Choosing Safety

  Guide to Using Probabilistic Risk Assessment and Decision Analysis in Complex, High-Consequence Systems

From the Back Cover

Michael V. Frank – RFF Press – 2008

The technological age has seen catastrophic and preventable failures from buildings and bridges to space and launch vehicles, from chemical factories to nuclear power plants, from ships to airplanes, and from trains to automobiles. Often the root cause can be traced to decisions that did not appropriately consider safety as a factor in design and engineering. The ideas, methods, and case studies of this book are at the nexus of probabilistic risk assessment and decision analysis. This book melds these two technologies into a method of building safety into a system or product from the very beginning of its development.

Choosing Safety is the first book to bring together probabilistic risk assessment and decision analysis using real case studies. Through more than a dozen practical examples from the
author’s experience in nuclear power, aerospace, and other potentially hazardous facilities, the book focuses on methods for making logical decisions about complex engineered systems and products in which safety is a key factor in design—and where failure can cause great harm, injury, or death. In a nutshell, it shows when, where, and how probabilistic risk assessment fits into decision analysis. This book provides the needed guidance and formal procedures to include safety in project decisions.

Choosing Safety is for managers, project leaders, engineers, and scientists who create, design, develop, operate or maintain high consequence, complex systems and products. The
book is also for students and anyone else interested in a broad perspective about the union of decision analysis and probabilistic risk assessment.

Interview with The Author

Space Safety Magazine: Which is the primary thesis of your book?
Michael V. Frank: Probabilistic risk assessment (PRA) is used to help make decisions involving safety of engineered systems and systems designed to safeguard against natural phenomena. Long before PRA was invented (early 1970’s), the field of decision theory/decision analysis had been assisting corporations and government in cogent ways to think through complicated situations to arrive at a decision. If you look at the graphical constructs of decision analysis and PRA, you notice that they are quite  similar.  In fact, both revolve around how to identify and quantify uncertainties and they use similar mathematical methods. Therefore I wrote the book around how to merge these two fields to demonstrate how one may use PRA to make decisions that involve safety.

“Risk is a representation of uncertainty associated with the probability and consequences of events or collections of events„

SSM: Can you give a brief definition of probabilistic risk assessment and decision analysis?
MF: Both PRA and decision analysis treat risk: I don’t think there is a universal definition. One I find useful is: risk is a representation of uncertainty associated with the probability
and consequences of events or collections of events. Both PRA and decision analysis allow a decision maker to understand how uncertainties influence the collection of factors that are important to the probability and consequences associated with an outcome. In PRA, one constructs a model to obtain the probability (or frequency) of event sequences (sometimes called scenarios) that lead to an undesired outcome (such as mission failure, launch vehicle explosion, release radionuclides in a nuclear reactor), and also the probability distribution over the severity of the undesired outcome, such as a cumulative distribution function over the number of injuries. In decision analysis, one constructs a model in order to choose among alternative courses of action. The book shows how one uses PRA within a decision model that includes safety as a decision attribute, in order to choose among alternative courses
of action. This thinking was the genesis of the book’s title Choosing Safety.

SSM: How do you merge them into decision making tools?
MF: In brief, one starts with setting up a decision model. A decision model involves defining alternatives, attributes, and outcomes/consequences. Attributes are those factors that the decision-maker wants to consider when trying to develop the out alternatives. Probabilistic risk assessment is used to quantify with uncertainties the attribute safety for use in the decision model. The book guides the reader through the details and also provides several examples.

SSM: How did you develop your approach?
MF: I introduced modern PRA to NASA starting with the Space Shuttle PRA Proof of Concept Study (1987). After the studies completion, NASA managers begin asking what appeared to be a simple question: now that you’ve done this study, how do we use it? During the next decade of my work with NASA engineers, scientists and managers, that question percolated within me resulting in the book.

“Often catastrophic accidents are preceded by smaller incidents, sometimes occurring multiple times, that we call accident precursors„

Fragments of the Columbia, stored in the RLV Hangar at Kennedy Space Center. The Columbia disaster was preceeded by similar events, without fatal consequences. These events, called accident precursors, shall be interpreted as a signal that a larger accident may occur. Credits: NASA – Kennedy Space Center

SSM: You talk about “catastrophic and preventable failures”: can you make an example in aerospace?
MF: Often catastrophic accidents are preceded by smaller incidents, sometimes occurring multiple times, that we call accident precursors. An example that I believe fits this category is the Space Shuttle Challenger accident in 1986. That accident’s proximal cause was blow-by of hot gas past two O-rings in the solid rocket booster. On previous missions, however, evidence of blow-by of at least one O-ring had been detected. In other words, our knowledge of the risk associated with O-ring blow-by increased with each accident precursor in which a blow by occurred. The proper way to interpret such failures is as evidence that a larger failure could occur. If these failures had been taken with that interpretation, then perhaps the risk mitigation strategies that occurred after the accident might have been implemented before the accident.

Earthquake and Tsunami damage, Japan-March 14, 2011: This is a satellite image of Japan showing damage after an Earthquake and Tsunami. (credit: DigitalGlobe – www.digitalglobe.com)

SSM: How do you think your thesis applies in the recent nuclear power plant disaster which followed the earthquake in Japan?
MF: The nuclear power industry in the United States and Europe has made extensive use of probabilistic risk assessment to make decisions about safety improvement over the last 20
years. The U.S. NRC and the industry have been working through a Severe Accident Management Program that added significant capability for emergency responses for accidents beyond the design bases. I do not know if the same processes of continuous safety improvement had been applied to the Fukushima units. If not, they should start now to develop detailed and accurate  risk and decision models for severe accident management. However, let’s consider this perspective. The plant was hit with a scenario of earthquake and tsunami that has
been the subject of science fiction movies. The entire area was utterly demolished. The nuclear plant, however, while damaged was still standing remained shut down and safe. The radiation release, while significant, was not the horror depicted by the science fiction movies. As far as we can tell today, there have been no deaths and no deaths are anticipated from radiation release. This is compared to the enormous toll of injury, death and damage caused by the earthquake and tsunami itself in the surroundings.

SSM: What do you recommend to the new generations of space engineers?
MF: The current and next generations of engineers are continuously being asked to be more productive and more creative, with fewer people and resources. The management of risk
and the ability to make the right decision,  accounting for risk, becomes more important in an environment of constrained resources. The engineers who master dealing with risk in the
identification, quantification, and mitigation, will be more successful.

About the Author

Dr. Michael V. Frank is the author of  more than 90 technical publications in the areas of risk analysis, decision analysis and reliability engineering with respect to terrestrial nuclear
power, space-nuclear missions, aerospace systems, nuclear waste repositories, and other ground facilities. He has performed more than 100 risk assessments, and has made hundreds of
presentations in national and international forums. His particular expertise is the assessment and management of all risks associated with the design and operation of engineered systems and  the decision-making that accompanies risk management. Among his career accomplishments are probabilistic risk assessments of the Space Shuttle, International Space Station, and the  Cassini mission. A recent significant accomplishment was the risk management of the design for the Geologic Nuclear Waste Repository of the Yucca Mountain Project. Dr. Frank has an educational background in mechanical engineering, nuclear engineering, and material science as well as reliability and risk analysis from UCLA and Carnegie-Mellon University.