by Andrew B. Wootton and Caroline L. Davey
Logo der Blogreihe: Vulnerability von Daniel Kulinski von Daniel Kulinski unter CC BY-NC-SA 2.0
What's in a word...
'Resilience' is a term currently much mentioned, but as a concept presently poorly defined. It has historically been linked with a number of fields of knowledge—from metallurgy to psychology to ecology. However, its recent adoption by the security community raises a number of issues.
There are some basic questions around the definition of the term. For example, is resilience an 'ability' to be improved, or is it the desired output? Is it a process or a goal? Precisely who or what must be resilient? Can 'resilience' be said to be good or bad, or is it merely the subject of a value judgement made in light of its context? For example, capitalism has (so far) been resilient in the face of a global economic crisis—this resilience of capitalism we might classify as 'good'. But aren't our current sustainability problems due in part to the 'resilient' nature of capitalism? (i.e. its resistance to change in the face of ecological crises). So the same 'resilient' nature of capitalism might also be classified as 'bad'.
Clearly, resilience is more complex that the word implies. Rather than some value-free, ideal end state, it appears to be the result of a complex set of characteristics that has the potential to both solve and cause problems. The term is used in very different ways by different disciplines and interest groups. We suggest that the political agenda of those using the term needs to be understood to make any value judgement. In the security field, the danger is that the cry for resilience is simply another attempt to foster the perception of living in a permanent state of conflict. This heightens popular fear, and supports the allocation of limited resources to a technology-oriented security industry.
Good design = resilience? (in a good way)
But in the final analysis, isn't resilience simply about good design (if good design can be said to be simple)? Understanding the requirements, the context, the potential problems and the desired outcomes, and embodying these within a design will make for a solution that is inherently resilient. Total resilience is not only impossible, but also potentially undesirable. The impact of including resilience measures with negative consequences—such as reduced quality of life or excess cost of ownership—may result in the solution failing. It seems that the concept of resilience is wrapped up with good design.
Good design is naturally human-centred and works across stakeholder groups—whether this is the design of products, places, systems or services. Good design stands the test of time, with resilience merely one outcome of an insightful and well-executed design process. At the end of the day, total resilience in security terms may be a utopian dream the achievement of which involves not only benefits, but real human costs.