SEARCH

SEARCH BY CITATION

Keywords:

  • Fukushima Daiichi nuclear power plant;
  • Hurricane Katrina;
  • Deepwater Horizon;
  • Resilience-based design;
  • Risk management;
  • Safe-fail

Abstract

  1. Top of page
  2. Abstract
  3. INTRODUCTION
  4. RISK VERSUS RESILIENCE
  5. POWER PLANTS, LEVEES, AND OIL RIGS
  6. RESILIENCE-BASED DESIGN AND MANAGEMENT
  7. REFERENCES

The implications of recent catastrophic disasters, including the Fukushima Daiichi nuclear power plant accident, reach well beyond the immediate, direct environmental and human health risks. In a complex coupled system, disruptions from natural disasters and man-made accidents can quickly propagate through a complex chain of networks to cause unpredictable failures in other economic or social networks and other parts of the world. Recent disasters have revealed the inadequacy of a classical risk management approach. This study calls for a new resilience-based design and management paradigm that draws upon the ecological analogues of diversity and adaptation in response to low-probability and high-consequence disruptions. Integr Environ Assess Manag 2011;7:396–399. © 2011 SETAC

Editor's Note: This is 1 of 17 invited commentaries in the series “Challenges Posed by Radiation and Radionuclides in the Environment.” These peer-reviewed commentaries were prepared to address some of the environmental issues raised by the March 2011 nuclear power plant accident in Japan.

INTRODUCTION

  1. Top of page
  2. Abstract
  3. INTRODUCTION
  4. RISK VERSUS RESILIENCE
  5. POWER PLANTS, LEVEES, AND OIL RIGS
  6. RESILIENCE-BASED DESIGN AND MANAGEMENT
  7. REFERENCES

The lessons to be extracted from the Fukushima Daiichi nuclear power plant accident are not simply related to the direct risks of radiation exposure. Indirect effects may be more far-reaching and highly consequential, albeit difficult to quantify. In general, increasing interdependence in the globalized economy means that disruptions from natural (e.g., hurricanes, earthquakes, tsunamis) and man-made (e.g., terrorist attacks, civil wars, financial fraud) disasters can quickly propagate through a complex web of supply-chain, transportation, and communication networks to cause unpredictable failures in other parts of complex, interconnected networks (Rinaldi et al. 2001; Chang 2009; Vespignani 2010). Under such conditions, risk analysis and management alone are insufficient. A better understanding of design for resilient, coupled, complex systems must be emphasized.

RISK VERSUS RESILIENCE

  1. Top of page
  2. Abstract
  3. INTRODUCTION
  4. RISK VERSUS RESILIENCE
  5. POWER PLANTS, LEVEES, AND OIL RIGS
  6. RESILIENCE-BASED DESIGN AND MANAGEMENT
  7. REFERENCES

Risk and resilience strategies are not equivalent. Risk-based strategies are most effective when hazard probabilities are known or can be estimated. However, ignorance of emergent hazards does not justify a lack of preparedness. Three recent disasters, the Fukushima nuclear reactors, the Deepwater Horizon, and Hurricane Katrina (Table 1), reinforce the view that some degree of ignorance in complex systems is irreducible. Therefore, an exclusively risk-based management approach is never fully justified, and lack of attention to resilience will exacerbate the consequences of inevitable failures.

Table 1. Lack of resilience in design and recovery approaches based on knowledge in 3 disaster cases
CasesWhat was knownWhat was unknown or ignoredDesign approachRecovery approach
Fukushima nuclear reactors (Mar 2011)

High possibility of unprecedented earthquake and tsunami (Minoura et al. 2001

); Reactors did survive M = 9.0 earthquake (Onishi and Glanz 2011)

.

Tsunami following earthquakes would destroy backup power systems and prevent resupply of reactor site through conventional logistical channels (e.g., highway trucks) (Onishi and Glanz 2011

); Absence of previous experience resulted in reduced perception of risk (Normile 2011a)

.

Fail-safe; Reinforcement of reactors and supporting structures to withstand vibration of earthquakes; Multiple redundancies and back-up power systems for cooling water (Clery 2011

); Erection of rigid offshore breakwaters as anti-tsunami strategy (Onishi and Glanz 2011)

.

Lack of recognition of magnitude of problem delayed recovery; Lack of ingenuity and adaptability in response exacerbated catastrophe; Lack of transparent communication to those affected created lack of trust (Sieg 2011)

; Degraded agility and adaptability for recovery
Deepwater Horizon Gulf Oil Spill (Apr 2010)

Deepwater oil wells under pressure are at risk of blowout (Hammer 2010

); Response to deepwater spills will be highly problematic (Graham et al. 2011)

.

Simultaneous failure of capping protocols and blowout preventer result in deepwater spill for which no technological fix had been tested (Hammer 2010

); False sense of security resulted from failure to recognize increased complexity and dangers of deepwater activities (Graham et al. 2011)

Fail-safe redundancies; Well drilling and capping protocols minimize blowout risks; Saving cost/time as major decision-making criteria in risk management (Hammer 2010)

.

Lack of preparation delays recovery. However, testing of experimental strategies for deepwater well capping eventually lead to successful cap (Graham et al. 2011)

.
New Orleans Hurricane Katrina (Aug 2005)

Direct hit from strong hurricane and failure of levees and canals a statistical inevitability; Much of City below sea level (Colten and Sumpter 2009)

.

Multiple strong hurricanes in single season (i.e., Rita) complicate recovery efforts (Colten et al. 2008

); Government response handicapped by institutional and personnel failures, multiple failures of support infrastructures (e.g., power, health, communications, transportation) (Colten and Sumpter 2009

); Increased vulnerability by relying on rigid levees (Colten and Sumpter 2009)

.
Fail-safe and benefit-to-cost calculation. While system of levees, canals and dewatering pumps allows rapid recovery from modest hurricanes, catastrophic failures result from major hurricane direct hit.Lack of clear government leadership hierarchy in response leads to delay, confusion; Inequity in access to recovery resources erodes trust; Slow recovery of economy and city life (Westrum 2006)

Risk management begins with hazard identification (McGuire 2008). This approach is problematic where hazards are unknown, inestimable, or very low-probability and high-consequence events (Normile 2011a). Particularly in complex coupled systems, all probabilities of risks are conditional on some background knowledge, including suppositions that camouflage unknown hazards (Aven 2011). Given that a full knowledge of unexpected hazards and how the cascading effects emerge in a complex coupled system cannot be gained, risk management can fail when confronted with unexpected shocks.

Resilience represents an alternative design and management strategy (e.g., Fiksel 2003; Hollnagel et al. 2006; Pettit et al. 2010; Mu et al. 2011). Resilience thinking suggests adoption of design and management strategies for responding to unknown and unexpected hazards through adaptation, flexibility, diversity, and experimentation or innovation (Klein et al. 2003; Zhou et al. 2010).

POWER PLANTS, LEVEES, AND OIL RIGS

  1. Top of page
  2. Abstract
  3. INTRODUCTION
  4. RISK VERSUS RESILIENCE
  5. POWER PLANTS, LEVEES, AND OIL RIGS
  6. RESILIENCE-BASED DESIGN AND MANAGEMENT
  7. REFERENCES

The Tohoku earthquake that struck northeastern Japan on March 11, 2011, was widely anticipated beforehand (Normile 2011b). Even the subsequent tsunami was recognized as a potential hazard, although consensus on the probability and consequences was not achieved before the disaster (Minoura et al. 2001). Nonetheless, the reactors themselves were built to withstand the earthquake and subsequent flooding. It was the failure to restore power to the cooling systems, despite backup generators and batteries, that precipitated the nuclear catastrophe (Onishi and Glanz 2011). Planners had not foreseen the possibility of simultaneous failures in support infrastructure, including the highways that would ordinarily be used to resupply diesel generators with fuel. At this stage, effective response called for creativity, adaptation, flexibility, and experimentation that appeared to be lacking in the first several days of the disaster. A cascade of multiple crises followed at the nuclear plant, including the release of radiation from the site that contaminated vegetables, soils, drinking water, and coastal waters in Japan (Rosenthal 2011). Hazard assessment and mitigation planning after the disaster have been hampered because of high radiation exposure risks, and conflicting extrapolations of available information coupled to public anxieties from perceived risks contributed to a general mistrust in government updates on the situation. Absence of reliable data also points to difficulties in containment and cleanup efforts (Tabuchi and Bradsher 2011). Huge disruptions to the social networks resulted from shortage of freshwater and food supplies, while dislocation of thousands of citizens increased the general anxiety about additional uncertainties. Shutdown of manufacturing operations in the region created global supply-chain problems (Lohr 2011). The environmental, economic, and social losses from the Japan earthquake and tsunami are expected to amount to several hundred billion dollars (BBC 2011).

