Asymmetric Design

by Philip Boxer

This article on Requisite Agility argues that the socio-technical processes required to respond to changing demand can be described (modeled) and better equipped to handle change if the organization is driven from a demand-side perspective rather than from a supply-side perspective.  The ability to do this increases the potential for software services acting as constituent parts to automate more and more parts of the existing geometry-of-use space in order to create new possibilities on the demand side.

by Philip Boxer

SEI has published a Technical Report on its context-based approach to system-of-systems challenges. This begins to introduce the methods of projective analysis and asymmetric design into their practices.

by Philip Boxer

Last week I was joined by Bernie Cohen and colleagues from the SEI to present this paper at the IEEE 2nd International Systems Conference in Montreal, Canada (April 7-10, 2008).

The paper considers how the particular pragmatics of demand ‘at the edge’ determine the forms of interoperability required of complex systems of systems, which we refer to as ‘geometries-of-use’. The importance of this concept lies in its use to determine the requisite variety of geometries-of-use that a systems of systems infrastructure needs to be able to support. From this we can determine the functional granularity required of the supporting infrastructures.

by Philip Boxer

In February 2008, a joint article was published with Nicholas Whittall in the RUSI Journal:

• Agility and Innovation in C4ISTAR

The article outlines an approach to meeting the challenges of Through Life Capability Management.

by Philip Boxer

The Joint Fire Science Program enagaged the SEI to lead an independent examination of current fire management software tools and systems. The approach used by the SEI made use of visual PAN techniques. The project was outlined in a brief from the Joint Fire Science Program in September 2007, and reported on in the Software Engineering Institute Annual Report 2007, pp22-23.

by Bernie Cohen

A reaction of one reader to my pragmatics blog was that, pragmatically speaking, it was still possible for a shared EHR to add value, but that it was certainly important to down scope the problem of sharing meaning across an enterprise, knowing full well that artificial boundaries are being drawn within the overall enterprise as a consequence. He goes on to say: “It may be a case where the perfect is the enemy”.

Maybe. But my own view is that this line - that the best may be the enemy of the good - doesn’t take into account the real harm that can be done by the not-good-enough.

Consider another aspect of Healthcare, the Clinical Practice Guidelines (CPG) which is strongly promoted by WHO and supported internationally. The potential benefits are enormous, not just for the patient, who should expect to be treated with best practice by any clinician who has the CPG CDs, but for the practitioner, who will be able to defend against any accusation of negligence by demonstrating adherence to CPG, and, most importantly, for the payer (government or insurance company) who will have the philosophers’ stone: the ability to predict, given the cost profile of the CPGs and the statistical distribution of complaints, the future cost of healthcare.

Unfortunately, this all depends on the ability to demonstrate the mutual consistency of the CPGs, which have been, and are being, drawn up by panels of specialists who have their own ontologies. For example, suppose a patient presents symptoms suggestive of both asthma and angina (both of which already have CPGs), which is not uncommon, and a clinician decides to follow one, or the other, or both CPGs, will the treatment plan, outcomes etc. be similar in each case? And who will take responsibility for damages caused by inconsistency? And how, and by whom, can all compositions of CPGs be so checked?

And while we’re on the subject of insurance companies, we already know that their ontologies differ markedly from those of both practitioner and patient, as demonstrated by the classic Kaiser Permanente example: a researcher who did a longitudinal study of post-partum complications using a large KP anonymised data set discovered that a significant proportion of those complications occurred in male patients, this being due to the fact that KP recorded the gender of the payer, not the patient!

When it comes to sharing meaning, before making the best the enemy of the good, we first need to know how to distinguish the not-good-enough. If we are to develop a care-centric approach to the patient in meeting the challenge of Health Care Reform, we are going to need to share meaning by reference to the patient situation itself and not just by reference to the treatment protocols involved.

by Philip Boxer

In October 2007, the SoS Navigator team went to this NDIA Conference to present two papers:

• Complex Systems of Systems: The Dual Challenge

• Achieving Agility in Cyberspace

A Tutorial was also given on Modeling Sustainment and Risk Mitigation for Net-Enabled Realities.

by Philip Boxer

This article on the Double Challenge was published in SEI’s Eye-on-Integration in May 2007 to identify the main challenges that are being worked on within the ISIS team:

• the governance challenge of collaborating with an increasing number and diversity of enterprises; and

• the agility challenge of providing situation-appropriate responses in changing situations.

by Bernie Cohen

The field of modeling is rich in terminological confusion and misunderstanding, in which some of the terms have formal definitions that are radically different from their everyday usage. An eminent MIT Professor of Engineering used to introduce his students to the subtle concepts of precision, accuracy and significance with the following (non-PC) example.

You ask a lady her age and she tells you she is 35. This statement has a precision of plus or minus 6 months, could be inaccurate by as much as 10 years and, if she is attractive, has no significance whatsoever.

What follows is an attempt to cast some light on the terminological confusion and misunderstanding.

• In mathematics, a theory is an abstract algebraic structure, with a signature defining the syntax of its sorts and operations and a set of axioms defining equivalence classes over its syntactically valid expressions. The assertion that certain statements are, or are not, in the same equivalence class is a theorem, which may be proved within the formal system in which the theory is expressed. A theory is said to be consistent if no two of its theorems contradict each other and complete if every valid expression in it is provably true or false. (Godel’s Incompleteness Theorem raises its ugly head here: no theory powerful enough to define arithmetic can be both consistent and complete.).

This definition may seem completely meaningless to the engineer, or even to the scientist, but theories are, indeed, devoid of any ‘meaning’ in the sense that they do not refer to anything in the world of experience.

• A model, in this context, is a theory morphism that assigns a set to each sort, and a function to each operation, of a theory, in such a way that all the axioms of the theory hold in the model. That such a morphism does or does not constitute a model of the theory is a theorem.

Still not very meaningful until we interpret the sets in our models as referring to the values taken by certain kinds of things in the world and the functions as referring to the behaviours of those things. Now our model becomes a theory (in the scientific sense) of any part of the world in which things of those kinds occur.

Actually, such a model of the world initially has the status of a hypothesis, which must be rigorously tested before graduating to the status of theory. Hypothesis testing is the foundation of scientific method. Unlike mathematics, whose methods deal largely with verification using formal proofs, scientific method works largely with refutation, the demonstration that a hypothesis is false. Sir Karl Popper went so far as to insist that any hypothesis that was not, in principle, refutable could not be deemed to be scientific at all, thereby excluding astrology from the sciences.

Hypothesis refutation involves a combination of mathematical proof and empirical observation. The method is to prove a theorem in the underlying theory whose interpretation predicts certain as yet unobserved behaviour of things in the world. An experiment is designed, using suitable effectors, sensors and instruments, to induce the predicted behaviour. This procedure is effectively an investigation of commutativity. Given any function in the model and any value in its domain, we may execute that function on that value and then interpret the result in the world. Alternatively, we could first interpret the function and its input value and observe how that part of the world behaves. If the theory and its interpretation commute, then these two procedures should always produce the same result.

If the predicted behaviour is not observed, non-commutativity has been demonstrated and the hypothesis is deemed to be false. If, however, the behaviour is observed, we have not proved commutativity, but merely that the interpretation of that particular function with that particular value gives an accurate account of the observed behaviour. The hypothesis is not deemed to be true, but merely to have survived that test. A hypothesis that has survived many such tests, repeated by different experimentalists in different conditions, especially where the predicted results are, in some cultural sense, surprising, is eventually granted the status of a law, although that terminology has fallen into disuse.

Actually, hypotheses are not cast and tested individually. Rather, collections of them are interrelated and stand or fall together as a body of theory that defines and governs some branch of science. Their interrelationship stems from their shared ontology, the way that they identify and distinguish things in the world. Contrary to popular belief, the world is not ontologically prior, that is, empirical reality does not consist of distinct objects. Rather, each of us impresses upon our experience of empirical reality our own ontology, constructed to suit our purposes and circumstances. For example, the Inuit distinguish many more kinds of snow than do other North Americans because they both experience much more of it and have to make their living through it (literally). As W. V. O. Quine put it, ‘to be is to be the value of a variable’.

