Can we expect the unexpected?
Atypical scenarios or “black swan events” have been suggested as causes for major disasters where our hazard identification and risk assessment methods seemed to have deserted us. These sometimes show up as hazardous scenarios that we failed to predict, or as events that occur when all the protective systems failed.
A gasoline storage facility at Buncefield (UK) exploded in 2005, leading to the country’s largest peacetime fire. The potential for a large overflow of gasoline to result in a vapour cloud explosion seems to have been overlooked — even though such explosions had occurred seven times in the previous 50 years. And a key control system had failed 14 times in the previous four months.
The 13-metre tsunami that struck the Fukushima nuclear power plants completely overwhelmed the protective walls and back-up systems, which were planned for a maximum wave height of 5.7 metres. As a result, the cooling systems and the emergency power generators were completely destroyed.
The Carnegie Endowment for International Peace reports that since the year 1496 there have been 12 tsunamis in the same area with a wave height greater than 10 metres. Six were around 20 metres high. The International Atomic Energy Authority recommends that nuclear facilities should be fully protected against events occurring at a frequency of one in 10,000 years, but this recommendation had not been taken into account.
Similar events and other major failures often lead to “worst case scenarios”. Such causes are often dominated by catastrophic failures of process containment systems. As the frequency of these failures is assumed to be low, the probability of failures of multiple protection layers may seem negligible —that is, until we include a proper evaluation of dependent failures. So do our risk-management processes do a good job of identifying all the scenarios? Are independent safety barriers truly independent? Can multiple safety barriers be rendered ineffective by a single initiator or systemic problem?
And are these atypical scenarios really “unknown unknowns”? To call them such seems like an excuse for failing to learn from experience or for a lack of imagination within a risk management process. Proper study reveals that the same or a very similar event has occurred or that obvious precursors have occurred as near misses.
We would do well to ask ourselves these questions and act on what we find.
Read more about what UNECE does: