Re: [sc] Fukushima, the Tsunami Hazard, and the Engineering Record


Re: [sc] Fukushima, the Tsunami Hazard, and the Engineering Record

From: drdpj_at_xxxxxx
Date: Thu, 31 Mar 2011 15:59:44 -0400
Message-ID: <380-220113431195944205@xxxxxx> 
On "possibilistic thinking" vs. "probabilistic thinking" for
low-probability/high-severity events--

It's not the probabilistic side of risk management that is the problem, it
is the severity side. The severity of large-scale events is simply not
commensurate with even multiple small-scale events. A single flood that
devastates my house is much worse than a lifetime of house-maintenance
problems even if I spend more money overall on the house maintenance,
because I can tolerate the house maintenence but cannot withstand the
flood. So putting my house on a "once per lifetime" floodplain is unwise,
even if the likelihood really is "once per lifetime".

The approach should be to look at the high-severity event and ask "how
often can we tolerate this?" and then argue about whether the possibilities
of the event occuring  are compatible with that tolerance. We're willing to
tolerate a car death every 13 minutes, but are not willing to tolerate a
fatal large aircraft crash every year, and certainly not a Chernobyl every
25 years. 

So let's see, there are 442 nuclear reactors world-wide. To cut the
incident rate down to once per 100 years world-wide, that means each
reactor can tolerate at most one catastrophic event per 44,200 years. So
definitely considering the tsunami history since 867 is well within even
this rather simplistic "probabilistic" analysis, and evaluating each plant
against the worst-case conditions known in the complete historical record
is not conservative enough.

--Dr. Daniel P. Johnson

Original Message:
-----------------
From: Peter Bernard Ladkin ladkin@xxxxxx.uni-bielefeld.de
Date: Thu, 31 Mar 2011 12:17:56 +0200
To: carl@xxxxxx.com, safety-critical@xxxxxx.york.ac.uk
Subject: Re: [sc] Fukushima, the Tsunami Hazard, and the Engineering Record


I wrote an essay which puts many of the themes together which have been
touched on here at 
http://www.abnormaldistribution.org/2011/03/31/fukushima-dai-ichi-accident-s
ociologist-needed/

There is a group at our residential research institute ZiF this year
studying Communicating 
Disaster. It is mainly composed of sociologists, but there are a couple of
computer scientists and a 
geographer or two, and one voluble system-safety specialist. We have just
produced a set of short 
essays for the quarterly ZiF journal (which reports results of residential
research groups and their 
conferences). The note referenced above is based on mine.

I think Nancy's suggestion for a public hazard analysis rather than full
public safety case is 
interesting, for three reasons.

First, controlling for confirmation bias. I agree with Nancy, Carl, Mike
and Myriam that it must be 
controlled for. It is an interesting point whether it is more likely to be
present in a full safety 
case than in a HazAn alone. I can see Nancy's point that it is prima facie
more likely.

Second, focusing on the HazAn alone rather than risk and rationale.
Something similar has been 
argued by the sociologist Lee Clarke, who has suggested that "possibilistic
thinking" is a more apt 
guide to decision-making about such low-probability high-severity phenomena
as nuclear power plant 
accidents than probabilistic thinking, as used in the risk analysis. Lee
told me that it is similar 
to HazAn, but broader. He argues the efficacy of the possibilistic
analysis, the HazAn, well.

Third, there is a reason not to include a full risk analysis, which is that
the severity of such 
events, as I pointed out in my note here to Peter Bishop, and also in the
blog post, is very 
malleable. People who make serious attempts (with or without an agenda) to
estimate the severity 
differ by up to four orders of magnitude in their results. You cannot base
any sensible risk 
estimate on such variable figures. But you can still have a very good shot
at a complete HazAn.

However, someone will have argued, using some set of figures, in the safety
case, for a specific 
risk. If it is garbage, it is better that the garbage is out in public for
all to read and condemn.

Charles Perrow, Lee Clarke, John Downer and Martyn Thomas have all
indicated their willingness and 
availability to participate in a small workshop which I shall try to
organise in Bielefeld in August 
on high-severity sociotechnical risk. I am aiming for equal parts
discussion and talks. Could anyone 
who might be interested in attending please drop me a short personal note?

PBL

Peter Bernard Ladkin, Professor of Computer Networks and Distributed
Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de






--------------------------------------------------------------------
mail2web - Check your email from the web at
http://link.mail2web.com/mail2web
Received on Thu 31 Mar 2011 - 20:59:39 BST