Exception Scenarios   6 comments

I’m not quite happy with this post, but I’m throwing it up anyway because I haven’t posted in a while, and I might be able to make this into something usable with feedback.  Please, rip me one in the comments 😉

Safety engineers engage in the practice of failure mode and effects analysis.  Basically, they look at life-safety systems, analyze them to find what sorts of faults may occur, what the results of those faults may be, and how to mitigate them.  Engineers also practice risk analysis, attempting to identify weak points in a project schedule so that they can compensate for potential problems (manpower shortages or delivery issues, etc.)  Business people do essentially the same thing, which they also call risk analysis, although the emphasis is more on cost/benefit or ROI instead of “can we get this thing done”.  Engineers assume, more or less, that getting the thing done is a foregone conclusion.  Security practitioners in IT build threat models for a similar purpose; to identify weak points in a security system.

In a more general systems sense, these activities are all more or less linked.  What you’re attempting to do is expose a class of exception scenarios inside a complex system.

Doing this badly in the security field leads to what Bruce likes to call “Movie Plot Threats“, by focusing on mitigating a single instance of a possible break in a system.  Doing it badly in the economics field leads to large economic meltdowns like the one we’re currently enjoying, when very large impacts are discounted as unlikely or independent in a model where they are instead both likely and linked.

One reason for this is abstraction.  If you do not properly abstract a class of exception scenarios from a collection of particular exception scenarios, you build a bad failure analysis.  You spend too much time (or not enough time) pursing mitigation methods that aren’t at the same layer of abstraction.

For example, if you focus too much on the strength of the lock on your front door, you may wind up buying a lock that is very good, and very expensive, and easily avoided by breaking a window.  We see this sort of bad abstraction in politics all the time.

“If we just secure the border, the illegal immigration problem will go away!”

The statement may or may not be a truism, but the conclusion only follows from the premise if the premise is possible (in the particular case of the U.S., it’s not).  So attempting to alleviate the exception scenario (illegal immigration) with the mitigation methodology (securing the border) is largely a waste of time and money.

Now, of course, this is oversimplified.  You can mitigate *some* illegal immigration by putting *some* border securing methods in place, but you only want the barrier so high (due to cost).  The more difficult you want to make it for someone to get across the border, the more money you have to pay, and in almost all cases these costs don’t scale linearly.  Once you hit the inflection point where your cost curve starts to skyrocket and your return starts to diminish rapidly, you’re doing what I like to call, “circling the drain”.

Again, from a political standpoint, both parties like to circle the drain quite a bit.  Not because circling the drain is fun, but because most political positions are framework arguments dealing in absolutes, and when you deal with absolutes the idea of diminishing returns is quite often conveniently ignored.

The point?  Everything breaks.  All models are incomplete, all engineering can only account for assumed stresses.  Having things break isn’t necessarily a crisis of any sort, the question is, “what sort of crisis are we looking at?”


Posted April 26, 2010 by padraic2112 in noise

6 responses to “Exception Scenarios

Subscribe to comments with RSS.

  1. Ok,

    I like the model discussion. Not sure if the border crossing aligns well with the window/door thing cause we are talking about securing the whole front of the house, and a moat on either side. So clarify exactly which window we are talking about. The border crossing analogy doesn’t invalidate the point that it is impossible to deal with it in absolutes, but does make me wonder if there is a cost/benefit break even on the height of the wall. It doesn’t say not to build one, especially if that is the weakest point and you have a reliability number you need to reach!

    OBTW 1) “Better Fences Make Better Neighbors”

    OBTW 2) I could probably expound for paragraphs on the engineers-thing will work-forgone conclusion thing. Ideally, yes! But there is Dilbert for that.


  2. No, the border is actually a reasonable example because the purported solution to the problem is complex and expensive, while the simple solution (at least economically) is cheap and simple. In this case the simple solution would be to vigorously fine any business employing undocumented illegal aliens, and cut off social services for those incapable of proving citizenship. Sure, enforcement is not without cost, but fortunately we have this shiny and expensive agency called the Border Patrol. Funding and manpower from the BP could be rolled into this new effort. The real problem with the ‘simple’ solution is that people (in many cases people closely aligned with illegal immigration) don’t want it. Until people opt for the simple logical solution, the less effective, more expensive solutions will prevail.

  3. The linear measure of the border of the United States and Mexico is 1,969 miles. The U.S.-Canada border is a whopping 5,525 miles between Canada and the continental U.S., and another 1,538 miles between Canada and Alaska.

    That’s just the land border. It’s also of course the case that even if you made all of those borders literally impossible to cross, the simple and obvious workaround is for anyone who wants to come into the U.S. to go to any country with a coastline, jump on a boat, go out into international waters, sail ’round the land border, and come on in. Of course, you can mitigate that as well by adding more Coast Guard vessels and aircraft, but it’s damn hard to spot a small craft on open water if they don’t have a radar reflector up. The actual coastline of the U.S. is another huge number, 1,631 miles for the Gulf coast, 2,069 for the Atlantic, 7,623 for the Pacific if you count Hawaii and Alaska (chop off 750 if you want to take Hawaii out of the equation).

    It goes without saying that it is much more difficult to patrol and secure a coastline than a land border. But just looking at the land border, you’re talking about 7,500 miles if we ignore Alaska. Certainly, we can’t just strengthen our Mexico border, or immigrants will buy a plane ticket to Ontario and then come over the Canadian border.

    Okay, any reasonable estimate for making a border “secure” is going to have a price per foot number attached to it. You’re going to want some sort of physical barrier (a wall, a fence, razor wire, a moat, something), some sort of detection mechanism for people bypassing the barrier above it (drones, infrared cameras, helicopters, motion detectors, jet patrols, whatever), and a third detection mechanism for people going *under* the barrier (seismic detectors of some sort). In addition, you need some sort of response mechanism to be activated if someone actually triggers the detection mechanism (border patrol agents, drones again, robotic motion tracking chain guns, burrowing self-detonating automatons, remote controlled helicopters with automatic shotguns, whatever). No matter how automated and well engineered all of this stuff is, you need to maintain it.

    So you’ve got total cost of “securing” the border to be the cost per linear foot of all the main hardware, the detection gear, the response gear, and all of the maintenance. Much of this stuff needs to be deployed in rugged terrain, which means it’s astronomically more expensive to deploy due to limited range on your sensor equipment, more difficult response times for your response mechanism, and finally of course the actual construction cost of your wall or whatever.

    Now, if the CRS says it will cost $49 billion dollars just to put up a double steel-chain link fence of 700 miles of the border… well, do the math…

  4. Andy comes out against free vaccines for the undocumented and he gets a free pass? So he likes the analogy, but believes that we just lock up the liquor cabinet? Sorry, people don’t come for the free doctors. Some still would chose a cash only life, with the assumption that they will never get sick. Now I’d imagine some do want to give the best education and medical to their children. Some of the children are citizens by birth anyway. So the liquor cabinet thing doesn’t really work in that case. Or maybe it should! Cheaper Booze, Yes Ma’am party platform!

    The reality of the guy in Central America picking a border crossing in Manitoba over hearing about someone who has defeated an area on the southern border in the past are not equivalently weighted failures. Neither does a seafaring boat do the guy in Juarez much good. When coyotes are replaced by a seafaring equivalent (Orcas?) and an avarian one the preferred method is still finding the weakest spot in a really big door. I am not up on the current numbers, just pointing out that I need numbers to buy the window/door thing.

  5. He doesn’t get a pass, I just missed it. 😉

    Yeah, Andy, Hammer’s right. It’s simple economics, people will come here as long as here is better than there plus risk of coming here. Taking away health care won’t stop them from coming. Making it more difficult to hire illegal immigrants (by increasing documentation requirements) won’t work… whatever system you use to determine eligibility *will be* circumvented. Real ID won’t work, E-Verify won’t work, they’re just bigger, more expensive systems that are still trivially bypassed by suborning the human element.

    Put another way, in order to verify that 300+ million people have a right to work, you have to have a damn big system. That means lots and lots and lots of trusted verifiers. And if you have lots and lots of trusted verifiers, and 12 million illegal immigrants, one of those trusted verifiers is going to sell access to the system for $X a pop.

    Illegal immigrants will pay $5-20K to a coyote to get them across the border. If there are 12 million illegal immigrants, and you make them all get yet another form of identification, all you’re doing is adding 12 million customers (who have a previously demonstrated willingness to pay very large sums of money) to someone to get them that identification.

    Some government employee who makes less than $1 million a year would be sorely tempted to sell those identifications for $1,000 each. Even if he gets only .001% market penetration in his market, he makes more than enough money to risk a 5 year jail term.

    Without an authoritative identification mechanism, the employer can always reasonably dodge the “we didn’t know he was illegal” question. And you can’t have an authoritative identification mechanism for anything resembling reasonable cost.

  6. Pingback: More on Exception Scenarios « Pat’s Daily Grind

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: