Additional Thoughts on Risk

SB7 has some good observations about risk:

I was listening to the WSJ radio podcast while getting some dinner ready, and one of their reporters said, in the context of discussing Fukushima, that some of the engineers at the plant "knew there was a risk" in the plant's older design and could conceivably face charges for not doing something about said risk.

This kind of talk really grinds my gears.  In any engineering situation there is always some risk.  You can have less risk, or more risk, but risk is not something you either have or do not have.

I will go one step further.  This ex post facto witch hunt aimed at folks who discussed risks  (an pogrom that occurs in nearly every product liability lawsuit with fishing expeditions through company memos) is the WORST possible thing for consumers concerned about the safety of their products and environment.  Engineers have to feel free to express safety concerns within organizations no matter how hypothetical these suppositions may be.

Some concerns will turn out to be unfounded.  Some suggested risks will be deemed too small to economically overcome.  And some will turn out to be substantial and require action.  And sometimes well-intentioned people will make what is, in retrospect, the wrong trade-offs with risks.   These witch hunts only tend to suppress this very valuable and necessary internal dialog within organizations.  Nothing is going to turn the brains of engineers off faster than an incentive system that punishes them retroactively for well-intentioned discussions about risk.

  • http://southbend7.blogspot.com/ SB7

    Good point. My neighbor is a pharmaceutical chemist. She no longer takes any written notes at any meeting. She says it is terrible for productivity and communication, but not as bad as having to turn over boxes of lab notebooks and memo pads to lawyers all the time.

  • Ted Rado

    Every human activity has risks. Despite the best efforts of engineers, business executives, and government agencies, planes crash, cars wreck, ships sink, refineries catch fire, etc. Short of shutting everything down, this is a burden we must bear.

    The trick is to constantly improve designs and operating procedures to reduce accidents. Hopefully, a "lessons learned" study of the Japanese disaster will result in improvements in the deign and operation of other nuclear plants. It is absurd to call for an end to nuclear energy because of the Japanese situation. That should only happen if studies show that the risks are fundamental and not susceptible to amelioration.

    In a very few hundred years, cheap fossil fuels will be gone and we will rely more and more on nuclear energy. Let's use the current review of the industry to improve nuclear plant design and operation, and not throw the baby out with the bathwater.

  • http://www.aaronmbrown.net/blog/ Aaron M Brown

    Increasingly, though, the problem is that engineers and scientists are damned if they do, damned if they don't. Example: http://www.geekosystem.com/italy-scientists-earthquake/ Italy is charging with Manslaughter several scientists for not predicting an earthquake.

    So, to recap: mention that there are risks? Brought up on charges. Fail to mention that there are risks? Brought up on charges.

    I think the only strategy left for scientists and engineers in many countries is just to hope that nothing goes wrong.

    That or find a different line of work.

  • Mesa Econoguy

    Well, it's worse.

    In the investment community, it is extremely risky to talk about SEC regulations without either using the provided compliance-approved script, or to step outside any approved marketing zone.

    Many large broker-dealers record their calls, and sensitive internal communications often go on "other" lines, lest regulators get a snippet out of context.

  • steve

    As an engineer, I would gladly accept this kind of criminalization so long as it equally applied to politicians. I am only half joking.

  • bob sykes

    When designing flood control dams, civil engineers explicitly accept a low-probability but high-consequence failure scenario--usually the 100 year or theoretically maximum precipitation/runoff event. And these do occur.

    The design point for New Orleans was a Category 3 hurricane, but local corruption resulted in a much lower level of protection, Katrina was Category 5 out in the Gulf, but it may have been a Category 3(?) when it came ashore at New Orleans. If so, the levees should have held if they were built to specification.

  • MikeinAppalachia

    Speaking of "built to specifications", with the advent of "contruction law" and arbitration in the event of disputes, it is very difficult now to hold a contractor to even clearly defined and contractual levels of work without incurring significant added costs and delays. Arbitration increasingly leans toward awarding "something" for what a contractor deems "unexpected" so the claims are made sufficiently large so as to receive substantial added fees. As a result, Project Management is becomming merely an attempt to minimize the overruns rather than enforcing the specifications.
    However, guess who is held responsible if there is a subsequent failure of the works.
    I recently had an abitrator decide that a contractual obligation of the contractor to "...dewater the site and maintain it in a 'dry and workable condition'..." was unenforceable as the word "dewater" was incorrect-should have been "unwater".

  • DrTorch

    Excellent points.

    As an aside, in my Asian Civ course, back in the day, one of the main takeaways was that the Western Civ developed in the relative calm of the Mediterranean Sea. Thus there was an expectation that developed that the world _should_ be benign.

    To the contrary, Japanese culture developed in the presence of typhoons, earthquakes and tsunamis. Their expectations of the world expect disasters. While they prepare for them, they don't have an expectation that the world is kind and gentle, and any problem must be blamed on a person (who should then pay).

  • IgotBupkis, President, United Anarchist Society

    Companies need to get smart and place the entire messaging system outside of company control and on a "purge regularly" scheme, with someone in charge of keeping track of things that matter.

  • IgotBupkis, President, United Anarchist Society

    Hopefully, a “lessons learned” study of the Japanese disaster will result in improvements in the deign and operation of other nuclear plants.

    Dude, the plants were built in the 1970s. The lessons of TMI led to modifications, but no change to the baseline. If we can't build a better plant 30 years after TMI, then we deserve to have three-eyed children.

    But we can, and we know we can. The problem is, you get idiots at all levels running around screaming "chicken little!" when the actual dangers of nuclear accidents even on the scale of this one are virtually trivial.

    The events there showed that some substantial improvements need to be made in the ability of plant and emergency personnel to deal with infrastructure collapse in existing plants. Since there aren't a lot of plants based on designs more recent than 25 years, it's about freakin' time we did so, and put these old grey mares into mothballs.

  • rxc

    Although I agree with the overall point of this posting, I should point out that there was a similar flooding event at the Blayais nuclear plant in France in the winter of 1999. This event was quite serious, and caused the French and others to re-evaluate the vulnerability of their plants to flooding scenarios from all causes. Although it is relatively easier to design this resistance into the plant before it is built than to backfit it, I believe that most plants did not have to do much that was very expensive - just install better doors and hatches.

    Although engineers cannot be blamed for not forseeing every extreme event, it is important for companies that own potentially dangerous technologies to learn from the experiences of others, and improve their facilities as more info becomes available. I fault the TEPCO management for this event - they knew that the plant was vulnerable and they decided to take the risk. Now they and the company are paying the financial price.

    Oh, and Mr. Bupkis, just about ALL of the currently operating reactors in the world are based on designs older than 25 years. The last construction permit issued in the US was in 1979, just before the TMI accident, for the Jamesport reactor on Long Island. I would say that ALL of the reactors operating in the US and Europe are based on "old" designs. There are some newer ones operating in Japan and Taiwan and CHina, and some newer designs building in Europe.

  • Ted Rado

    Igotbupkis:

    I agree that if old plants are fundamentally unsafe, they should be shut down. Various modifications, such as higher floodwalls, additional cooling backup, etc., can readily be added, if the basic plant design is sound. The fact that they are of an old design does not necessarily make them unsafe. I am sure that in the aftermath of the Japanese catastrophe, such reviews are being pursued.

  • GoneWithTheWind

    This works both ways. I used to regularly write a memo for record when a client objected to something I recommended or wanted something specific in the program, etc. Write it while you remember all the facts and clearly state who made the decision and what your objections were. later when the SHTF it all speaks for itself. And, yes it happened more then once that TSHTF and the user/client wanted to blame anyone but himself and the memo spoke volumes.

  • NormD

    Assuming the WSJ article is correct, then the screw up at Fukushima was even worse than I first thought. They did place some backup generators on a hillside where they would not be flooded by a tsunami.

    But...

    They never bothered to trace the path from the backup generators to the cooling pumps to insure the ENTIRE PATH would not be affected. If they had, they would have seen that the path went through a switch that would be flooded and destroyed.

    If this is true, this is just plain stupid...

    I have built data centers where we provide redundant power and network connections and you ALWAYS trace the entire path to ensure they are entirely separate and cannot be affected by the same outage (except meteor strikes)

    In the early days of the Internet a day-long outage happened when a Stanford data center went down even though it had redundant power because both power sources fed the equipment via a single breaker panel. The panel went out, and everything failed. No one made that mistake again.

