The SAMRISK II project aims to address new and unknown vulnerabilities in society through stress-testing existing approaches. The project will (1) explore how stress-testing methods can be applied to societal threats, and (2) use stress-testing to identify the limitations of current risk analysis and resilience methods for complex emerging threats. It involves researchers from Norway, the US, and other Nordic countries, with a budget of 7 million Norwegian krone over 3 years.

1. SAMRISK II project:
New Strains of Society – Hidden, Dynamic
and Emergent Vulnerabilities
SINTEF Technology and Society
NordForsk Conference
New trends in societal security research
in the Nordic countries
26-27 November 2014, Stockholm
1
Tor Olav Grøtan
Senior Research Scientist
Dpt of Safety Research
tor.o.grotan@sintef.no

2. SINTEF Technology and Society
• Participants
• SINTEF Technology and Society, Safety Research
• The Norwegian University of Science and Technology (NTNU)
• University of Tulsa, USA
• Forsvarets Forskningsinstitutt (FFI)
• …..
• Budget: 7MNOK from SAMRISK II
• Duration: 2014-17
• Project management SINTEF
• Fred Størseth (fred.storseth@sintef.no)
2
The project

3. • Adressing vulnerabilities that may be "unknown" in any sense:
• Ignored – forgotten - never contemplated - impossible to identify - misunderstood or
underestimated – stemming from emergence, rupture, discontinuity, variability, etc -
• Presumed impact; society (as a whole) under enormous strain
• Will the (beliefs in the) institutions endure the strain?
• The deafening silence from missing answers – or unrealistic assumptions?
• Will the public still be comforted by "we will revise our routines"?
• Armed police in Norway November 2014 – of course (?)
SINTEF Technology and Society
• Drivers, e.g.,
• New forms of crime - safety & security – climate change , ++
• Dependencies, dynamics and dynamism between systems and domains
• Need for new foci, e.g.
• From threat pictures to threat landscapes
• Vulnerability patterns
3
New Strains of Society – Hidden, Dynamic and Emergent
Vulnerabilities

4. SINTEF Technology and Society
• A "shrinking" world
• Where are the boundaries between society and systems? How do multiple systems
cohere? How can vulnerabilities be identified? Can we see it as an "ecology"? E.g.
• Safety/security "mindsets" as "industrial enclaves" in an open/dynamic society?
• 9/11 signifies a crossroad, a new epoch, a rupture/discontinuity
• Malicious, intended action; terror: A continual, persistent but unspecified threat
• What is the impact on society, what is the strain?
• ICT as a central analytical dimension: "the world connected through it"
• Vulnerabilities when ICT fail
• Failure, breakdown, disturbance (maintenance), virus/hacking etc etc
• Vulnerabilities when ICT function as intended (ICT as prime mediator of interaction)
• ICT as re-presentation technology, as organ-izing technology
• Shared awareness and understanding? A matter of modelling?
• Vertbatim vs gist; different (native) languages; Conditions for sensemaking?
• Intensified potential for vulnerability: The "state of the world" as well as the
threats and risks defined, transfused and understood by and through ICT
4
Some ideas and presumptions

5. • New threats against society produce new patterns of risk and vulnerability
• The recognition of this may imply the challenging of some core principles
• The idea of distinct roles and clear responsibilities: Somebody must "own" (at
least part of) the problem
• What if the distinct roles cannot be identified?
• What if there are no clear areas of responsibility?
• New threats can "play out" in ways that influence an array of systems
SINTEF Technology and Society
• The idea of control:
• The prevalent imperative of identifying and "translating" risk into cintrollable
parameters
• How can we identfy and act on risks that are constantly changing, crossing
and traversing system boundaries, affecting a number of parties ?
• We must acknowldge the fact that the "standard toolbox" and approaches are
insufficient
• New threats demand new thinking and new methods – for vulnerability as well as risk
5
New Strains: Foundations

6. • Out point of departure is what we actually have (predominantly from industrial safety)
• Methods, theoretical foundations, views and contemplations
• The aim is however not just to "re-contextualize" into the societal context.
• We will approach the borderlines and the impasses – where methods stalemate ,
SINTEF Technology and Society
where understanding stops
• We will explore how existing methods and principles can be related to, developed and
translated into addressing complex landscapes of threats that
• involve multiple systems in interplay
• is imprinted by substantial uncertainty , e.g., related to
• Extent, potential of escalation, degree of danger, vulnerability by coupling
• can imply generation, transfer and relocation of risk
• We will build "landscapes" of threat and vulnerability within different areas, e.g.:
• Offshore activity in sensitive areas
• Pandemic
• Critical infrastructure integrated with ICT (incl. "ICT as mediator")
6
New Strains; Approach

7. • Develop an analytical framework for understanding and managing new threats and
SINTEF Technology and Society
vulnerabilities towards society
• The objective is not to generate more knowledge to reduce uncertainty, but
• to establish new principles for contemplation and approach, and
• new ways to acknowledge and explore the new strains
• Point of departure; existing methods and theory, with a special focus on:
• Risk analysis
• Barrier management
• Resilience
• Stress-testing
• Intention: to put ourselves (safety science, practice) to the test
• Establish borderlines and limitations of existing/prevalent approaches
• Objective: to identifiy how approaches and methods must be developed in order to
adress the societal threats we will face, including
• Where it stops – where "control", methods and tools can promise no more
• Including the new & "promising", e.g. resilience (engineering)
7
New Strains; Defined targets

8. 1. The potential of development related to stress-testing as a specific method (e.g.,
simulated barrier breakdown) to address societal threats
2. Stress-testing in a wider sense, as a principle or metaphor:
• We intend to "stress-teste" our inventory of approaches and methods – in order
to identify where and when our "tools" stop working
SINTEF Technology and Society
• INCLUDING the recent advances,
• e.g., resilience (engineering)
8
Stress-testing; a double meaning

9. David D. Woods, 2014
Hidden, dynamic and
emergent vulnerabilities
SINTEF Technology and Society 9
"STRESS-TESTING 2"
Society
…
Regulator
….
Company
….
Creating, constructing, conditioning…

10. EXAMPLE. "Pulse of Risk ExploreR" (PuRER): Project proposal Saf€ra (call.safera.eu) 2014
New safety
Approaches
Knowledge
domain 2 (KD2)
Stable/known systems Increasingly complex and dynamic systems
SINTEF Technology and Society
10
Prevalent safety approaches
Knowledge domain 1 (KD1)
New risk
management
Approaches
(KD2)
Prevalent risk management approaches
Knowledge domain 1 (KD1)
PuRER
"TORC"
Compliance vs Resilience
Emergent
Generic risk drivers risks
Sensitization to
local conditions
"Safety as
done"

11. SINTEF Technology and Society
"expansion": occasions
to extend the analytical
horizon
"flow":
(re)-organized attention
sensitivity to work as done
"contraction":
RA revisions
Selected horizons
Outcome:
Approaches &
methods providing
increased sensitivity
to emerging risks.
Improved risk
management
Example:
Exploring "The Pulse of Risk"

12. KD2 iNTeg-Risk KD1 = STRESS-TEST!!
SINTEF Technology and Society
"expansion": occasions
to extend the analytical
horizon
"flow":
(re)-organized attention
sensitivity to work as done
"contraction":
RA revisions
Selected horizons
Outcome:
Approaches &
methods
providing
increased
sensitivity to
emerging risks.
Improved risk
management
PuRER: Abductive research process
Theoretical inventory/resources
+ + "Drift into failure" + + + + + + +
(TORC)
Company / regulator practices and prospects
Main
metaphor

13. SINTEF Technology and Society
• Hermeneutical ideal
• Continuous exchange
• Part vs whole
• Pre-understanding Understanding ….
• "Safety" or "security" ?
• Build/understand landscapes of threats
• Analyse, stress-test our methods & approaches
13
Ambition: "Zoom In/Out" in large ("infinite") systems

14. SINTEF Technology and Society 14
"Mantra"
Forget your perfect offering
There's a crack in everything
That's where the light gets in
Leonard Cohen (Anthem)