How Safe Is Safe Enough? To Engineers, It Depends

In November 1940, just months after its completion, a large section of the Tacoma Narrows Bridge crashed into Puget Sound in Tacoma,  Wash. The bridge collapsed under high winds — a failure that shocked engineers at the time. i i

In November 1940, just months after its completion, a large section of the Tacoma Narrows Bridge crashed into Puget Sound in Tacoma, Wash. The bridge collapsed under high winds — a failure that shocked engineers at the time. AP hide caption

itoggle caption AP
In November 1940, just months after its completion, a large section of the Tacoma Narrows Bridge crashed into Puget Sound in Tacoma,  Wash. The bridge collapsed under high winds — a failure that shocked engineers at the time.

In November 1940, just months after its completion, a large section of the Tacoma Narrows Bridge crashed into Puget Sound in Tacoma, Wash. The bridge collapsed under high winds — a failure that shocked engineers at the time.

AP

No one likes things to break. We don't like holes to appear in airplane cabins unexpectedly; we don't like bridges to collapse; we don't like radioactivity to leak from nuclear power plants. But engineers have to design things to certain specifications, and they have to grapple with the question of how safe is safe enough.

When humans first started building things, determining whether they would work as planned was mostly a matter of trial and error. Build a bridge, drive a chariot across it, and see if it collapsed.

"And it really wasn't until the Renaissance, until Galileo, that there was what we could today call a rational approach to design through calculation," says Henry Petroski, a professor of engineering at Duke University.

He says computers and mathematical models now can predict how a bridge will behave under different conditions. But he says if you ask engineers to build a safe bridge or a safe nuclear plant, they ask you what you mean by that.

"The definition of safe is not strictly an engineering term; it's a societal term," he says. "Does it mean absolutely no loss of life? Does it mean absolutely no contamination with radiation? What exactly does safe mean?"

Once you settle that question, engineers still face the problem of deciding how to achieve whatever level of safety they are aiming for.

Michael Corradini, a professor of nuclear engineering at the University of Wisconsin, says first, engineers design for normal operating conditions. "Then with any engineering design, anything at all, you say, 'That's fine, that's what it operates on. But what if something happens that it experiences some unusual conditions?' "

So for example, let's says you're designing a bridge for a place where gale force winds and heavy snows are virtually unheard of.

"You still design for it so that the bridge safely performs its function," Corradini says. "Or if it fails, it fails gently, so there are no catastrophic effects." In other words, the bridge doesn't collapse.

Engineering For All Conditions

But what about other kinds of safety threats? How well will a bridge do if terrorists try to blow it up? What happens if operators in a nuclear power plant control room suddenly get sick? What if a meteorite falls on the plant?

The facilities at the Fukushima Dai-ichi nuclear power plant were designed to withstand strong earthquakes and tsunamis, but not to the strength and size experienced on March 11.

The facilities at the Fukushima Dai-ichi nuclear power plant were designed to withstand strong earthquakes and tsunamis, but not to the strength and size experienced on March 11. Air Photo Service/AP hide caption

itoggle caption Air Photo Service/AP

Corradini says nuclear power plant designers try to think of everything.

"They have a listing of all the things they think can go wrong and how they can go wrong, and some sort of ordered list of which is more likely than others," he says.

And the possibility of a meteorite isn't a joke: "It's there somewhere — it's just a very low probability," Corradini says.

But sometimes, when you set out to build a nuclear power plant, you don't know exactly what the likelihood of a particular calamity might be.

"When we plan something, we always make assumptions," says Yotaro Hatamura, an emeritus professor of engineering at the University of Tokyo. He says engineers sometimes don't pay enough attention to history in making their assumptions.

Hatamura favors what he calls "backward thinking" — looking at a previous step in the process to see if it worked properly. For example: The reactor core might survive an earthquake, but what about the pumps that provide cooling water to the reactor? Or what about the backup generators that provide emergency power to the pumps? Or what about the fuel supply for the emergency generators?

He says accidents happen when engineers don't constantly test and revise the assumptions they've made about all the things that a nuclear plant needs to operate. Hatamura says it's not always easy to look back and admit to problems that you should have thought of in the first place.

"We don't see what we don't want to see. We don't want to think about scary things," he says. "That's just human nature."

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.