It was once believed, by Plato, Porphyry, Leibniz and other eminent philosophers, that there was a universal ontology, that is, that all the things in the world could be uniquely classified under a hierarchical scheme of differentiation. Sadly, those days have gone. Even if such an ontology was proposed, its universality could not be verified. Science has already encountered many instances of ontological change. For example, for many years, chemistry recognised a type of thing called phlogiston which was given off when a combustible substance was burned, and another called calx which was the residue left after the departure of the phlogiston. Now we have no place for phlogiston in our ontology but we can retain calx as referring to the oxidised residue of burning.

So in order to communicate among scientific disciplines, we must find ways of composing our different ontologies, finding mappings among their terms that do not violate any of the theories on which the laws of the various disciplines rest.

One way of doing this is to construct a GUT (Grand Unifying Theory), or TOE (Theory of Everything), which is indeed a major project in physics today. The problem has been to reconcile general relativity and quantum mechanics, hypotheses which are as close to laws as anything in science but which, unfortunately, contradict each other. The approach, as it has been on many other occasions, is to introduce new ontological distinctions ‘underneath’ those of the competing hypotheses, which can then be re-expressed, and subsequently successfully composed, in the new ontological structure. In this case, the elements of the new ontology are strange things indeed. Just as we had got used to fundamental ‘particles’ that were also ‘waves’ and could be observed only for fleeting moments at ridiculously high energies, we were presented with their unobservable components, the quarks, and with the quarks’ inconceivable components, 14-dimensional strings.

But although a successful TOE would reduce physics to a single theory, we would not reduce our accounts of our empirical experience to its ontology. The reductionist programme was once a cornerstone of scientific philosophy but those days are long gone and engineering was largely responsible.

by Richard Veryard
We can use the three asymmetries to appreciate different strategies for security and trust, such as deperimeterization. First we need some definitions: Boundary refers to a discontinuity in a physical system, Perimeter to a discontinuity in a social system, and Edge to a discontinuity in systems of meaning. As with the asymmetries, these build on each other, so a perimeter includes a ‘virtual’ boundary, and an edge includes a ‘virtual’ perimeter. Thus where we place boundaries, perimeters and edges reflect where we place the three asymmetries. It also determines the way we are able to approach security and trust.

For example, deperimeterization can be understood as an effect of the third asymmetry. A traditional perimeter defence assumes that rights and obligations (social) coincide with certain physical divisions (boundaries). Deperimeterization means it is no longer feasible to align the levels of security with the social boundaries, because the social system is itself losing its cohesion under the influence of the third asymmetry.

Assuming symmetry means being able to run something as a closed system – the way it interacts is wholly defined by the supply-side, so control is possible. With the breaking of the first symmetry, the use of the technology is defined by its outputs, and not its internal functioning. But we can still apply a fortress approach to this, so long as we can wholly define the boundary across which the outputs are to be provided. The metaphor here is the fortress.

With the second symmetry being broken, our business changes from being defined by its outputs to being defined by its ability to organise business processes that deliver solutions. But the supplying business organisation is still in control of this, although the complexity of what is ‘inside’ is greatly increased by its now explicitly socio-technical nature. The fortress metaphor is still possible here, but understood now in terms of a dynamic frontline (e.g. Nato warfare across Europe).

It is with the third symmetry being broken that we get the necessity for defence in depth (they can strike from anywhere), asymmetric threat (they can play by their own rules), and agile/manoeuvrist conflicts that require power-to-the-edge and synchronization at the edge. This is the environment in which collaborative composition is necessary because of the complexity of the demand environment which you are trying to interact with. (The military metaphor here would be “operations-other-than-war” where you have to work with the inhabitants etc.) It is this latter third symmetry-breaking that creates the de-perimeterization effect.

For more on deperimeterization, see my report on Agile Security for SOA in the CBI Journal for June 2006 (subscription required). My other writings on trust and security can be found here.