Interview: Cascading Infrastructure Failures

Interview with Richard G. Little, Director of the Keston Institute for Public Finance and Infrastructure Policy at the University of Southern California

May 5, 2011 — In the face of increasingly more complex infrastructure systems, what risk management strategies are necessary to prevent cascading failures? This is one of the many key questions that Richard Little seeks to answer in a recently contributed chapter in Disrupted Cities: When Infrastructure Fails.

Traditionally, complex infrastructure systems have been designed to resist the loads imparted by extreme natural events, and malevolent acts such as sabotage and terrorism. However, as demonstrated by the recent tragedy caused by the Great Tohoku Earthquake and the crisis at the Fukushima Daiichi nuclear plant, there is a need for hazard mitigation which is also concerned with secondary and tertiary effects of an infrastructure failure. The situation in Japan sends a clear warning signal to the policy-makers and urban planners who need to ensure that effective risk management strategies are continuously tested and updated, and that “vulnerability of complexity” in fully engendered into emergency planning.

Question: What is meant by the term “vulnerability of complexity”?

Richard G. Little: This is a term coined by the Yale sociologist Charles Perrow and refers to the failure nodes that are repeatedly created at the intersections of our interdependent and highly sophisticated transportation, electric power, and telecommunications systems. Their interdependence makes these core infrastructures vulnerable both to failures in each other and in the information systems and software that support their operations. Unfortunately, although we depend completely on these closely coupled systems in our everyday lives, we really don’t yet understand all the ways in which they can fail. This makes guarding against failure quite a challenge.

As infrastructure system designs shift from an optimal to a flexible approach, what risk reduction strategies ought to be considered?

First of all, we have to improve our understanding of policy tradeoffs and how to present them to decision-makers. For example, putting physical countermeasures in place for a Magnitude 9.0 earthquake or a 10-meter tsunami is very expensive. Because of the foregone opportunity costs of such an investment, we need to ask whether this is the best way to address the risk or if there are less costly methods that could achieve the same objectives. Secondly, we need to make our decision-makers aware that we are not able to prevent all catastrophes. More adaptive approaches will not stop failures from occurring but they do give us more options for reducing the consequences because we are not putting our faith in a single piece of technology such as with the failed blowout preventer on the Deepwater Horizon oil rig. Most importantly, we need to move our thinking from an assumption that we can somehow keep everyone safe from all the extreme effects of nature and technology. We simply cannot do that but all too often, people expect their institutions and government to do so. While we must do the best job possible, there is certainly a limit to the ability of governments and institutions as to what they can do and we should be more realistic about these limitations and communicate this reality to the public.

In your opinion, what are the major reasons for the tragic accident at the Fukushima Daiichi Plant?

I think that the events at Fukushima Daiichi are a classic example of cascading failure. Even though the plant survived the effects of the earthquake rather well and the reactors shut down as designed, the tsunami inundated the emergency power generators which led to a shutdown of the cooling water pumps. There was then overheating – some in the core, but more importantly, the spent fuel overheated which gave rise to hydrogen formation and the fires and explosions that occurred in more than one of the units. The question whether there should have been tsunami barriers in place has been asked in hindsight but how high should they have been? This would have been difficult to answer before the events. The village of Ryoishi had a high and substantial tsunami barrier in place but it was not high enough and the village was severely damaged. In retrospect, the emergency power generators should have been located at a higher elevation and nuclear plants in the region that were constructed later such as Fukushima Daini took this precaution. More recent nuclear plant designs now utilize gravity feed for the cooling water so that it is not dependent on electricity to run the cooling water pumps. At the end of the day, it was the failure to keep the spent fuel from overheating that cascaded into the massive failure that occurred at Fukushima Daiichi.

What are the main lessons to be learned from the experience of Fukushima Daiichi Plant?

The classical risk assessment process focuses on what can go wrong and how likely it is to occur but all too often, we can’t predict this as accurately as we need to. The other part of the risk assessment relates to consequences. If you start with a question about the consequences, i.e. “What if there was a loss of cooling to the spent fuel or to the reactor core, what is likely to happen?” then it becomes somewhat easier to see issues like radiation release, land contamination, health and economic impacts, etc. If you think about how you prevent these problems, then you start looking at the likely causes and you put measures in place to prevent them. These are the second and third order effects which grew out of the first order failure of the emergency generators at Fukushima Daiichi. We might not be able to predict everything specifically but we know that the emergency generators are perhaps the key part of the power plant safety infrastructure and we should ask how do we protect them to ensure that there is a continuous source of power to the cooling pumps. Loss of cooling proved to be the prime vulnerability leading to everything else that followed.

What role can the World Bank Group play in preventing or decreasing cascading infrastructure failures?

The Bank is extremely well-placed to help prevent, or at least reduce, these types of failures in the future. It works closely with people doing projects in the developing world where risks tend to be exacerbated by the fact that many people are poor and often crowded into substandard living arrangements. Many people who are poor do not have a choice but to live in high risk areas where violent storms, floods, earthquakes, and tsunamis happen with great frequency. The Bank needs to do as much as it can to influence infrastructure projects so that they are planned and designed with the realization in mind that although we cannot prevent failures from happening, we can take steps to make sure that as few vulnerable people as possible are exposed to the consequences of failure. While we cannot prevent catastrophes from happening, we can start with the goal of minimizing human impacts; loss of life and injuries. The Bank should work with its stakeholders to make sure that they understand and are committed to the premise that projects must address not only benefits, but also the consequences if something fails and what is the impact on people. The Bank, in its position of assisting with development, funding, and financing, can work very well with people in the field to build local awareness and capacity and make things better.

Comments are closed