Half-way risk

When control operators and their managers in large critical infrastructures know that some events must never happen—the nuclear reactor shouldn’t blow up, the urban supply shouldn’t get cryptosporidium, the electricity grid shouldn’t island—and we know that they know because they behave accordingly—then better practices emerge for ensuring so. Mandates to reliably preclude certain events put enormous pressure to focus on and adapt practices that are working to meet the mandates.

If so, then conventional risk analysis gets its questions only half right by stopping short of the other questions to be asked beforehand. The conventional questions, “What could go wrong?” “How likely is that?” and “What are the consequences if that were to happen?” should be preceded by: “What’s working?” “What’s even better?” “How can we get there?” and only then do we ask: “What could go wrong in trying to get there?” “How likely is that?” and “What are the consequences if that were to happen?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s