Sunday, October 27, 2013

Dealing with black/gray swans

A black swan  in a complex system, as popularized by Nassim Taleb  is a metaphor for a large impact, rare event that comes as a complete surprise to all stakeholders. A gray scan is a metaphor for an event with large impact  with very low probability, with the result that most stake holders ignore.  Usual risk management practices deal with known knowns where the adverse event occurrence as well as impact are both predictable.
Picture of swans
Credit:Arjuna based on Marek Szczepanek(Wikimedia)

As the world is more digitized and interconnected and is dependent on large complex information systems,  stakeholders are increasingly facing  black/gray swans.  The impact increases as most of these are unique, connected and closed systems like mobile phone network, power grid and applications based on Internet.  The glitches and shutdowns are regularly chronicled in IEEE Spectrum risk factor blog.

In an excellent paper "Management of Hidden risks", IEEE Computer, January 2013, (paywall)  the author Kjell Jorgen Hole recommends few suggestions to deal with gray swans based on the experiences from the outages in Norwegian Mobile phones, Electronic voting systems, and bank payment authorization systems based on public key infrastructure. The suggestions include  identifying the dependencies between systems and ensuring that the system can continue to run for a minimum period by using back up system (for Mobile networks), providing an alternative mechanism (like paper based ballot for e-ballot) and alternative authentication mechanisms and confirmation messages (for banks). It is useful for project/engineering managers to learn from these and  plan for  dealing with gray swans.

No comments: