Tag Archive for: risk

The perfect storm of global vulnerability?

We are only now realising the extent of the vulnerabilities that human development across the world has created. Last year, the Australian Risk Policy Institute highlighted that ‘innovation without governance is a global risk’ and more recently that ‘IT is the greatest risk to civilisation of all time.’ Alarmist? No. Pragmatic? Yes.

The complexity of our digital world has generated compounding and exponential vulnerabilities, risks and wicked problems never seen before. Global society has been built on a house of cards—from the intricacy of the financial world to the meta-grid of interconnectedness and interdependencies. Vulnerabilities are potential barriers and constraints that can manifest into an exponential-risk domino effect.

Michele Wucker’s landmark book, The gray rhino: how to recognise and act on the obvious dangers we ignore, well illustrates the risk mindset. Innovation over the past 50 years has been greater than ever before and brought untold benefits. But contrast that with today’s ‘hidden awareness’ of what’s happening outside public knowledge.

Two consequences have arisen through innovation. The first is an absence of thinking or concern about how we deliver innovation. For example, we welcome the new global economy without considering who produces computer chips and complex pharmaceuticals because it allows us to buy cheap imported goods, borrow easy credit and live beyond our means.

The second is a psychological dependency on digital evolution. The world has adopted false assumptions about this dependency. A few nations have campaigned strategically to advance political ends by leveraging dependency, ignorance, denial and arrogance. Others have failed to see, accept or protect against global vulnerability and are content to live in vertical silos (sometimes for commercial benefit) rather than make a paradigm shift towards network-centric risk thinking.

A holistic perspective is needed for sustained post-Covid recovery, based on a realistic strategic context, that shines a light on what has occurred and how it will continue to play out.

Importantly, a new way of thinking about risk is needed. Traditional thinking about and approaches to risk haven’t adjusted to the realities and needs of today. Static and linear risk management will continue to fall short, leaving decision-makers vulnerable. Belated protection against global vulnerability leading to recovery will only occur if the world embraces actuality and simplicity. Complexity is entrenched and an ongoing risk across society; it can’t be changed in the short term and must be embraced. Clarity and risk reduction are longer-term solutions, and planning alone is too late. We must respond to the now as well as plan for the future.

Encouragingly, the world has identified the two pillars required for recovery. One is a global convocation of free nations (including corporates) coming together and demonstrating unity of purpose. The second is an event galvanising society as a gamechanger. The investigations into the source of Covid-19 represent that event.

Recovery is possible but must be driven by strategic and integrated thinking and approaches based on simplicity, managing complexity and understanding the difference between ‘near time’ as the priority and ‘deep time’ as a future rock.

One of the world’s greatest policy challenges is to differentiate between vulnerability and risk. The world we live in faces unprecedented vulnerability. New thinking and a new approach are needed to conceptualise and apply risk. Vulnerability is defined as the potential for or possibility of strategic risks arising. However, current risk-management processes commence when a degree of probability exists. They often become mechanical and are frequently too late. Cyberattacks, the Covid-19 pandemic, the global financial crises and 9/11 demonstrate the shortcomings of traditional risk approaches. Risk management has not waxed strong in times of trouble.

A new approach to risk is available and gaining recognition. Industry leaders have identified that ‘risk policy is the missing link. Risk policy addresses potentiality and illustrates how vulnerabilities can be identified by introducing a paradigm change through transformational leadership, accessing network information for awareness and turning the focus to anticipation.

Informed and pre-emptive decision-making at the executive level can then provide protection against vulnerabilities, enhance resilience, build sustainability, encourage improvement and spur innovation. Risk policy looks ahead, anticipates and speaks to cause as well as effect—which are, in reality, inseparable.

ARPI’s submission to the parliamentary review of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 highlighted the lack of awareness of developments in risk thinking and the out-of-date and demonstrably defective ‘risk management’ processes. These shortcomings could produce an ineffective statutory resilience framework for Australia with a failure to act faster.

Another example was emphasised during the royal commission into Australia’s natural disaster arrangements. ARPI argued that the review’s approach would entrench baseline, traditional ‘operational processes’ for risk management which have repeatedly failed and will continue to fail at significant times and levels. Rather than trying to react to existing isolated risks when it’s usually too late, resilience in the future must be approached from a perspective of potentiality. That is, the scale of the 2019–20 bushfires was foreseeable and, to an extent, preventable.

So, what needs to change? Decision-making must be informed and pre-emptive. In the case of the Black Summer bushfires, decision-making based on risk policy was needed before the fires occurred not just as a response to them. This decision-making must also be based on real-time local input through an intelligent, network-centric approach and framework, not in isolation or in cities working with limited information or within unhelpful jurisdictional boundaries.

