Domino Effects and Cascading Events: Natech, security-related and external hazard factors affecting the process and energy industry

Transcription

1 : Natech, security-related and external hazard factors affecting the process and energy industry Valerio Cozzani LISES - DICAM Alma Mater Studiorum Università di Bologna Bologna, Italy valerio.cozzani@unibo.it

2 Conventional Risk Management 2 In the last 20 years conventional risk management tools progressively improved and their application spread from chemical and nuclear to several industrial sectors Risk management systems are mostly aimed at reducing conventional risks Accident TECHINICAL/ TECHNOLOGICAL HUMAN/ MANAGEMENT GOVERNANCE/ COMMUNICATION POLICIES/ REGULATIONS/ STANDARDS

3 WHAT ABOUT CASCADING EVENTS? Current risk management techniques have a limited effectiveness in affording DOMINO and CASCADING events

4 Management of Risk 4 Iso-Risk Curve F Conventional risks Events with low frequency and high magnitude Rather frequent and expected events High Impact Events M

5 RMS: tackling Known Knowns 5 Borrowing from Donald Rumsfield the concept of Known/Unknowns, safety management systems are effective in preventing expected scenarios Lack of Knowledge Knowledge Known Knowns an event we are aware that may happen and on which there is sufficient knowledge and operational experience. Awareness is the key factor Lack of Awareness Awareness Known Unknowns Unknown Unknowns Known Knowns Unknown Knowns 5

6 Evolution of safety performance and risk aversion Nb of accidents Higher societal requirement for prevention of HIGH IMPACT LOW PROBABILITY events Risk aversion Technology improvement Enhanced risk management Safety Management Systems Safety Cutlure Safety Behaviour decrease of the number of accidents => decrease of their tolerance Time 6

7 EU Research on safety must look for Black Swans! 7 Among leading causes of Domino or Cascading events is the lack of awareness: Black Swans? a black swan was a metaphor of impossibility in the past, because all historical records of swans reported they had white plumage from Juvenal's Satires: rara avis in terris nigroque simillima cycno (a rare bird in the lands and very like a black swan) a specimen of a black swan was found in Western Australia at the end of the 17th century and the term became the symbol of disproven impossibility DO NOT FORGET THAT BLACK SWANS ACTUALLY EXIST!

8 Some examples of black swans... 8 Domino Effect An accident in which a primary event propagates to nearby equipment, triggering one or more secondary events resulting in overall consequences more severe than those of the primary event PROPAGATION ESCALATION Propagation: need to assess propagation possibility/probability Escalation: need to assess final (overall) consequences

9 After the Mexico city accident (1984, 500+ fatalities) domino accidents are no more a black swan High regulatory requirements (article 8 in Seveso-III Directive) Consolidated tools and reliable safety barriers still need research input

10 NaTech Accidents 10 The impact of a natural event on a technological system may cause a cascading event resulting in severe technological accident 1. A natural event occurs 2. At least one (or more than one) equipment item (storage tank, reactor, distillation column, pipe, etc.) is damaged 3. A dangerous substance (flammable, toxic, reactive with water, dangerous for environment) is released 4. A final scenario due to the dangerous substance released (toxic cloud dispersion, environmental pollution, explosion, etc.) occurs

11 NaTech: : nuclear power plants... 11

12 NaTech: :... and conventional plants 12

13 DyPASI methodology CONTEXT & CONCERNS 3. SCENARIOS & ER Identification 1. Early Warnings - NOTION 4. PRE- ASSESSMENT 8. MANAGEMENT & DECISION (TREATMENT) 5. ANALYSIS (APPRAISAL / ASSESSMENT) 7. EVALUATION / TOLERABILITY & ACCEPTABILITY 6. CHARACTERIZATION 13

14 DyPASI: : retrieval of risk notions NaTech 14 Number of seismic events Number of damaged equipment Max number of damaged equipments in one event Medium number of damaged equipments in one event Number of damaged equipments with release Number of cases of release with ignition Ignition probability 29 = =180 =

15 NaTech: :... still a black swan? 15 Regulatory requirements are low and do not recognize the specificity of industrial structures: 1. On the side of structural safety, Eurocodes issue the same requirement for a tank full of water as for a tank containing liquefied chlorine under pressure 2. On the side of major accident hazard, Seveso Directives to not include explicitly NaTech scenarios 3. No effort yet present on interdisciplinary research on design and prevention criteria Notions of change: several projects on the structural design side (FP7 STREST), control authorities asking to explore the problem, growing awareness in industry...

16 Other cascading black swans around? 16 Security-related major accident are a third category of cascading events that may become of relevance

17 How can we chase black swans? Identification: horizon screening, collection of risk notions for HILP in key-industrial sectors affected by inherent hazards 2. Awareness: contribute to build up awareness both in industry and in regulatory bodies concerning HILP 3. Tools for RA and RM: development of dedicated tools to obtain a progress in the assessment and management of HILP events 4. Protection and Prevention: shift in design concepts to introduce risk or loss -based design and management of exceeding risk

18 No need to re-invent the wheel 18 The bow-tie approach is widely used in the quantitative assessment of conventional industrial risk CAUS ES CONSEQUENCES

19 Detailed assessment methods: a bow-tie for HILPs 19 Floods Earthquakes Lightning Landslides Wind Waves Fire Toxic Release Environmental contamination Explosion A bow-tie approach may be used for a systematic analysis of external hazard factors Right wing needs to be modified: identification

20 1. Identification 20 New techniques: dedicated to capture early warning or scattered notions Integration: creating synergies by the integration of complementary HazId techniques (indicators, structured brainstorming, notion capture) DyPASI REWI 1. Bow-tie analysis 2. Information search 3. Information assessment 4. Identification of atypical scenarios 5. Definition of safety barriers Deviations & past events Poor HAZID Early warnings Atypical scenarios 1. Contributing Success Factors 2. General Issues 3. Suggested indicators 4. Review and Update 20

21 3. Tools for RA and RM: rapid screening 21 Seismic Flood 5-year cooperation regional project: UniBO and Regional Civil Protection Emilia- Authorities Romagna Italy Seveso sites Hazard Ranking Screening: allows focusing on critical areas and preliminary decision-making on use of resources

22 3. Tools for RA and RM: QRA 22 Emilia- Romagna Italy Only critical equipment needs to be considered (see past accident analysis) Damage states and reference scenarios may be obtained from past accident analysis Damage probability models for a given impact vector are required 5-year Steps cooperation 6-9 are similar regional to project: UniBO and Regional Civil procedures for domino effect Protection Authorities risk assessment: multiple simultaneous scenarios should be considered

23 3. Tools for RA and RM: QRA 23 Damage probability is a function of total pressure, thus of water velocity and water height CFL max min min

24 DOMINO EFFECT IN INDUSTRIAL CLUSTERS 5-year cooperation regional project: UniBO and Regional Civil Protection Authorities Dashed lines: no domino effect Full lines: domino effect considered Individual risk increase up to an order of magnitude Individual risk increase mostly inside the industrial area The high extension of the area made high protection distances available

25 4. Protection and Prevention: Design 25 Identification 1.00E+00 of critical units (not all equipment items need protection) 1.00E-01 Identification of specific residual functional 1.00E-02 requirements (e.g. structural integrity and no loss of containment) 1.00E-03 H(PGA,TSL) 1.00E-04 Identification of a risk threshold allocated to the equipment 1.00E-05 (tolerable risk -σ of failure +σ over equipment lifetime) 1.00E-06 Derivation of loss-based design standards (thus, 1.00E-07 design standards based on final scenarios) Management of exceeding scenarios PGA (g)

26 4. Protection and Prevention: Emergency Management Technological event Normal situation Cascading event Disaster situation 26 Single event (system failure, human error, process upset) natural Mitigation and emergency response

27 4. Protection and Prevention: Emergency Management 27 Capacity of Emergency Response: Emergency response should be able to cope with cascading events If no specific planning is introduced, no effective protection is provided to the population Where are emergency response resources located? Are emergency response resources vulnerable to the impact of the cascading event? Was the potential for multiple scenarios considered in emergency planning?

28 4. Protection and Prevention: Emergency Management 28 3-years National cooperation project: CONPRICI Italian National Civil Protection Authorities

29 Conclusions 29 Growing risk aversion poses new requirements in the prevention of HILP events Domino and Cascading events are HILP events that need to be included in improved risk management systems Integrated identification procedures are needed to increase awareness Specific tools are needed, allowing the screening of the hazard and quantitative assessment of risk New approaches to desing and emergency management may be developed to prevent the risk of cascading events The complexity and interdisciplinary knowledge required to afford cascading event caused a jeopardized approach and a number of regional projects