all activities should adhere in order to ensure an integrated, appropriate and responsive capability to meet any operational requirement at the strategic, operational or tactical level.
There are many concepts and principles that find their way into CIP/R doctrine. They are meant to be universally applicable to all NCIs, in all threat environments. For example:
· Resilience takes precedence over protection in CIP/R
· Impact takes precedence over likelihood
· All-round defence is emphasized
· Risk assessment must be continual
· Defence in depth is fundamental
· Centralized control (governance) is supported by decentralized execution (safeguards)
· All CIs are networks
· CIP/R follows the physical or virtual “pipe” (to confirm consistent protection and to determine accountability)
· Collaboration among all stakeholders occurs throughout the life-cycle of an infrastructure
· Sharing of current information -- up, down and across -- is essential
· Most threats & vulnerabilities are non-technical, so safeguards should also be non-technical, supported by technical safeguards (80/20 rule)
· Thinking and analysis occurs “outside the wire”
· CIP/R is “apolitical”
A common understanding of these principles will form the basis for a coherent infrastructure resilience doctrine.
Objectives of doctrine
A fundamental objective of doctrine in CIP/R is to ensure commonality, whether in general understanding, in scope definition, in determining relative severity of threats, vulnerabilities and risks, in comparing the relative utility of safeguard implementation, in training and education requirements, in information-sharing requirements and protection, or in processes to achieve effective and appropriate protection postures for NCI facilities. It also promotes a common vocabulary, which is an essential element of communication, information-sharing, and understanding. This concept of doctrine maps directly to our thesis, in that it both defines the organizing principles for CIP/R and also emerges from the integration of individual (silo) efforts and elements of CIP/R work. Doctrine by its nature is intended to apply in the general case, as indicated by the above examples. Hoiback refers to this results-oriented approach to doctrine as a “Tool of Command”.
Once a common understanding and frame of reference is achieved at the highest levels of overall intent (i.e. the protection of NCIs), subsequent implementation of processes, safeguards and oversight mechanisms should be consistent, appropriate and effective, based on that common understanding. This also provides the frame for critical analysis regarding risks to NCIs, and insight into the selection and implementation of the most effective safeguards and countermeasures. In this manner doctrine serves as a “Tool of Education” .
AP&S practitioners must always adjust their protective posture to changes in risk levels, technology, and operational requirements. Doctrine provides a frame for evaluating and addressing the changes by setting a commonly-understood baseline. In this context, doctrine is a “Tool of Change” . It must be noted that the doctrine itself must adjust to changes, although by its general nature, doctrinal change develops incrementally and after extensive consultation and analysis.
Options to establish doctrine
Doctrine is developed from many sources. Inputs to doctrine include current theory, historical experience, the results of exercises, simulations and experiments, existing practice based on common sense, intuition, and a sense of “what works,” . The best thinkers and analysts align to identify lessons learned, key trends and future requirements, and collate those with knowledge of what works in general contexts, and then codify those ideas and write them down. If the codified doctrine makes sense to the experienced practitioner, who is perhaps the most important critic, then the doctrinal theory is more likely to be embraced as best practice and become ingrained in the “culture” . Doctrine becomes cemented once it has been granted “authority” through implementation in operations. In our context, once CIP/R theory is embraced by those working within the culture and space of protection and is captured by an authoritative body (senior management, professional associations, governing agency, academia, etc.) then doctrine is considered to have been established.
There are several approaches to establishing doctrine. A top-down approach begins with an authority figure driving changes to the way things are done, which is akin to doctrine as a Tool of Command. The utility of the doctrine produced depends on the extent to which senior management utilizes experienced subject matter experts at all levels of operations; if consultation is inadequate then the risk remains that the ‘doctrine’ will, in effect be little more than parochial direction that will not permit the necessary interpretation and customized implementation of the doctrinal principles and concepts that is required to achieve predictable results. CIP/R practitioners may not be granted the lateral discretion to apply concepts and principles appropriately based on their training, education and experience; rather, they may be pigeon-holed into actions that benefit an individual authority figure, but may not serve the best interests of the NCI.
Perhaps a more effective approach in general, and definitely preferred in the case of FSR of NCIs, is establishment of doctrine from within the professional community in a collaborative manner to reach consensus on existing and emergent CIP/R concepts. Calling on the individual and collective expertise of practitioners at all levels and stages of operations, combining this applied data with the theoretical contemplation and disinterested perspective of academia, with the input of business line owners and mid-level managers who can confirm that their interests are being served, may provide the best recipe for effective doctrine.
Importance of doctrine
Perhaps the most important consideration regarding doctrine is that it is to be used as a tool in analysis of appropriate approaches, and not followed blindly as a procedure. Reid notes that “Doctrine should not be, and is not designed as a substitute for thought … On occasions, … an ill-designed … appreciation of certain ideas rushed to fill the doctrinal vacuum with disastrous results” . Accountability cannot be removed from individuals by simply pleading that they were “following doctrine.” Doctrine is general, and is applied by individuals to the extent and with the implementation adjustments necessary to achieve the objective. CIP/R doctrine of itself is of little use unless it is applied by trained, educated and experienced AP&S practitioners. Rational and proven doctrine can be considered a “Tool of Caution” in that it contributes to using the most appropriate set of safeguards, and not “using a screwdriver as a chisel.” Hoiback perhaps best sums up doctrine as “institutionalized beliefs about what works” . Codification of these beliefs of what is best practice in FSR will facilitate the informed and reasoned integration and incorporation of one element of CIP/R work to all others based on a shared intent to protect, for the benefit of all CIP/R practitioners and ultimately all citizens who rely on our nation’s CIs for essential goods and services.
The third thesis concept is Full Spectrum, which addresses the question “how much” in terms of protection. This term has several connotations, but in all cases it implies a complete approach which is consistent with both military and Asset Protection and Security (AP&S) principles. It is suggested that an all-round defensive posture is required, in combination with an all-hazards approach, and an integrated safeguard implementation in order to achieve a Full Spectrum result.
The concept of all-round defence exists in the physical, electronic and temporal sense. From a physical and electronic perspective, all-round defence indicates that there are no gaps in the integrated protective posture established by physical, personnel, technical and procedural safeguards, that there is surveillance on likely adversary approaches, and that there is an effective response capability. From a time perspective, there are no gaps in the actual ability to respond, recover and restore business functions (the Emergency Management continuum) after a major interruption.
Full Spectrum connotes an all-hazards approach to protection, which is nothing more than considering all hazards and threats in a chosen risk assessment methodology, assessing them against identified vulnerabilities in assets, determining key risks, and applying appropriate safeguards to protect against those threat agents with the highest likelihood/impact product. This approach “provides a compelling rationale for mobilizing and sustaining a broad cross section of our society in constructing safer communities and reducing the overall fragility of the nation”. All-hazards approaches permit worst-case planning for the low likelihood/high impact events, but also provide the capability for addressing all lesser events; this is both an effective and efficient use of AP&S resources.
One approach to analyzing threats is to categorize them as follows (with examples[iii]):
Earthquake, tornado, flood, tsunami, tropical storm, hurricane, thunderstorm blizzard/snow/ice storm, hail, volcano eruption, landslide, erosion, wildfire, high wind, extreme temperature, disease, drought, animal attacks, meteorite, asteroid
Terrorism, crime, sabotage, subversion, hostile military action, insurrection, state- or corporate-sponsored espionage (personal or electronic), cyber attacks, political activism, hoaxes, poisoning
Employee sabotage, strike, work action (work to rule, slowdowns, stoppages, delay of access)
Cut cable or water pipe (backhoe threat), wildfire , spill of dangerous material, poisoning
Error, loss or improper use of equipment, improper maintenance, slips and falls, spills[v], flooding, fire, poisoning
Table 1 Threat Categorization
Each of these three threat categorizations has distinguishing attributes, which assist in analysis of the likelihood/probability of a threat event taking place and the impact/consequence of a successful event. No attribute is absolute, but rather is relative to other attributes and to the threat under analysis. Each must be considered empirically, and then in relation to the other threats/hazards, so that cost-effective safeguards, consistent with doctrine, can be implemented. A short explanation follows.