    I think we should use nuclear power in our energy mix, but I demand that the engineers running the plants be at least as competent as ISPs.

    I heard one story early on in the Fukushima accident that they had a backup control center but when the engineers went there its connections to the reactors were severed because they relied on cables and there was no wireless backup. This just reeks of incompetence.

    DISASTER RECOVERY PLANS MUST BE TESTED REGULARLY!

  • Jim Collins

    We used to do safety assessments on our products, but, those were stopped by our lawyers. Their opinion is that the company is better off without them, than it would be if we missed something.

    I have an aircraft mechanics license that I hardly ever use, because if I change the oil on Monday and the wing falls off on Thursday, I am going to get sued.

  • steveo

    This was just too tasty, I had to post.

    Cable pinged off an important, and clearly defined Bernoulli channel.

    This should drive down ES, and EURO is also following down, which has been the 8000 lb deception chimpanzee in the room--i.e. GBP and Euro have been manipulated opposite each other last week, very odd.

    http://oahutrading.blogspot.com/2011/07/independence-from-great-british-pound.html

  • IgotBupkis, President, United Anarchist Society

    >>> Oh, and Mr. Bupkis, just about ALL of the currently operating reactors in the world are based on designs older than 25 years.

    Yes, rather DUH. The question is
    1) Should this be so? The answer is "No", and the fact that it is so is not by the overall choice of the power companies. It is a result of general governmental policies to NOT allow newer, inherently safer, and more effective plants to be built.
    2) I(t also says that anyone who brings up "plant safety" in terms of negative arguments about nuke plants overall is generally ignorant, stupid, and/or a self-serving charlatan involved in demagoguery. It's kind of a quick litmus test on how much anyone understands about nuclear power, vs. their merely parroting what they've been told. Another clear litmus test involves the relevance of Chernobyl to western power generation (Correct answer: ZERO), as well as the long-term followup effects of those living in its radiation plume (again, answer, roughly insignificant on anything but the personal, individual level).

    All indications are that Fukishima is another TMI -- that is, hardly a reproof of the safety of nukes, but instead a testament to their safety...

    The events at Fukishima involve a plant faced with extreme conditions -- the fourth-largest earthquake since we gained the ability to actually record them, a truly massive followup tidal wave, and a distinct failure in anticipation of how and where the failure points of the backup and safety systems would occur.

    Regardless of those errors, the fact is that Fukishima still managed to shut down with effects to the environment that were far less than that which the chicken littles are running in circles over.

    That's NOT saying "nothing happened".

    It's saying that despite being faced with much larger problems than design specs were made for, despite being 25yo, the actual radiation release outside of the plant property was actually quite low, and represents no long-term effects on either people or animals, though there are lots of Chicken Littles running around making wild, desperate claims.

  • rxc

    "...anyone who brings up “plant safety” in terms of negative arguments about nuke plants overall is generally ignorant, stupid, and/or a self-serving charlatan involved in demagoguery. It’s kind of a quick litmus test on how much anyone understands about nuclear power, vs. their merely parroting what they’ve been told..."

    Hmmm.... where to start? Let me positive, first. I think that the old plant designs that are operating in the US, and Europe, and Japan, are generally safe. They are even safe enough to continue to operate for a long time, with their licenses renewed for as long as they continue to be economical to operate. Which, now that the green monsters have taken over, should be essentially forever, as long as the green monsters do not impose draconian requirements on them that make them too expensive to operate. See, e.g. Oyster Creek and Indian Point and cooling towers.

    But if these companies want to continue to operate these plants, they MUST continue to watch what happens elsewhere, and learn from it. The chemical people, the airlines, the drug companies, and all other industries that expose society to events that are rare but with large consequences, need to do this continually.

    And, although I agree that the true, measurable human health consequences from this accident will be realtively insignificant, compared to the actual earthquake and tsunami, as were TMI and even Chernobyl, the societal effects are much larger, because our societies truly fear radiation (for whatever reason), in the same way they fear poison (from chemical plants) and fire and explosions (airplanes landing on top of you), and other similar disasters.

    And, BTW, I am now retired from a 35 year career in the nuclear industry, having done, careerwise, just about everything that anyone could do in relation to nuclear power plants. So, I do know a bit about what I am talking about.