Of course, those involved exercised best judgement in the moment, but arguably without the right information at the right time on the right issue. Informed decision-making is the essence of bushfire prevention and preparation. Network-centric approaches are the enabler.

Informed decision-making will only be achieved through a more contemporary risk policy approach. Paradigm change is required by governments to act pre-emptively. Our experience confirms that reactive, siloed, linear and traditional risk-management processes are not just ineffective, but are devastating and too late when the country is burning.

Avoiding surprises: technology assessment and foresight

Over the past 200 years, the world has become demonstrably more connected. Rising prosperity and innovation have aligned with cycles of industrial and technological development. But along with the obvious benefits of such innovation have come a range of unexpected and often calamitous emergency situations that remind us that certainty is often a scarce commodity.

Strongly linked to certainty are the dual notions of safety and danger as society pursues innovation and the benefits of technological development, it must also deal with an increased likelihood of unanticipated disruptions in both human and technological systems that are by design and use becoming more detailed and complex.

The role of government in preventing such disruptions is critical in that the modern state as functional provider of public administration and legislative oversight derives validity from the promise that it is an effective (and preferred) means of providing safety (and certainty) to the populace.

This role is made more important because of the reality that in representative democracies (and those not so representative), many decisions with the potential to affect populations are made by  government officials or regulators. Such power differentials can undermine people’s trust in government because they are often so far removed from the decision-making process.

It’s reasonable to expect also that innovation (through the application of new technology to problems or the use of old technology in new ways) should hold few surprises for beneficiaries. An extension of the notion that the government ‘makes us safe’ is the expectation that it also licenses and regulates the use of much technology and by doing so provides a degree of certainty about the technology’s reliability and safety.

It’s in this context that technology assessment and foresight are critical for Australia. This especially holds true in relation to reducing the likelihood that incidents or issues involving the unexpected impact of technology and related systems develop into significant disruptions.

A notable example of such a combination of technology assessment and futures thinking was embodied in the US Congressional Office of Technology Assessment. The OTA was bipartisan and was established to examine issues involving new or expanding technologies, assess their impacts (positive and negative), and then analyse options to avert crises from their misuse or unintended consequences from their use.

The OTA was defunded in 1995 after 23 years of service—some suggest as collateral damage from congressional power politics in play at the time.

Over its life, the OTA produced more than 700 studies on topics relevant to governance and decision-making ranging across a broad science and technology terrain. Its demise still resonates among US policy and governance professionals and there have been recent calls to resurrect it.

Technology assessment agencies similar to the OTA (possibly influenced by it) operate in Europe. Notable examples exist in the European Parliament, the German Bundestag, Denmark and Norway.

While Australia is active in technical assessment, particularly in the areas of health and workplace safety, coverage of technology assessments of the scope carried out by the OTA and other international bodies is generally absent.

What nuanced information could Australia get from well-tuned technology assessment? The matrix below suggests a type of analytical view that should be possible. The framework contrasts the impact of a technology (planned or emergent) against the context (limited or dispersed) of possible impacts from a societal regulatory and safety perspective.

A suitable goal of effective technology management and foresight in support of both innovation and regulatory safety would be to minimise the likelihood of generating outcomes such as those shown in quadrants 3 and 4, while promoting policies and practices that seek to support achieving the relatively benign states of play in quadrants 1 and 2.

The emergence of surprise impacts like those in quadrants 3 and 4 may be difficult to predict because of combinations of unnoticed trends, unanticipated synergism between components of complex systems, or abrupt shifts in previously stable systems or contexts.

A further factor is that the effects of techno-contextual surprises, in addition to having wide geographic footprints, may continue for long periods, potentially  spanning generations.

Emergent disruptive phenomena such as climate variability, disease outbreaks, or the increasing complexity of embedded information and communications technology—together with emergent interdependencies within and across systems of infrastructure systems—create significant problems of governance for both the private and public sectors.

Some technological surprises might be preventable by design, although foresight or horizon scanning is likely to be needed for instances where human ingenuity is in play or product functionality derives from the convergence of more than one technology component.

Disruptions in complex contexts are likely to generate cascading impacts that manifest in unexpected ways. Institutions might also be unlikely to face single incidents but rather systemic failures, often appearing concurrently as ‘network’ effects.

What can the Australian government do? It might consider establishing its own office of technology assessment to support the provision of timely targeted advice to elected officials and to those within relevant public- and private-sector institutions.

Such an office would assist in making sense of the potential for counterintuitive disruptions that emerge from the interplay between modern life and the technologies we all use—as well as the new innovations that are always appearing in the horizon. Such anticipatory thinking should also be part of national risk assessment capabilities.