Doctor of Philosophy
School of Computing and Information Technology
Robertson, Lindsay J., Identifying and reducing technological contributions to end-user vulnerability, Doctor of Philosophy thesis, School of Computing and Information Technology, University of Wollongong, 2017. http://ro.uow.edu.au/theses1/181
Essential life-needs are commonly supplied to end-users by complex and heterogeneous technological systems that have many potential failure-points and hence contribute vulnerability. The vulnerabilities under consideration in this study are those arising from the length and complexity of the technological system used to bring these life-needs to the end-user. Public awareness of dependence is evidenced at the corporate and national level by the expenditure of time and effort on infrastructure hardening, and at the individual level by a range of self-sufficiency and personal preparedness movements. Although the awareness of such dependence is commonly described using a term such as vulnerability, this term is imprecisely defined, and a lack of quantifiable measures hampers assessment of the absolute and relative value of methods that are designed to decrease vulnerability.
Published studies of infrastructure systems, supply chains, power distribution systems, communications and other networks have shown concern for system owners but little specific concern for the vulnerability of the end-user. Studies using network theory have considered homogeneous networks but these are not applicable to the heterogeneous technological systems that supply individuals. Risk analyses are highly dependent upon expert identifications of hazards and probabilities, and do not address situations in which there are intentional threats or long time-frames.
A review of published material indicated a need to consider the vulnerability of individual urban-dwelling end-users, and particularly apartment-dwellers, to the essential services that are available only via technological systems. The research question "For goods or services delivered to end-users, what measure of vulnerability can be attributed to the technological systems that are currently used, and what reductions can be obtained by changes to the technological approach or configuration” was formulated to consider this need. A review of issues associated with the assessment of vulnerability also demonstrated the significance of the configuration of a technological system and a need to assess the contribution to vulnerability that is caused by heterogeneous technological systems. The number and the type of weaknesses in a technological system are shown to be a calculable property of the configuration of that technological system, and the metric of the number and type of weaknesses is well described by the term "exposure". The exposure metric is not dependent on the completeness of a brainstorming exercise to identify hazards, does not require any assessment of hazard probability and is shown to be a valid measure of the contribution of the technological system to the end-user's vulnerability with respect to that specific system.
The research question is addressed by describing example cases in which services are delivered to a representative end-user. A number of possible examples were considered and six were chosen to represent a broad variety of goods and services, and a variety of technological systems used in the supply process. The exposure of the selected technological systems was examined. The investigations identified specific contributions to vulnerability and evaluated the effectiveness of possible approaches to reduce these vulnerabilities.
Measurement of the exposure of the examples and the hypothesised changes to the examples showed that this approach was capable of identifying contributors to vulnerability and of quantifying the reductions offered by hypothetical changes. Issues that were examined as hypothetical changes to the technological systems included the development of open-standards for the specification of intermediate products (allowing alternative providers), the introduction of highly decentralised options for services that are currently highly centralised and the application of re-purposable components. Analysis showed that application of the exposure metric generated insights and options that were not identified by risk analysis approaches; hence, this metric contributes to both practice and the academic field.
Hypothesised changes to the examples were assessed in terms of both effectiveness and nature. These changes were shown to offer significant reductions in vulnerability, achieved in some cases by reducing dependence on large and centralised systems and achieved in other cases by ensuring alternative sources for intermediate streams. Specific technological gaps, including the lack of power storage technology, were identified.
This study has demonstrated the contribution of technological systems to users' vulnerability. The study has also quantified this contribution to vulnerability for a range of cases and shown approaches for reduction of vulnerability.