Systems and Change
Is resistance-to-change a biological characteristic, or one that is exhibited by all systems?
Software developers are all familiar with the problem of getting a new system accepted. People are resistant to change. Change means effort - learning, familiarisation, moving out of your comfort zone, embracing the new… All while trying to get your original job done. It’s very easy to be anti-new system, and push back against it. Learning curves are hard!
And new software is quite often a let-down. So many new IT systems have been failures that it’s easy to dismiss them all. Also, the first version of anything is likely to be buggy, with lots of sharp corners. No one wants to be the one to discover those and help smooth them out.
Businesses are familiar with this push-back too. The “New Coke” fiasco is the classic example:
”Coca-Cola had been losing market share to diet soft drinks and non-cola beverages for several years. Blind taste tests indicated that consumers seemed to prefer the sweeter taste of rival Pepsi, and so the Coca-Cola recipe was reformulated. The American public reacted negatively, and New Coke was considered a major failure. The company reintroduced the original Coke formula within three months, rebranded “Coca-Cola Classic”, resulting in a significant sales boost” - New Coke, Wikipedia
Governments also find it hard to impose change, even when they have a mandate. Another classic example is the introduction of the “Poll Tax” in the UK:
“As the amount of the poll tax began to rise and the inefficiency of local councils in their collection of the tax became apparent, large numbers of people refused to pay. Local councils tried to respond with enforcement measures, but they were largely ineffective given the huge numbers of non-payers. According to the BBC, up to 30 per cent of former ratepayers in some areas refused to pay.” - Poll Tax, Wikipedia
Preventing Unwanted Change
These are examples of people pushing back against (top-down) change. Because often, change is bad. Turns out, all systems need to protect themselves from unwanted change. The strategies they use are the same everywhere: in the middle-ages, towns used walls and soldiers to keep out enemies. Our bodies use skin and an immune system. Our businesses use firewalls, passes and intrusion detection. Our countries use borders, passports and armies.
What about IT? Most computer systems employ logins, CAPTCHAS, rate-limiting, banning. Larger systems like Google need to have whole teams devoted to attack detection, black-hat SEO, click-fraud and so on: it’s vital to avoid the system being compromised by “bad actors”.
Wikipedia is theoretically an editable-by-all encyclopedia, however it has a complex structure of committees and arbitration to opine on “edit wars”, sock-puppetry, vandalism or blocking.
Just as our bodies’ immune systems have to adapt to the evolution of new diseases, so our IT systems need to adapt to new patterns of behaviour from both users and attackers.
All systems have to balance two things:
1) Adaption: changing to keep pace with your environment. Making sure your systems are viable as the world changes around you. If a system ignores this, it will fall into ruin quickly. All the best systems adapt over time (think about how your favourite operating system is being improved constantly). This takes work.
”Adaptation is the evolutionary process whereby an organism becomes better able to live in its habitat or habitats.” - Theodosius Dobzhansky, Adaption, Wikipedia
2) Homeostasis: ensuring that the system is in balance, and stays running. A system that doesn’t contain feedback loops and defences against change in its environment will fail quickly. A classic example is how your body regulates temperature, but also consider how an online game bans cheats, or how a factory maintains supply levels.
“Homeostasis is brought about by a natural resistance to change when already in the optimal conditions, and equilibrium is maintained by many regulatory mechanisms.” - Homeostasis, Wikipedia
These two things are in tension: one is pushing for change, one is asking for things to stay the same. More on this in Agency Risk
Add Your Star On GitHub to receive an invite to the GitHub Risk-First GitHub team for new article notifications and discussion.