Natural Earth Effects and Natural Disasters
Ayyub, McGill and Kaminskiy consider natural hazards to be indiscriminate and lacking in intent. It is possible to predict the general extent, if not the timing, of natural hazards based on historical records, given the (if somewhat long) cyclic character of some natural phenomena. Such events also have a more predictable nature with respect to geo-location and time, e.g., the season when the event is more likely to occur. Effective surveillance of movements of natural hazards at the regional, national and international levels can assist in estimating timings and likelihood of activity. Safeguards typically focus around hardening of the facility (internal safeguard, which is often difficult to achieve), and redundancy through reliance on other facilities to provide the commodity or service when a facility is unable to (external safeguard).
Deliberate Terrorism and other Malicious Acts
Ayyub et al. discuss at length the “deliberate actions of intelligent human adversaries … [and] their ability to innovate and adapt to a changing environment” and consider the deliberate threat to be the most uncertain of the threat types. This makes predictive analysis much more difficult than in the case of natural or accidental threats. Often, attacks (such as suicide bombings) are outside of societal norms, and therefore a challenge for management to acknowledge, in spite of historical evidence and intelligence to the contrary. Threat likelihood can be analyzed in terms of capability, opportunity, and intent of the threat agent. Capability can include having the knowledge, equipment, tools, weapons, transportation, salient information, leadership, organization and communications to conduct an attack. Opportunity maps to the actual ability to get to the target in order to launch the attack. Opportunity, therefore, is directly based on the existing safeguards at a facility or other target (especially layers or rings of defence), as well as any unforeseen obstacles such as traffic tie-ups, bad weather, changes to routine operations, etc. Intent to attack is based on the motivation of the group or individual, the preference for attacking, the perceived value of the attack in meeting a strategic objective, or simply the perceived benefit to the individual in conducting the attack (financial gain, political message, sense of duty, peer pressure, sense of obligation, etc.). Perpetual surveillance and reporting by lead security agencies, law enforcement agencies and the general public will provide the data upon which analysis and assessment can be conducted regarding the likelihood and impact of a deliberate attack. Intelligence-gathering and sharing among security agencies at all levels and laterally are essential to mitigate the deliberate threat, considering such indicators as significant dates, special events that could provide the best political message, specific target locales and infrastructures, etc. As important as intelligence is the agility within NCI facilities, i.e., the ability to make timely changes to a security posture in response to increased threat likelihood. Stand-off distances and layered defence postures (where each subsequent layer is more difficult to access), along with effective alarms for response, are key safeguards for resilience.
Accidental threats occur often as a result of vulnerabilities in facilities, personnel and processes such as insufficient training and awareness, lack of written procedures, lack of sanctions and rewards, ineffective supervision, overwork, unreasonable time constraints (“you want it when???”), improper equipment, and insufficient monitoring of activity, especially in IT environments. Since there is a mature body of knowledge in Occupational Safety and Health and since compliance with safe working practices is typically included in regulation or law, this threat is relatively predictable in terms of both likelihood and impact. The most effective mitigation measures include accurate, written procedures, followed by proper training and supervision by line managers.
A fourth consideration is that of deterioration, which is interesting because it can be considered either a risk (a result of a threat exploiting a vulnerability), or a threat (which can exploit a vulnerability to cause a risk).
As a risk, deterioration can be considered the result of a threat exploiting vulnerabilities, for example in the case of bridges the threat could be natural (exposure to the elements), man-made (salting roads) or accidental (construction staff cutting corners, incorrect maintenance), and major vulnerabilities could be inadequate inspections or a lack of spending on preventive maintenance. The result, i.e., the risk, is then the deterioration. Since all CIP/R risks can be expressed in terms of their effects on the availability (being accessible or usable when needed), integrity (protection from unauthorized modification), or confidentiality (protection from unauthorized disclosure) of assets, deterioration can be considered both an integrity and an availability risk. However, deterioration can also be considered the first link in a chain of cascading risks, for example in the case of a deteriorated bridge when it could cause an accident if it fails, and thereafter cause a disruption in transportation, supply chain, and manufacturing (and possibly IT/telecom if conduits are routed across the same bridge).
