Page 288 -
P. 288
10.1 Complex systems 271
hardware, causing more failures and so on. Thus, the initial failure, which might be
recoverable, can rapidly develop into a serious problem that may result in a complete
shutdown of the system.
The reliability of a system depends on the context in which that system is used.
However, the system’s environment cannot be completely specified, nor can the sys-
tem designers place restrictions on that environment for operational systems. Different
systems operating within an environment may react to problems in unpredictable
ways, thus affecting the reliability of all of these systems.
For example, say a system is designed to operate at normal room temperature. To
allow for variations and exceptional conditions, the electronic components of a sys-
tem are designed to operate within a certain range of temperatures, say from 0
degrees to 45 degrees. Outside this temperature range, the components will behave
in an unpredictable way. Now assume that this system is installed close to an air con-
ditioner. If this air conditioner fails and vents hot gas over the electronics, then the
system may overheat. The components, and hence the whole system, may then fail.
If this system had been installed elsewhere in that environment, this problem
would not have occurred. When the air conditioner worked properly there were no
problems. However, because of the physical closeness of these machines, an unantic-
ipated relationship existed between them that led to system failure.
Like reliability, emergent properties such as performance or usability are hard to
assess but can be measured after the system is operational. Properties, such as safety
and security, however, are not measurable. Here, you are not simply concerned with
attributes that relate to the behavior of the system but also with unwanted or unac-
ceptable behavior. A secure system is one that does not allow unauthorized access to
its data. However, it is clearly impossible to predict all possible modes of access and
explicitly forbid them. Therefore, it may only be possible to assess these ‘shall not’
properties by default. That is, you only know that a system is not secure when some-
one manages to penetrate the system.
10.1.2 Non-determinism
A deterministic system is one that is completely predictable. If we ignore timing
issues, software systems that run on completely reliable hardware and that are pre-
sented with a sequence of inputs will always produce the same sequence of outputs.
Of course, there is no such thing as completely reliable hardware, but hardware is
usually reliable enough to think of hardware systems as deterministic.
People, on the other hand, are nondeterministic. When presented with exactly the
same input (say a request to complete a task), their responses will depend on their
emotional and physical state, the person making the request, other people in the
environment, and whatever else they are doing. Sometimes they will be happy to do
the work and, at other times, they will refuse.
Sociotechnical systems are non-deterministic partly because they include people
and partly because changes to the hardware, software, and data in these systems are
so frequent. The interactions between these changes are complex and so the behavior
