What are the Chances? Resilience and Probabilities.

Compared to some other engineering disciplines, the study and implementation of resilience practices involves somewhat greater levels of uncertainty and the associated risk. The knowledge of threat characteristics is often incomplete resulting in error bars on the assessment of the resilience of a space system. Likewise, threat mitigation features are not perfect and these imperfections may result in uncertainty as to the efficacy of the mitigation. Specifically, a deployed mitigation may not fully counter the targeted threat. All of these factors, plus the uncertainty related to the intentions of a hostile actor, contribute to the introduction of probability into the equation. While it is possible, and sometimes desirable, to simply limit the resilience assessment to deterministic factors, at some point probabilistic variables are likely to emerge and be counted. However, not all probabilities affect the resilient design and operations of a system in the same way.

One of the key distinctions that must be made when discussing how certain probabilities affect resilience calculations and design trades is the difference between the probability that a threat will appear and be executed vs. the probability that once executed the system in question can fully avoid any capability degradation. These are two different measures and present different choices to the designer when choosing mitigation features. Confusing them risks suboptimal designs, whether it be in terms of cost, performance, or resilience.

The probability that a specific threat will occur within a given mission tactical timeline window is variable and often subjective. Adverse conditions such as solar weather may be estimated based upon historical observations, but estimating exactly when something like a solar flare will occur is very difficult if not impossible. Likewise, a hostile adversary may exhibit certain past behaviors that presage future behavior, but as the Wall Street folks like to caveat, that’s no guarantee. Sometimes a certain threat, such as RF jamming in a theater, may be almost a given. But other times a threat may or may not be activated and the exact (or near exact) timing will not be known. But from a designer’s point of view, the probability that a threat will occur is unimportant beyondn knowing whether or not it must be mitigated. This is part of the early process of identifying credible threats for the purpose of determining how available resources (cost) will be allocated for the purposes of increasing the resilience of a system. If a threat is not deemed of sufficient potential impact to the system (usually through a risk assessment considering likelihood and consequence) then it falls below the line relative to other higher priority threats. The threats that make the cut are then presented to the designers to mitigate as best they can for given cost and performance budgets. This probability is executed to generate inputs into the actual resilience calculations by narrowing down a wide threat range to only those of concern.

In calculating resilience, the assumption is that the threat is real and that at some point it targets some part of the system. Resilience is the metric by which the expected value of residual capability is estimated (residual capability being a combination of robustness, recovery, and perhaps reconstitution). The “expected value” part is the contribution of the probability of avoidance, the fourth resilience attribute. This probability is an estimate based upon everything that can happen following the activation of the threat. Generally, for hostile actions, it encompasses both the adversary’s capability (probability of kill) and the system’s (and system operator’s) ability to fully avoid the threat. Note that this is already assuming that the threat has been unleashed.. It is much different than the probability that the threat will be activated. The probability of avoidance is a broad parameter and can include the contributions of multiple mitigations. It can also include certain non-materiel contributors such as risks to logistics or supply chain, so long as credible values can be established.

It’s clear that both of these expressed probabilities, though perhaps less precise than desired, serve a vital role in designing and operating a highly resilience space system. One is instrumental in defining system threat requirements, while the other is critical in estimating the system response to a specific threat or threat scenario.