As a threat, deterioration (or more specifically, a deteriorated infrastructure) can exploit the same vulnerabilities to cause the same cascading risks noted above. For the purposes of this paper and follow-on study, deterioration will be considered a threat.
Deterioration (or alteration) in the Dictionary of Civil Engineering refers to defects or (negative) changes in the texture of a work resulting from mechanical, physical, chemical or atmospheric causes (threats). The McGraw-Hill Dictionary of Engineering definition is perhaps more precise, referring to a decline in the quality of a structure over a period of time due to chemical or physical action of the environment. From the ASTMDictionary of Engineering Science and Technology 10th Ed. , deterioration results in a need for repair due to physical or mechanical breakdown, and is a permanent impairment of the physical properties. All such degradation represents a deleterious change in an infrastructure’s physical or chemical properties as a result of damage by weakening of loss of some property, quality or capability. Sanchez-Silva et al. note that deterioration can result from “progressive ontology degradation (e.g., corrosion, fatigue)” which is “usually a slow continuous time-dependent phenomenon” or from “sudden events (e.g., earthquakes)” or “shocks (i.e., rare events)”. Both have a negative effect on a structure’s remaining life, which is a physical/structural- and time-dependent measurement indicator of the extent of deterioration.
Deterioration is further described by Morcous et al. as affecting the safety, serviceability, and functionality” of a facility or infrastructure. Applied to bridges as an example, these attributes may also be applied to physical infrastructures and facilities, as well as to intangible assets such as activities. Deterioration is a cumulative process over multiple transition periods (points in time) and is embodied in the concept of “probabilistic cumulative damage”. Deterioration is as inherently uncertain as the other threats, in many cases due to inconsistent and subjective identification and measurement of the natural and man-made forces, some element environmental condition categories acting on a structure being described as “ad hoc”; however, like natural threats, there exist bodies of historical information on deterioration depending on the type of structure and the forces acting upon it, although external deterioration factors do change over time.
Monitoring of deterioration of a facility or infrastructure and assessment of its extent drives one of three management decisions: do nothing, rehabilitate, or replace . Maintaining current inventories, condition databases and maintenance data, along with trained inspectors following inspection intervals consistent with projected deterioration rates, are essential to addressing deterioration.
Integrated Safeguard Implementation
Following from the all-round defence and all-hazards approaches, full spectrum also applies to an integrated implementation of safeguards. Integration is necessary at the tactical level among individual safeguards within a facility, whether they be personnel security, physical security, technical (including IT) security, procedural security or operational security. Integration also is required at the operational level and can be achieved in terms of mutual aid agreements, memoranda of understanding, information-sharing, resource-sharing as examples.
Benefits accrued to an all-hazards approach from a Government of Canada perspective include increasing “efficiency by recognizing and integrating common emergency management elements across all hazard types, and then supplementing these common elements with hazard specific sub-components to fill gaps only as required.” .
Extracting Principles from Military Doctrine
When discussing doctrine, much can be learned from the military approach to preparing doctrine and from the doctrine itself. For example, the US Army’s capstone doctrine traces its origins to Baron von Steuben’s 1779 Regulations for the Order and Discipline of the Troops of the United States.[vi] This doctrine has evolved through World Wars, Korea, Vietnam, the Cold War, and the current conflicts in Iraq and Afghanistan and the capstone doctrinal manual is now in its 15th edition (US Army, 2008). In this doctrine, there are several concepts which are useful in framing a coherent understanding of resilience.
The military recognizes three levels of war: strategic, operational, and tactical. The strategic level takes place at the national or multi-national level and involves the setting of objectives and limits, the allocation national resources to achieve those objectives, quantification of acceptable risk, and the integration of all elements of national power to achieve those objectives. At the operational level, leaders employ specific forces in a series of related operations that, when assembled together in an integrated manner, achieve a condition that supports the achievement of a strategic objective. The operational level tends to involve broad reaches of space and time and is the linkage between tactical success and strategic context. The tactical level of war sees the employment of specific customized formations to accomplish assigned missions. At the tactical level, space, time, resources, and units involved are finite and discrete and objectives tend to be focused and one-dimensional (US Army, 2008). The principle to be extracted here is that actions taken at different levels are only able to achieve limited ends. It is through the integration of all levels that a coherent and effective whole is formed.
Though a useful construct, the levels of war do not address the nature and types of conflicts in which nations engage. Military operations are conducted across a spectrum of conflict. In order of increasing potential for violence, this spectrum begins with stable peace and increases through unstable peace, insurgency, and ends in general, perhaps nuclear, war. Full scale combat operations tend to predominate in general war or insurgency while limited intervention or peacetime military engagement are more appropriate to unstable or stable peace. Depending on the operation and the nature of the conflict, military forces may engage in the expected roles of attacking targets or defending key terrain or in evolving missions to provide stability and support to local governments (US Army, 2008). The principle to be gained here is that both the range of conditions, i.e., peace through general war, and the types of operations conducted are essential for a complete understanding of the situation. In combining these two extracted principles, one sees that the levels of war, the types of operations, the spectrum of conflict, and operational themes combine to form a framework for thinking about war in all its forms. These principles can be adapted and applied to establish a more coherent understanding of resilience.
Applied Full Spectrum Resilience
Applied FSR can be considered an extension of the “how much” of the third thesis concept of Full Spectrum. The concept of applied FSR draws on principles learned from military doctrine to establish a coherent framework for thinking about all aspects of resilience and related one aspect to another and to the body of knowledge as a whole. It is proposed as a relational concept to integrate understanding and should not limit creative thought in any way.
Drawing on the levels of war, the first element is the Levels of Resilience: strategic, operational, and tactical. It is important to note that each of these three levels is not the exclusive purview of a specific level of government or company organization as will be seen as the complete concept of FSR emerges. Strategic resilience includes the establishment of policies and objectives to achieve broad, long range goals, the allocation of resources, the integration of all elements of the organization to support those goals, and a statement of the acceptable risk. Strategic resilience takes place over a long period of time and does not respond to slight, or even some moderate, variations in situations. Operational resilience involves the interaction of specific actions, programs, and initiatives to achieve more focused objectives over broad reaches of space, time, and participants. The successful completion of several operational objectives leads to the successful attainment of strategic objectives. Tactical resilience refers to specific actions taken in specific circumstances designed to achieve a specific end. Because of their concrete nature, it tends to be easier to measure the success of tactical resilience initiatives when compared to higher level resilience objectives. For an organizational entity to be resilient, all Levels of Resilience must be addressed across a range of impacts.
FSR requires consideration of the Range of Impact of the initiative. A National level impact touches multiple states, regions, organizations, professions, and groups. It covers topics that are of common or related interest across this space. Flynn distinguishes national resilience from homeland security as an “organizing principle” and notes the following benefits: “engender widespread public support … generate economic growth … confronting the ongoing terrorist threat” . The level below National is Regional as opposed to state, province, or territory. States, provinces, and territories are political boundaries which are not respected by natural disaster or terrorist attacks. Furthermore, entities on either side of these political boundaries are more often united by common interests than divided by a line on a map. Regions are subdivided into communities which are smaller in scale yet still united by common factors such as political organization, watershed, levee district, or business interests. Communities may form and dissolve around specific concerns that arise and then are satisfied. An entity, say a town, business, or organization, may be a member of several communities and thus have several different, and perhaps competing, interests. Most emergencies take place at the local level and are managed by the community or municipalities affected . The final level is individuals, which includes persons and their immediate families living in the same household. While the interests and actions of individuals are part of that of communities and regions, individuals also act out of their own self interest and are, by definition, the first to respond to their own personal emergencies.
Considering these three complementary groups of components: personal/physical level; level of operations; and types of threats; a veritable “Rubik’s Cube[vii]” of FSR emerges in doctrinal support for CIP/R. Forty-eight distinct combinations and permutations are identified, each of which is worthy of analysis and roll-up into a cumulative FSR knowledge base. The levels of resilience (strategic, operational, tactical), range of impacts (national, regional, community, and individual), and the all-hazards environment (earth effects, deliberate acts, accidents, and deterioration) can combine in a cubic arrangement to form the concept of FSR shown in Figure 2. This matrix and its 48 “bins” allow for the classification and analytical isolation of any work. For example, the National Infrastructure Protection Plan (NIPP) is a strategic level document that addresses the four elements of the All-Hazards Environment at the national level. The model earthquake design codes[viii] produced by the National Earthquake Hazard Reduction Program (NEHRP) are tactical level documents that deal only with earthquakes at a community level. This example shows the value of FSR in properly assessing work. Even though they are produced at a National level, the NEHRP model codes are implemented at the tactical level of resilience. They are focused on specific actions taken in specific circumstances to achieve a specific end.
Figure 2 Full Spectrum Resilience
The concept of FSR can aid in integrating resilience thinking in three principal ways. First, it allows us to make positive statements of what something is, as demonstrated above, which then indicates what it is not. This keeps us from expecting a result that a program cannot deliver. When the NIPP is classified in the FSR concept as strategic—all-hazards—national, we cannot expect it to improve the resilience of the 22nd Street Bridge. Second, it allows us to relate one program to another. For example, The Infrastructure Security Partnership’s Regional Disaster Resilience Guide (RDRG)[ix] complements the NIPP because it is operational level document focused at the regional and community levels dealing with disasters and terrorism. Third, it allows us to identify the gaps in our comprehensive approach to resilience. If the NIPP satisfies the strategic-national-disaster bin and the RDRG satisfies the operational-regional & community-disaster bins, what satisfies the tactical-regional, community, and individual-disaster bins? Without tactical programs to address specific needs at specific locations in specific circumstances, we cannot achieve FSR. The FSR concept will also determine what we are not doing, and thereby mitigate vulnerabilities in our integrated programs.
Experience has shown that we are most often vulnerable on the seams—on the points of connection between programs, organizations, and individuals. FSR provides a mechanism to identify those seams. Over the next year Carleton University and West Point will engage in a literature survey to classify the major resilience-related work into the 48 bins which scope FSR. The purpose of the research is to find the empty bins. These are the seams where we may be vulnerable and do not know it. Since this is an audacious project, we would be happy to have partners from other institutions.
Full Spectrum Resilience is a doctrinal concept to formulate all of the scholarship, research, publications, codes, and standards for protection into a coherent whole. It does not require anyone or anything new or different except for a positive statement at the beginning of a work which might say “This is a tactical level work focused on deterioration at the individual bridge.” If this concept is adopted by our community of practice, then our doctrine will emerge and self-organize through the magic of a search engine. The existence of this concept will not solve any problems of itself. It will, however, result in a better understanding of the entire body of work and lead to the identification of seams which will allow us to address these shortcomings before they can be exploited.
“Identifying and embracing pragmatic measures that reduce the consequences of unexpected events is not a defeatist position. It is the smart thing to do. A resilient society is one that won’t fall apart in the face of adversity. … Making infrastructures resilient makes them less attractive targets for terrorists. And preparing for the worst makes the worst less likely to happen.” .
[i] A MAD refers to the time before which a service or capability must be recovered after a major interruption. If such business processes are not recovered in time, the typical result is mission failure. [ii] "Doctrina," in Wiktionary: The Free Dictionary; (Wikimedia Foundation Inc., updated 6 February 2012) [dictionary on-line]; available from http:// en.wiktionary.org/wiki/doctrina; Internet; retrieved 10 April 2012. [iv] Natural threats are often referred to as hazards in AP&S doctrine. [v] Some workplace internal accidental threats are similarly referred to as hazards in Occupational Safety and Health doctrine. [vi]Regulations for the Order and Discipline of the Troops of the United States, United States. War Dept. Inspector General's Office [vii] This game was developed in 1974 by Hungarian Emo Rubik, a professor or Architecture at the Academy of Applied Arts and Crafts in Budapest. Its actual purpose was to assist in solving the structural problem of moving parts independently without the entire mechanism falling apart. It only became a puzzle when Rubik scrambled the tool and then tried to restore it. http://en.wikipedia.org/wiki/Rubik's_Cube Accessed 03 April 2012. [ix] Regional Disaster Resilience: A Guide For Developing An Action Plan 2011 Edition is available from the TISP site at www.tisp.org/