Re: [SystemSafety] USAF Nuclear Accidents prior to 1967

From: Peter Bernard Ladkin < >
Date: Sun, 22 Sep 2013 11:26:59 +0200

On 9/21/13 8:10 PM, Nancy Leveson wrote:
> I'm not really sure why people are using an incident that happened 54 years ago when engineering was
> very different in order to make points about engineered systems today.

Well, assuming people would be doing that, it might well be because there are systems that old, with safety-relevant aspects, which are still in use. The Fukushima Number One power plant ran meticulously well for 47 years - until the considerable weaknesses of its design and in its operation were demonstrated on March 11-12, 2011.

I encounter, almost daily and certainly many times a month, engineering attitudes to safety which are those of decades ago. Somehow these tropes persist.

> .... The engineering
> techniques (both hardware and software) and changed dramatically in the past 60 years.

What has not changed as fast is the organisation of the people running them.

> But the NAT/HRO controversy continues. I wrote a paper about this.

Who hasn't? :-)

>.....(the proponents are all

> sociologists and seem unfamiliar with the engineering literature in their papers and with basic
> engineering concepts).

They could well reply that proponents of the Whig view of engineering are all engineers and seem unfamiliar with the organisational-scientific literature and its basic concepts. Present company excepted, of course. (Not just present company. Last week I chatted with a senior scientist at the German Federal Agency for Radiation Protection who is equally as puzzled as I by organisational/engineering weaknesses manifested in recent incidents.)

I have been impressed by the fact that Perrow's 2007 book contains two references to the very mechanism that led to the Fukushima plant failures, as well as a careful description of the type of rail accident that recently happened in Lac Megantic.

There is to my mind a major question why a sociologist can make such public engineering predictions but the engineers don't; neither did/do engineers act on the prediction when it was/is made. No amount of engineering science answers that basic question - it is most obviously a question for organisational science.

I have been personally very impressed by Perrow's almost uncanny intuition, not only about which points to make but how to make them. His command of the rhetoric (in its technical sense) is exemplary. One of his most recent articles for the Bulletin of the Atomic Scientists, on the varying estimates of damage resulting from radiation-release accidents, brings for me the whole basis of severity assessment into question. Needless to say, maybe, that severity is one of the fundamental concepts on which we system safety people rely.

