From: Schneier on Security
There was a conference on resilience (highlights here, and complete videos here) earlier this year. Here’s an interview with professor Sander van der Leeuw on the topic. Although he never mentions security, it’s all about security.
Any system, whether it’s the financial system, the environmental system, or something else, is always subject to all kinds of pressures. If it can withstand those pressures without really changing its behavior, then it’s robust. When a system can’t withstand them anymore but can deal with them by integrating some changes so the pressures fall off and it can keep going, then it’s resilient. If it comes to the point where the only choices are to make fundamental structural changes or to cease existence, then it becomes vulnerable.
I’ve worked a lot on the end of the Roman Empire. Let’s go back to sometime before the end. The Roman Empire expands all around the Mediterranean and becomes very, very big. It can do that because wherever it goes, it finds and then takes away existing treasure that has been accumulated over the centuries before. That treasure pays for the army, it pays for the administration, it pays for everything. But there’s a certain moment, beginning in the third century, when there is no more treasure to be had. The empire has already taken in all of the civilized world. At that point, to maintain its administration and military and feed its poor, it must depend basically on the annual yield of agriculture, or the actual product of solar energy. At the same time, the empire becomes less attractive because it has less to offer, because it has less extra energy. So now it has to deal with all kinds of unrest, and ultimately, the energy that it has available for its administration is no longer sufficient to maintain the empire. So between the third century and the fifth century, the empire has to make changes. That is the period when it adapts its behavior to all kinds of pressures. That is the resilience period. At the end of that period, when it is no longer able to maintain that, it quickly becomes vulnerable and falls apart.
And here’s sort of a counter-argument, that resilience in national security is overrated:
But it can go wrong. Rebuilding a community that sits in a flood zone shows plenty of resilience but less wisdom. American Idol contestants who have no singing ability but compete year after year are resilient — and delusional. Winston Churchill once joked that success is the ability to go from failure to failure without losing your enthusiasm. But there is a fine line between perseverance and stupidity. Sometimes it is better to give up and pursue a different course than continuing down the same failing path in the face of adversity.
The potential problems are particularly acute in foreign affairs, where effective resilience requires a tireless effort to adapt to changes in the threat environment. In the world of national security, bad things don’t just happen. Thinking, scheming people cause them. Allies and adversaries are constantly devising new ways to serve their own interests and gain advantage. Each player’s move generates countermoves, unintended consequences, and unforeseen ripple effects. Forging an alliance with one insurgent group alienates another. Hardening some terrorist targets leaves others more vulnerable. Supporting today’s freedom fighters could be arming tomorrow’s enemies. Effective resilience in this realm is not just bouncing back and trying again. It is bouncing back, closing the weaknesses that got you there in the first place, and trying things differently the next time. Adaptation is key. A country’s resilience hinges on being able to adapt to continuously changing threats in the world.
Honestly, this essay doesn’t make much sense to me. Yes, resilience can be done badly. Yes, relying solely on reslience can be sub-optimal. But that doesn’t make resilience bad, or even overrated.