Chapter 17 Exercises
How to use these exercises: Work through the parts in order. Part A builds recognition skills, Part B develops analysis, Part C applies concepts to your own domain, Part D requires synthesis across multiple ideas, Part E stretches into advanced territory, and Part M provides interleaved practice that mixes skills from all levels.
For self-study, aim to complete at least Parts A and B. For a course, your instructor will assign specific sections. For the Deep Dive path, do everything.
Part A: Pattern Recognition
These exercises develop the fundamental skill of recognizing the redundancy-efficiency tradeoff across domains.
A1. For each of the following systems, identify (i) the form of redundancy present (or absent), (ii) the efficiency cost of that redundancy, and (iii) the type of failure the redundancy protects against (or the failure that occurs because redundancy is absent).
a) A commercial airplane with two engines, each capable of sustaining flight independently.
b) A hospital operating at 97 percent bed occupancy.
c) A farmer who grows three different varieties of wheat on her land.
d) A company that uses a single cloud provider for all its data storage and computing.
e) A household that maintains a six-month emergency fund in a low-interest savings account.
f) The human body's two lungs, each with multiple independent lobes.
g) A city water system with two independent treatment plants fed by different reservoirs.
h) A restaurant that sources all its ingredients from a single wholesale distributor.
A2. Classify each of the following as an example of duplication, diversity, modularity, or slack. Some may involve more than one type. Explain your reasoning.
a) A ship's hull divided into watertight compartments.
b) A hospital that maintains 20 percent of its beds unoccupied at all times.
c) A genome in which six different codons encode the amino acid leucine.
d) A data center that maintains an exact copy of itself in a different geographic region.
e) A software system where individual services can fail without bringing down the entire application.
f) An immune system that produces billions of distinct antibody configurations.
g) A household that keeps both a gas generator and a wood stove as backup heating sources.
h) A manufacturing plant that keeps a two-week supply of critical components in a warehouse.
A3. For each pair of systems below, identify which system is more redundant and which is more efficient. Then predict which system would perform better (i) under normal conditions and (ii) under a severe disruption.
a) System A: A factory with three suppliers for its most critical component, each providing one-third of the total supply. System B: A factory with a single supplier that offers a 20 percent volume discount.
b) System A: A hospital with 70 percent average bed occupancy. System B: A hospital with 95 percent average bed occupancy.
c) System A: A farm growing five different crops on the same acreage. System B: A farm growing a single crop chosen for maximum yield per acre.
d) System A: A bank holding 12 percent capital reserves. System B: A bank holding 4 percent capital reserves.
A4. The chapter describes four types of redundancy: duplication, diversity, modularity, and slack. For each type, provide one example from your own life or work that the chapter did not discuss. Explain why your example fits that category.
A5. Identify a system you interact with regularly (a workplace, a transportation system, a technology platform, a household system) and perform a basic single-point-of-failure analysis. What component, if it failed, would cause the entire system to stop working? Is there any redundancy for that component? If not, what form of redundancy would be most appropriate?
Part B: Analysis
These exercises require deeper analysis of the redundancy-efficiency tradeoff.
B1. The Efficiency Trap Analysis. Choose one of the following domains and trace the efficiency trap through its full cycle:
- Restaurant supply chains
- Hospital staffing
- Cloud computing infrastructure
- Public transportation networks
- Urban water systems
- Academic research funding
For your chosen domain:
a) Describe the competitive pressures that drive the system toward efficiency.
b) Identify what forms of redundancy are being eliminated under this pressure.
c) Describe a specific historical or plausible disruption that would expose the system's fragility.
d) Explain why the decision-makers who chose efficiency are unlikely to bear the full cost of the resulting failure (the "skin in the game" problem from Section 17.12).
e) Propose specific redundancy measures that would make the system more resilient, and estimate their efficiency cost.
f) Explain why these redundancy measures are unlikely to be adopted without external pressure (regulation, catastrophe, or cultural change).
B2. The Redundancy Cost-Benefit Analysis. The chapter argues that redundancy is "insurance." Develop this analogy more rigorously.
a) For a specific system (e.g., a hospital, a supply chain, a power grid), estimate the annual cost of maintaining a specific form of redundancy (e.g., 20 percent excess capacity, a backup supplier, a strategic reserve).
b) Estimate the expected annual cost of the disruptions the redundancy protects against. Consider both the probability of the disruption and its severity if it occurs.
c) Under what conditions is the redundancy "worth it" -- that is, when does the expected cost of disruption exceed the cost of maintaining the redundancy?
d) Why is this cost-benefit analysis systematically biased against redundancy in practice? (Hint: consider the difficulty of estimating the probability of rare, catastrophic events, and the asymmetry between visible costs and invisible benefits.)
