Efficiency v. Security: Information Technology Consolidations - Resilience, Complexity, and Monoculture [open pdf - 778KB]
From the thesis abstract: "Governmental organizations commonly seek to cut costs and increase efficiency through consolidation and standardization of information technology (IT) infrastructure. This may result in vulnerabilities not typically considered by policymakers, due to concentration and homogenization of critical assets, elimination of redundancy and surge capacity, and tightly coupled systems. This thesis reviewed the potential vulnerabilities that may exist in consolidated IT systems due to the effects of complexity, selforganized criticality, and monoculture, and shows that efficient systems carry inherent vulnerabilities. Because we cannot mitigate every possible threat, hazard, or vulnerability, IT professionals should focus on system resilience. Resilience of a system is counter-proportional to the product of vulnerability and spectral radius; therefore, any increase in vulnerability, spectral radius, or both decreases resilience. A reduction in overall vulnerability can compensate for increased self-organization and other losses of resilience through a variety of recommended actions. Many of those actions come with a cost-- organizations will have to determine the tradeoffs they are willing to make between efficiency and security."
Naval Postgraduate School, Dudley Knox Library: https://calhoun.nps.edu/
Cohort CA1605/1606; REP1502