Archive for the 'Systems Analysis' Category

Wretchard discusses recent notorious Type II system failures. The Colorado theater killer’s shrink warned the authorities to no avail. The underwear bomber’s father warned the authorities to no avail. The Texas army-base jihadist was under surveillance by the authorities, who failed to stop him. Administrators of the Atlanta public schools rigged the academic testing system for their personal gain at the expense of students and got away with it for years. Wretchard is right to conclude that these failures were caused by hubris, poor institutional design and the natural limitations of bureaucracies. The question is what to do about it.

The general answer is to encourage the decentralization of important services. If government institutions won’t reform themselves individuals should develop alternatives outside of those institutions. The underwear bomber’s fellow passengers survived because they didn’t depend on the system, they took the initiative. That’s the right approach in areas as diverse as personal security and education. It’s also the approach most consistent with American cultural and political values. It is not the approach of our political class, whose interests are not aligned with those of most members of the public.

The Internet is said to route itself around censorship. In the coming years we are going to find out if American culture can route itself around the top-down power grabs of our political class and return to its individualistic roots. Here’s hoping.

The low rate of overt accidents in reliable systems may encourage changes, especially the use of new technology, to decrease the number of low consequence but high frequency failures. These changes maybe actually create opportunities for new, low frequency but high consequence failures. When new technologies are used to eliminate well understood system failures or to gain high precision performance they often introduce new pathways to large scale, catastrophic failures. Not uncommonly, these new, rare catastrophes have even greater impact than those eliminated by the new technology. These new forms of failure are difficult to see before the fact; attention is paid mostly to the putative beneficial characteristics of the changes. Because these new, high consequence accidents occur at a low rate, multiple system changes may occur before an accident, making it hard to see the contribution of technology to the failure.

From:

How Complex Systems Fail (pdf)
(Being a Short Treatise on the Nature of Failure; How Failure is Evaluated; How Failure is Attributed to Proximate Cause; and the Resulting New Understanding of Patient Safety)
Richard I. Cook, MD
Cognitive technologies Laboratory University of Chicago

An insightful critique:

But there is a much more important question being ignored by Gawande — How well does The Cheesecake Factory analogy really apply to health care? We can see how similar the kitchen is to an operating room — lots of busy people rushing about in a sterile environment, each concentrated on a task. But what about the rest of the “system?”
 
At The Cheesecake Factory, the customer is the diner. That’s who orders the service, pays the bill, and comes back again if he is happy. That is who all of the efficient, standardized food preparation is designed to please.
 
In Gawande’s ideal health care model, however, the customer isn’t the patient, but the third-party payer, be it an insurer or government. Let’s call that entity the TPP. The TPP never enters the kitchen. The TTP has no idea what happens in there, and doesn’t really care as long as the steak is cooked to his satisfaction and the tab is affordable.
 
In this model, the patient is actually the steak. It is the steak who is processed in the kitchen. It is the steak that is cut and cooked and placed on a platter. The steak doesn’t get a vote. Nobody cares if the steak is happy. The steak doesn’t pay the bill. The steak isn’t coming back again.
 
So here we are in Dr. Gawande’s kitchen, where you and I are slabs of meat and Chef Gawande will cook us to the specifications of his TPP customers — satisfaction guaranteed.

Worth reading in full.

(Via The Right Coast.)

There was an attack in Saudi Arabia using internally placed explosives up the lower GI tract. These explosives cannot be detected by pat downs, metal detectors, or millimeter wave machines. Much more powerful scanning machines would be required or a cavity search. But no follow up bombs have happened using this method. I’d always wondered why. Now things are becoming clear. Apparently there’s been something of a theological problem. It appears that butt bombs are not permitted due to Islam’s prohibition of sodomy. But that prohibition seems to be loosening.

It will take years for the theologians to digest this new complication but once it has been let loose, it is clearly foreseeable that some portion of islamic scholars will hold this position. The consequences for our travel security regime are rather scary. We’re going to have reached the end of the line because routine x-rays at each flight segment are just not going to happen. The accumulated radiation would cause too many cancers. And cavity searches are simply unreasonable. So where does that leave TSA’s current security strategy?

Like most of their terror innovations, I expect that this will take some time for them to organize. It looks like they’ve already put 4 years into it. It may take them another 4 before they’ve worked the theological problems out sufficient to recruit bombers. But then what?

Wretchard:

But though they may hate the Pax Americana, the Greens probably can’t live without it. Can’t live without the Ipods, the connectivity, the store-bought food, the cafe-bought lattes — all the ugly things made by private industry. And by paring down the redundancies in the system as wasteful and unsightly; by reducing the energy reserves of the system in favor of such fairy schemes as windmills and carbon trading the Greens have made the system far less robust than it could have been. Because they are never going to need the Design Margin. Ever. Until they do.

From a comment by “Eggplant” at Belmont Club:

Supposedly the US has war gamed this thing and the prospects look poor. A war game is only as good as the assumptions programmed into it. Can the war game be programmed to consider the possibility that a single Iranian leader has access to an ex-Soviet nuke and is crazed enough to use it?
 
Of course the answer is “No Way”.
 
