Article - Issue 51, June 2012

Catastrophe risk engineering

Dr Gordon Woo

Download the article (73 KB)

Dr Gordon Woo

Dr Gordon Woo

The UK’s Cabinet Office and Ministry of Defence commissioned a review last year which asked internationally recognised experts to present up-to-date and leading-edge thinking on the best ways to approach identifying, assessing and managing high impact low probability risk. One of the Blackett Review panel, DrGordon Woo, identifies some of the dilemmas and how a risk matrix can be used to address potential incidents.

Engineers know that there is no such thing as absolute safety or complete reliability. Yet the public likes to be assured that there is – and politicians are reluctant to say otherwise. You might think that the people who advise politicians would guide them, and offer explicit risk assessments that would dispel the myth of absolute safety. It is not unheard of, however, that risk experts’ advice goes unheeded or, worse, that by exposing gaps in safety or security they could become hostages to fortune, with any subsequent accident or security breach leading to accusations of cover-up or recriminations over inadequate pre-emptive safety mitigation.

We cannot avoid engineering catastrophes entirely. However, through systematic and rigorous risk engineering we can minimise the prospect of catastrophic failure. Unlike a vehicle, a building or a machine, risk is not something that we can see or touch. Risk is intangible, but it can be assessed; catastrophe can be calculated.

Mitigating catastrophe through engineering counter-measures may also be very expensive, and the cost-effectiveness of new engineering safety measures will always need to be justified in monetary terms. This demands a quantitative rather than purely qualitative approach to risk.

Risk assessment is a complex process that calls for judgements that balance risks against costs. It is, therefore, little wonder that governments prefer an absolutist approach. Consider the engineering design of coastal defences. Build a tsunami barrier to the highest expected wave height and the people living behind the wall can be absolutely reassured. The problem is that there is ambiguity in the definition of the highest expected wave height. Historical records of natural hazards are like Olympic records; they are liable to be broken. The giant Japanese earthquake of 11 March 2011 created tsunamis considerably higher than the engineering design levels of defences. A subsequent government-appointed reassessment of the highest expected tsunami has doubled, tripled, and even quadrupled the 2003 design values along Japan’s exposed southeastern coast.

Transport is another engineering sector where the quest for ever greater passenger safety has to be assessed within the context of affordable public travel and available government subsidy. The need for any further safety regulation is a government responsibility that involves what is often a finely balanced decision, weighing risk levels against the cost of mitigating those risks.

One way to address the challenge of assessing risks, and to aid regulators in risk assessment and decision-making, is through a matrix approach. A risk matrix is a compact representation of risk, with the two dimensions of the matrix denoting the likelihood of a risk and the size of its impact.

The UK National Risk Register, which adopts a matrix approach, classifies a wide range of risk scenarios according to their likelihood and impact. These risks include events that have occurred in recent memory: an outbreak of a pandemic human or animal disease, coastal flooding, and a terrorist attack in a crowded place. The Government Office for Science recently published the Blackett Review of High Impact Low Probability Risks. The Blackett review, commissioned by the Cabinet Office and Ministry of Defence, draws on contributions, national and international, from government, academia and industry, and documents the latest thinking supporting this type of classification.

For engineers, it is the high impact low probability sector of the risk matrix that is of greatest concern. On the UK’s railways, where safety levels are already high, effective risk management requires continuous vigilance to avoid rare incidents that might cause train derailment and passenger casualties. Improving resilience against such incidents comes from, for example, monitoring new types of vandalism such as the theft of copper cable. New engineering technology, such as fibre-optic vibration sensors, can reduce vulnerability to cable theft, but the cost of covering many hundreds of kilometres of track is substantial and has to be judged against the benefits of the subsequent risk mitigation.

The more extreme the potential consequences of an accident, the more inventive engineers need to be to mitigate risks. The transportation of liquefied petroleum gas (LPG) by road poses the rare but potentially catastrophic risk of a ‘boiling liquid explosive vapour explosion’ (BLEVE), caused by a rupture of the tanker. Various passive fire protection systems have been devised to forestall a BLEVE, but is their cost, potentially around €10 million for each life saved, justified for a modest risk reduction?

The answer to this and other questions on high impact and low probability events lies in a comparative quantification of the respective costs and benefits of risk mitigation. €10 million sounds like a high value-per-life-saved from this mode of transport of hazardous materials. Exploring the extremity of the risk matrix can help us to identify other, possibly more cost-effective, options for improving public safety.

A calculation of catastrophe is an acknowledgement of the limitations of deterministic engineering design based on absolutist assumptions. Forty years ago, when the Fukushima nuclear plant was constructed, a deterministic approach to seismic design was the norm. The reactor was designed to be safe in an absolute sense. If absolute safety were indeed achievable, there would be little point or purpose in a risk matrix. However, it is not, and engineers must learn how to communicate better the risk inherent in every design solution.

If decision-makers are to be dissuaded from restating misleading and potentially dangerous platitudes about 100% public safety, they must be able to call upon engineers for assistance in designing risk matrices and explaining actual margins of safety. One of the great statisticians of the 20th century, C R Rao, argued that reasoning under uncertainty should rank with reading, writing and arithmetic as essential for every education. Engineers in particular need to be better trained in risk-informed decision-making so that they can bring risk management to the fore of their profession, where it belongs.

Download the Blackett Review at

[Top of the page]