B3. The Monoculture Problem. The chapter discusses monoculture in agriculture (the Irish potato famine, the Cavendish banana). But monoculture -- dependence on a single variety, approach, or technology -- appears in many domains.
a) Identify a "monoculture" in technology (hint: consider operating systems, programming languages, or cloud providers).
b) Identify a "monoculture" in education (hint: consider standardized curricula, testing approaches, or pedagogical methods).
c) Identify a "monoculture" in organizational management (hint: consider management philosophies, organizational structures, or performance evaluation systems).
d) For each, explain what efficiency benefit the monoculture provides and what vulnerability it creates. What would a more diverse alternative look like?
B4. Antifragility Assessment. For each of the following systems, determine whether it is fragile (harmed by stress), robust (unaffected by moderate stress), or antifragile (improved by stress). Explain your reasoning and identify what role redundancy plays in each case.
a) A muscle subjected to progressive resistance training.
b) A just-in-time supply chain hit by a two-week disruption in shipping.
c) A child's immune system exposed to common childhood infections.
d) A startup company facing a market downturn.
e) A coral reef exposed to gradually increasing water temperatures.
f) A team of engineers working through a difficult debugging session.
Part C: Application to Your Own Domain
These exercises connect the redundancy-efficiency tradeoff to your area of expertise.
C1. Perform a redundancy audit of a system in your professional domain.
a) List the five most critical components or functions of the system.
b) For each, identify whether redundancy exists (duplication, diversity, modularity, or slack).
c) Rate the system's overall redundancy on a scale of 1 (extremely lean, no backup for anything) to 5 (highly redundant across all critical functions).
d) Identify the single most dangerous single point of failure in the system. What would be the cost of its failure? What would be the cost of adding redundancy?
e) Write a one-paragraph recommendation to a decision-maker explaining why redundancy should be added or maintained at the identified vulnerability.
C2. Identify an instance in your field where a system was designed for efficiency and then failed under stress. Analyze the failure using the chapter's framework:
a) What form of redundancy was absent?
b) Was the redundancy eliminated deliberately (an efficiency decision) or was it never present (a design oversight)?
c) Could the failure have been predicted by someone applying the principles of this chapter?
d) What changes were made after the failure? Do those changes adequately address the redundancy gap, or are they vulnerable to being cut in the next round of efficiency optimization?
C3. Design a "redundancy budget" for your organization or a system you care about. For each critical function, specify:
a) The type of redundancy needed (duplication, diversity, modularity, or slack)
b) The cost of providing that redundancy
c) The risk it protects against
d) How you would protect the redundancy from being cut during the next budget cycle
Part D: Synthesis
These exercises require integrating ideas across multiple chapters.
D1. Redundancy and Feedback Loops. Chapter 2 introduced positive (reinforcing) and negative (balancing) feedback loops.
a) The efficiency trap operates as a positive feedback loop. Draw the loop explicitly, showing how competitive pressure leads to redundancy cuts, which lead to short-term cost savings, which lead to competitive advantage, which increases pressure on competitors to cut their redundancy.
b) Identify a negative (balancing) feedback loop that could counteract the efficiency trap. Does such a loop currently exist in any domain discussed in Chapter 17? (Hint: consider aviation safety regulation.)
c) What role does the delay between redundancy cuts and their consequences play in the feedback loop? How does this delay affect the stability of the system?
D2. Redundancy and Goodhart's Law. Chapter 15 showed that metrics used as targets are corrupted by optimization pressure.
a) Explain how efficiency metrics (cost per unit, inventory turnover, capacity utilization) function as Goodhart targets when applied to system design. What underlying reality do these metrics fail to capture?
b) Design a metric that would capture resilience rather than efficiency. Why is this metric harder to measure than efficiency? Why is it less likely to be used as a management target?
c) Is it possible to design a Goodhart-resistant metric for resilience? Or is resilience inherently resistant to quantification? Defend your answer.
D3. Redundancy and Annealing. Chapter 13 argued that controlled randomness helps systems escape local optima.
a) Explain why a system optimized for maximum efficiency is, in annealing terms, "frozen" -- stuck in a local optimum.
b) What would "raising the temperature" look like in the context of a just-in-time supply chain? How would introducing controlled disorder allow the supply chain to find a more robust configuration?
c) Toyota's post-earthquake "rescue inventory" can be understood as a deliberate injection of slack. Is this annealing, or is it something different? Defend your answer.
D4. Redundancy and Phase Transitions. Chapter 5 discussed phase transitions -- sudden, discontinuous changes in system behavior when a parameter crosses a threshold.
a) Explain how a system operating at near-maximum capacity is vulnerable to a phase transition. What is the critical parameter? What is the threshold?
b) How does slack prevent phase transitions? Use the example of hospital capacity during a pandemic to illustrate.
c) The chapter argues that redundancy "extends the range of conditions over which the system remains in its functional phase." Restate this claim using the phase transition vocabulary from Chapter 5.
Part E: Advanced Challenges
These exercises push beyond the chapter's material into deeper or more speculative territory.
E1. Research the concept of "normal accidents" as developed by Charles Perrow in Normal Accidents: Living with High-Risk Technologies (1984). Perrow argued that in systems that are both tightly coupled and complex, accidents are inevitable ("normal") regardless of redundancy. Evaluate Perrow's argument in light of this chapter. Does redundancy actually reduce the risk of catastrophic failure in tightly coupled, complex systems, or does it merely change the form that failure takes?
E2. The chapter discusses four types of redundancy (duplication, diversity, modularity, slack). Is there a fifth type? Consider the concept of "functional redundancy" -- where multiple different components perform the same function through entirely different mechanisms (e.g., the body has multiple independent systems for maintaining blood pressure: the kidneys, the nervous system, and hormonal regulators). Is this a distinct type, or does it reduce to one of the four? Argue your case.
E3. The chapter argues that competitive pressure systematically drives systems toward dangerous efficiency. Is there a domain where competitive pressure drives systems toward redundancy? Consider the evolution of antibiotic resistance in bacteria. Are there cases where competitive advantage comes from being more redundant rather than more efficient? What structural features of the competitive environment determine which direction pressure pushes?
E4. Taleb's concept of antifragility has been criticized by some scholars as being too loosely defined to be useful. Research the criticisms. Is antifragility a genuinely distinct concept, or is it simply "robustness plus learning"? Does the distinction matter for practical system design? Write a 500-word evaluation.
E5. Climate change represents a global-scale disruption that will test the redundancy of every system discussed in this chapter -- agricultural systems, power grids, supply chains, financial systems, public health infrastructure. Choose one of these systems and analyze its resilience to climate change using the chapter's framework. Where is redundancy adequate? Where is it dangerously insufficient? What specific redundancy investments would be most valuable?
Part M: Mixed Practice (Interleaved Review)
These exercises mix concepts from Chapters 13-17 to build integrated understanding.
M1. A pharmaceutical company has optimized its supply chain for maximum efficiency (redundancy vs. efficiency, Ch. 17). It measures success by cost-per-unit-produced (Goodhart's Law, Ch. 15). A pandemic disrupts the supply of a critical ingredient, and production stops for three months. Analyze this situation using concepts from both chapters. How did Goodhart's Law contribute to the fragility of the supply chain? How would a better metric design have led to a more resilient system?
M2. An ecosystem with high biodiversity (redundancy through diversity, Ch. 17) is more resilient to environmental disruption than a monoculture ecosystem. But high biodiversity also means many species are competing for the same resources (explore/exploit tradeoff, Ch. 8). How does the explore/exploit framework illuminate the relationship between diversity and efficiency in ecosystems? Is there an optimal level of biodiversity, or is "more diversity" always better?
M3. A startup company has no redundancy: one product, one market, one key employee, one supplier. This is efficient (Ch. 17) but fragile. The company's investors push for rapid growth, which requires maintaining efficiency to maximize margins. The founder, having read Chapter 13, wants to introduce some "annealing" -- deliberate experimentation with alternative suppliers, alternative products, alternative markets. The investors see this as waste. Write a one-page memo to the investors explaining why controlled inefficiency might increase the company's long-term survival probability. Use concepts from Chapters 13, 15, and 17.
M4. The human body is highly redundant (Ch. 17). It is also subject to phase transitions (Ch. 5) -- for example, the sudden onset of organ failure when a slow decline crosses a threshold. How does redundancy interact with phase transitions in the body? Specifically, how does the gradual loss of redundancy (aging, chronic disease, cumulative damage) eventually trigger a sudden phase transition (organ failure, death)?
M5. Aviation safety relies on triple redundancy (Ch. 17). It also relies on checklists, crew resource management, and error-reporting systems that are designed to learn from near-misses. Is the aviation safety system merely robust (it can withstand stress), or is it antifragile (it improves under stress, because each near-miss and each accident generates lessons that make the system safer)? Use Taleb's antifragility framework to evaluate. What forms of redundancy are essential for the system's antifragility?