A valid war game would be a Monte Carlo simulation that considered a range of possible scenarios. However the tails of that Gaussian distribution would offer extremely frightening scenarios. The Israelis are in the situation where truly catastrophic scenarios have tiny probability but the expectation value [consequence times probability] is still horrific. However “fortune favors the brave”. Also being the driver of events is almost always better than passively waiting and hoping for a miracle. That last argument means the Israelis will launch an attack and probably before the American election.

These are important points. The outcomes of simulations, including the results of focus groups used in business and political marketing, may be path-dependent. If they are the results of any one simulation may be misleading and it may be tempting to game the starting assumptions in order to nudge the output in the direction you want. It is much better if you can run many simulations using a wide range of inputs. Then you can say something like: We ran 100 simulations using the parameter ranges specified below and found that the results converged on X in 83 percent of the cases. Or: We ran 100 simulations and found no clear pattern in the results as long as Parameter Y was in the range 20-80. And by the way, here are the data. We don’t know the structure of the leaked US simulation of an Israeli attack on Iran and its aftermath.

It’s also true, as Eggplant points out, that the Israelis have to consider outlier possibilities that may be highly unlikely but would be catastrophic if they came to pass. These are possibilities that might show up only a few times or not at all in the output of a hypothetical 100-run Monte Carlo simulation. But such possibilities must still be taken into account because 1) they are theoretically possible and sufficiently bad that they cannot be allowed to happen under any circumstances and 2) the simulation-based probabilities may be inaccurate due to errors in assumptions.

An excellent post by Mark Draughn that reminds how we get the behavior we incentivize. In this case the NYC govt incentivized its police to ignore violent crimes and to make bogus arrests to boost their cleared-case stats:

This is a standard recipe for disaster in quality control — and CompStat is at heart a statistical quality control program. Take a bunch of people doing a job, make them report quality control data, and put pressure on them to produce good numbers. If there is little oversight and lots of pressure, then good numbers is exactly what they’ll give you. Even if they’re not true.

Worth reading in full.

Many people canoe and kayak in the Florida Everglades’ extensive inland waterways, which are beautiful, full of interesting plants and animals and easily accessible. I couldn’t refuse an invitation to join friends for a day trip down the Turner River in the Big Cypress area. My friends arranged for me to borrow a kayak but its owner backed out of the trip at the last minute. Fortunately, the guy who organized the trip offered me the use of a kayak that he owns.

Read the rest of this entry »

[ cross-posted from Zenpundit -- mapping, silos, Y2K, 9/11, rumors, wars, Boeing 747s, Diebold voting machines, vulnerabilities, dependencies ]

www.fun1001.com | Send this image to your friend

The “bug” of Y2K never quite measured up to the 1919 influenza bug in terms of devastating effect — but as TPM Barnett wrote in The Pentagon’s New Map:

Whether Y2K turned out to be nothing or a complete disaster was less important, research-wise, than the thinking we pursued as we tried to imagine – in advance – what a terrible shock to the system would do to the United States and the world in this day and age.

1.

My own personal preoccupations during the run-up to Y2K had to do with cults, militias and terrorists — any one of which might have tried for a spectacle.

As it turned out, though, Al Qaida’s plan to set off a bomb at Los Angeles International Airport on New Year’s Eve, 1999 was foiled when Albert Ressam was arrested attempting to enter the US from Canada — so that aspect of what might have happened during the roll-over was essentially postponed until September 11, 2001. And the leaders of the Ugandan Movement for the Restoration of the Ten Commandments of God, acting on visionary instructions (allegedly) from the Virgin Mary, announced that the end of the world had been postponed from Dec 31 / Jan 1 till March 17 — at which point they burned 500 of their members to death in their locked church. So that apocalyptic possibility, too, was temporarily averted.

2.

Don Beck of the National Values Center / The Spiral Dynamics Group, commented to me at one point in the run-up:

Y2K is like a lightening bolt: when it strikes and lights up the sky, we will see the contours of our social systems.

– and that quote from Beck, along with Barnett’s observation, pointed strongly to the fact that we don’t have anything remotely resembling a decent global map of interdependencies and vulnerabilities.

What we have instead is a PERT chart for this or that, Markov diagrams, social network maps, railroad maps and timetables… oodles and oodles of smaller pieces of the puzzle of past, present and future… each with its own symbol system and limited scope. Our mapping, in other words, is territorialized, siloed, and disconnected, while the world system which is integral to our being and survival is connected, indeed, seamlessly interwoven.

I’ve suggested before now that our mapping needs to pass across the Cartesian divide from the objective to the subjective, from materiel to morale, from the quantitative to the qualitative, and from rumors to wars. It also needs a uniform language or translation service, so that Jay Forrester system dynamic models can “talk” with PERT and Markov and the rest, Bucky Fuller‘s World Game included.

I suppose some of all this is ongoing, somewhere behind impenetrable curtains, but I wonder how much.

3.

In the meantime, and working from open source materials, the only kind to which I have access – here are two data points we might have noted a litle earlier, if we had decent interdependency and vulnerability mapping:

Fear-mongering — or significant alerts? I’m not tech savvy enough to know.

4.

Tom Barnett’s point about “the thinking we pursued as we tried to imagine – in advance – what a terrible shock to the system would do to the United States and the world in this day and age” still stands.

Y2K was what first alerted me to the significance of SCADAs.

Something very like what Y2K might have been seems to be unfolding — but slowly, slowly.

Are we thinking yet?