The experience of New Orleans in the aftermath of Hurricane Katrina (August 29, 2005) exhibits many of the same characteristics as the Tohoku earthquake. A direct hit on New Orleans by a major hurricane had long been anticipated as a statistical inevitability (Fischetti 2001; Bourne 2004; Reichhardt 2004). Nevertheless, protective levees had never been prepared for so large a storm surge, nor were resources, social institutions, or government structures prepared for the contingency of levee failure. A false sense of security resulted in real estate development in the most flood-prone areas (Colten and Sumpter 2009), exacerbating the damage once the levees were breached. Eventually, approximately 80% of land area of New Orleans was underwater, making obsolete most of the resources and infrastructures for emergency action. A more resilience-based approach would have planned for the eventuality of flooding by maintaining coastal buffer zones and setting aside undeveloped areas where flooding could be tolerated.

The explosion of the Deepwater Horizon drill rig in the Gulf of Mexico on April 20, 2010 is another case of the inevitable failure of an engineered system lacking resilience. The potentially disastrous consequences of a deepwater oil spill were previously acknowledged but certainly underestimated (Pritchard and Lacy 2010). In hindsight, escalating safety risks engendered by increased deepwater drilling activity made a major spill only a matter of time (Graham et al. 2011). In this case, a combination of errors, unexpectedly high oil and gas pressures, and other factors resulted in both the failure of the well-capping operation and the blowout preventer (Det Norske Veritas 2011; Graham et al. 2011). Strategies for recovering from a deepwater blowout had never been adequately developed and confusion with regard to the authority of governing agencies impaired response efforts. Nonetheless, the challenges presented by the spill were ultimately met by applying resilience strategies, such as adaptation of existing technologies, application of new or innovative technologies, and a dynamic approach to evolving response tactics (US Coast Guard 2011).

These case studies show that: (i) the failure of rigidly built, engineered systems caused by ignoring low-probability disasters that, given enough time, will eventually lead to devastating disruptions in a wide range of connected systems; (ii) each disaster generated escalating crises which overwhelmed the capacity of traditional emergency response frameworks; (iii) rigid, fail-safe structures may increase overall vulnerability by giving a false sense of security; and (iv) more agile preparedness is required when unexpected hazards or events are identified.

RESILIENCE-BASED DESIGN AND MANAGEMENT

  1. Top of page
  2. Abstract
  3. INTRODUCTION
  4. RISK VERSUS RESILIENCE
  5. POWER PLANTS, LEVEES, AND OIL RIGS
  6. RESILIENCE-BASED DESIGN AND MANAGEMENT
  7. REFERENCES

In each example, the risk management strategy was dominated by a fail-safe mentality based on overconfidence that led to a lack of safe-fail preparations. Resilience-based approaches for designing and managing complex systems acknowledge risks that are not known but have some probability of occurrence. Such unknown risks emerge either as stochastic events with low probability, or as threats that emerge from interdependent, complex systems. Therefore, resilience thinking demands a safe-fail approach that minimizes damage when new risks are revealed (Korhonen and Seager 2008). This requires the incorporation of an adaptive capacity into design and management of resilient complex systems that will flexibly respond to the unexpectedly changing environment. For instance, Fiksel (2003) suggests diversity, coherence, efficiency, and adaptability as key attributes that should be embedded in a systems design for the resilience, while Mu et al. (2011) also emphasizes transformability.

Whereas the call for incorporating resilience into systems design and management has increased dramatically, the development of practical methods to implement resilience in an engineering context is still in an incipient stage. Quantitative metrics or models would facilitate assessment of complex engineered systems and help identify whether structural and functional improvements are required to achieve the desired level of resilience that enables the engineered systems to survive beyond the predicted risks. A new resilience-based paradigm, learned from ecological system analogs, is needed for complex, interdependent, engineered systems that are increasingly more the norm than the exceptions.

Disclaimer

The peer-review process for this commentary was managed by the Editors without involvement of T. Seager.

REFERENCES

  1. Top of page
  2. Abstract
  3. INTRODUCTION
  4. RISK VERSUS RESILIENCE
  5. POWER PLANTS, LEVEES, AND OIL RIGS
  6. RESILIENCE-BASED DESIGN AND MANAGEMENT
  7. REFERENCES
  • Aven T. 2011. On some recent definitions and analysis frameworks for risk, vulnerability, and resilience. Risk Anal 31: 515522.
  • BBC 2011 Mar 23. Japan says quake rebuilding to cost as much as 25tn yen. BBC News.
  • Bourne JK Jr. 2004. Gone with the water. Natl Geogr Mag 206: 88105.
  • Chang SE. 2009. Infrastructure resilience to disasters. The Bridge 39: 3641.
  • Clery D. 2011. Current designs address safety problems in Fukushima reactors. Science 331: 1506.
  • Colten CE, Kates RW, Laska SB. 2008. Three years after Katrina: Lessons for community resilience. Environ Sci Policy Sustain Dev 50: 3647.
  • Colten CE, Sumpter AR. 2009. Social memory and resilience in New Orleans. Nat Hazards 48: 355364.
  • Det Norske Veritas. 2011. Forensic examination of deepwater horizon blowout preventer. Washington DC: US DOI, Bureau of Ocean Energy Management, Regulation, and Enforcement. EP030842.
  • Fiksel J. 2003. Designing resilient, sustainable systems. Environ Sci Technol l 37: 53305339.
  • Fischetti M. 2001. Drowning New Orleans. Sci Am 285: 7685.
  • Graham B, Reilly WK, Beinecke F, Boesch DF, Garcia TD, Murray CA, Ulmer F. 2011. Deep water: The Gulf oil disaster and the future of offshore drilling (report to the President). National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling
  • Hammer D. 2010. Sep 05. Five key human errors, colossal mechanical failure led to fatal Gulf oil rig blowout. The Times-Picayune.
  • Hollnagel E, Woods DD, Leveson N. 2006. Resilience engineering: Concepts and precepts. Aldershot (UK): Ashgate Pub Co.
  • Klein RJT, Nicholls RJ, Thomalla F. 2003. Resilience to natural hazards: How useful is this concept? Glob Environ Change Part B: Environ Hazards 5: 3545.
  • Korhonen J, Seager TP. 2008. Beyond eco-efficiency: A resilience perspective. Business Strategy Environ 17: 411419.
  • Lohr S. 2011. Mar 19. Stress test for the global supply chain. The New York Times.
  • McGuire RK. 2008. Seismic risk mitigation decisions under uncertainty. Risk Governance Soc 14: 185198.
  • Minoura K, Imamura F, Sugawara D, Kono Y, Iwashita T. 2001. The 869 Jogan tsunami deposit and recurrence interval of large-scale tsunami on the Pacific coast of northeast Japan. J Nat Dist Sci 23: 8388.
  • Mu D, Seager TP, Rao PS, Park J, Zhao F. 2011. A resilience perspective on biofuels production. Integr Environ Assess Manag (forthcoming). Available from: doi: 10.1002/ieam.165
  • Normile D. 2011a. Devastating earthquake defied expectations. Science 331: 13751376.
  • Normile D. 2011b. Scientific consensus on great quake came too late. Science 332: 22.
  • Onishi N, Glanz J. 2011 Mar 27. Japanese rules for nuclear plants relied on old science. The New York Times.
  • Pettit TJ, Fiksel J, Croxton KL. 2010. Ensuring supply chain resilience: Development of a conceptual framework. Journal of Business Logistics 31: 121.
  • Pritchard D, Lacy KD. 2010. Deepwater well complexity–The new domain. DHSG White Paper, Successful Energy Practices International, LLC.
  • Reichhardt T. 2004. Hurricane Ivan highlights future risk for New Orleans. Nature 431: 388.
  • Rinaldi SA, Peerenboom JP, Kelly TK. 2001. Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Contr Syst Mag 21: 1125.
  • Rosenthal E. 2011 March 21. Radiation, once free, can follow tricky path. The New York Times.
  • Sieg L. 2011. Mar 15. Japan government losing public trust as nuclear crisis worsens. Reuters.
  • Tabuchi H, Bradsher K. 2011 Apr 9. Lack of data heightens Japan's nuclear crisis. The New York Times.
  • US Coast Guard. 2011. Incident specific preparedness review (ISPR) BP Deepwater Horizon oil spill. United States Coast Guard.
  • Vespignani A. 2010. The fragility of interdependency. Nature 464: 984985.
  • Westrum R. All coherence gone: New Orleans as a resilience failure. In: Proceedings of the 2nd Symposium on Resilience Engineering; 2006; Juan-Ies-Pins, France. p 8-10.
  • Zhou HJ, Wang JA, Wan JH, Jia HC. 2010. Resilience to natural hazards: a geographic perspective. Nat Hazards 53: 2141.