Many cyber-technical visions alluringly point to a world where network-centric technology will provide unprecedented levels of capability and efficiency to support
the delivery of goods and services, business processes, global finances, education, health care, defense, and government services. Yet, tradeoffs between efficiency,
complexity, and fragility in networks are evident in a wide variety of public and private systems. We are much better at designing, mass-producing and deploying
network-enabled devices than we are at being able to predict or control their collective behavior once deployed. The vast majority of U.S. infrastructure is privately
owned and operated. Because private industry seeks to deliver goods and services at minimum cost to make a profit, decades of competition have led to infrastructure
that is very lean and very fragile. The result is that when things fail, they often do so cryptically and catastrophically.
As the engineering complexities and practical importance of these networks continue to grow, there is an emerging need for new methods to assess, manage, and
mitigate the associated risks. In particular, there is an urgent need for new methods that help decision makers invest limited defensive resources in order to make
these infrastructures resilient to disruptions caused by accidents, Mother Nature, and deliberate attacks.
Considerable resilience can be gained by adding redundancy (in the form of backup components, or expansion of infrastructure capacity) in the right places. Discovering
what redundancy to arrange, and where, requires rigorous analysis, but the payoff is greatly-enhanced resilience at the cost of minor upgrades relative to the economic
and national security value of the infrastructure.
David Alderson has over a decade of experience working on complex network-centric infrastructures, including research at Stanford, Caltech, the Xerox PARC, and the
Santa Fe Institute.