Well. We can learn that complex systems fail. Sometimes very simple systems fail too, depending on the user.
Here are some examples that can help us explore the best approaches to prevent accidents and reduce risks in systems that require human interaction. There are some lessons that we can apply to flood risk mitigation. At the end of the post we roll the lessons in these unrelated disciplines into
the flood risk connections of interest to CityFloodMap.Com readers.
Health Systems / Therac-25 Radiation Machine
Therac-25 Radiation Machine - too complex for smart folk. |
The Therac-25 was a radiation therapy machine produced by Atomic Energy of Canada Limited (AECL) after the Therac-6 and Therac-20 units.
It was involved in at least six "accidents" between 1985 and 1987, in which patients were given massive overdoses of radiation. Because of concurrent programming errors, it sometimes gave its patients radiation doses that were thousands of times greater than normal, resulting in death or serious injury. These accidents highlighted the dangers of software control of safety-critical systems, and they have become a standard case study in health informatics and software engineering.
Lesson 1: Fail-safe hardware can improve safety. Earlier versions has both hardware and software controls to prevent high energy doses - the Therac-25 used only software.
Lesson 2: You can't fix what you don't understand. After the first fatal doses, operators did not fix or even understand the frequent recurring problems. In 1986, now-deceased patient Ray Cox removed himself from the machine after the third painful dose, while the technician continued to apply unsafe doses while ignoring software error messages.
Energy Systems / Compact Fluorescent Light Bulb
Compact fluorescent light bulb - too complex for regular folk. |
The general population does not appreciate things like mercury vapour, or safe disposal so the CFL failed too. While rather simple, it demonstrated that the general public does not do well with science.
Lesson 3: Keep it simple, fool-proof and fail-safe. My mom would not use our first microware because she could feel the "rays coming out of it" and was convinced it was unsafe. She tried to prove this to us kids by holding her hand near the back - we told her that was the fan blowing air out the back exhaust.
Home Safety System / Carbon Monoxide Detector
Even these can be a problem for users. Recently a Toronto man almost killed his family because he unplugged his CO detector - why? - because it was going off. Beep Beep Beep. Meaning his family was being poisoned by carbon monoxide gas. Thank goodness they found out and are now safe:
But this shows that even the most simple systems (Beep = Danger) can overwhelm the general public.
Lesson 4: See Lesson 3
Lesson 1 Flood Connection: Fail-safe hardware can improve safety.
Physical hardware that required no user expertise to ensure safe conditions made pre-Therac-25 devices safer. In the context of flood risk reduction, this encourages us to rely on "sure things" like fail-safe physical flow conveyance systems, and passive physical flood proofing measures as opposed to actively-managed ones, or mechanical or electrical systems.
Managing risk with fail safe flood proofing retrofits - New York City. |
Physical measures related to the way we build homes can ensure that valuable finishes and belonging stay above flood prone levels in sewers and overland - New York has just put out a great document COASTAL CLIMATE RESILIENCY Retrofitting Buildings for Flood Risk available here.
Sewage pumping stations used to have overflows to adjacent watercourses in case of failure of the pumps or power supply. To better manage environmental conditions, these fail-safe "hardware" overflow features have sometimes been removed.
Cities should map and manage urban flood risks so that fail-safe, physical controls can be preserved or retrofitted in the landscape. Calgary had their flood risks mapped but ignored them, building right in the floodway with no physical separation from the risk - that was a formula for disaster. Planning agencies and ministries should take ownership of risk management and promote fail-safe physical controls, even revisiting the benefit of reliable, physical overflow features in pump stations for the most extreme events.
Intact Insurance repeats IBC and ICLR's "Telling the Weather Story" theoretical statement on bell-curve probability shifts as 'fact'. |
Lesson 2 Flood Connection: You can't fix what you don't understand.
Intact Insurance has a web page www.InsuranceIsEvolving.com that states there is a "rising frequency and severity of extreme weather events" and they repeat the discredited theoretical Telling the Weather Story statement as fact.
Intact Insurance ties this rising frequency to climate change and release of greenhouse gases. While there are many reasons to be concerned about climate and global warming, if we mistakenly point to increasing severe weather (Environment Canada's Engineering Climate Datasets show no increase) as the cause of flooding, we will miss the real opportunities to find effective solutions to flood risk reduction, and will ignore current physical problems and ineffective policies.
New York City - Example Streetscape with Flood-Proofed Bungalows |
There is a "fetish" in the water resources community on updating rainfall intensity-duration-frequency, IDF, curves. Countless person-years of effort and hundreds of thousands of dollars have been put toward updating, and massaging these numbers when the historical trends are really nil for this design parameter. If the same effort had been put into urban flood risk mapping as IDF review, we would have maps showing urban risk areas and could apply urban risk reduction policies tomorrow. If the same effort had been put into updating runoff-coefficients for urban hydrology we would have more conservative and accurate risks identified. If the same effort had been put into the review of low-intensity design hyetographs for watershed that are misapplied to small flashy urban systems, we would have more conservative flood risks mapped that reflect real, damage-causing storm risks.
Over time, the provincial ministries, their agencies and the insurance industry may straighten themselves out and refocus on true causes of flooding. In the meantime, many will continue to pucker on the pecunious teat of public and private funding to predict weather patterns. This despite that fact that due to Chaos, Lies and Butterflies we just can't.
Lesson 3 and 4 Flood Connection: Keep it simple, fool-proof and fail-safe.
Sump pump installation. |
Recently a robust system of sump pumps has been proposed as a way of limiting basement flood risks and reducing losses. A resilient system includes one or two back-up pumps, and a back-up power supply. The system must also be regularly inspected and maintained. The approach is described in the blog "Focus on reducing losses associated with sump pumps":
Not simple, not fool proof, sort of fail safe. An in-law of mine bought a small house in Meaford that had a back-up diesel generator. Cool! Nobody knew what it was for until the spring. It was supposed to help keep groundwater water out of the lower level in a power outage. Did it work? No. They flooded a few times and then sold the place. That is just one instance but it shows that fail-safe systems are better - a slab on grade and a two storey house instead of a finished basement would have been a smarter, lower-risk build. Sometimes redundant systems for power supply fail too.
New York City - Floodproofing Illustration. |
The Lesson 1 New York City document provides a great perspective on the fail safe approach to building. That approach could be adapted from storm surges to urban flooding risks.
Make the Flood Connection. We cannot expect the general public who can't manage CFL bulb disposal, who can't understand carbon monoxide warning beeps, who can't tell fan exhaust from escaping microwave waves, or even informed operators who override radiation machine error codes without a second thought, who ignore Environment Canada data, or who send GO Trains out into flooded floodplains to effectively manage complex systems. Flood risk reduction measures should be based on a clear understanding of causes (risk factors) and should be physically fail-safe, minimizing reliance on electrical and mechanical systems, or user intervention.
****
****
Explore cognitive biases in our thinking that pose barriers to effective flood risk management: