risk management of dams subjected to … hydro seismic safet… · • full probabilistic...
TRANSCRIPT
freq
uenc
y (/y
r)
1.e-9
1.e-5
1.e-3
1.e-2
1.e-6
1.e-7
1.e-8
1.e-4
1 10 100 10000.1Consequences
Risks that onecannot afford totake too often
Risks that onecannot afford to
take at all
Limit oftolerability
Riskprofile
RISK MANAGEMENT OF DAMS SUBJECTED TO EXTREME NATURAL
HAZARDS
analytical, policy and quality assurance considerations
Des Hartford
14-02-2006 2
Uncertain!
• The domain of dam safety involves much uncertainty> Uncertainty in:
• loads– natural hazards– design loads
• dam performance• dam failure consequences
• All of which should be characterised probabilistically> But are generally dealt with deterministically
14-02-2006 3
Dimensions of Dam Safety
• Safety Policy> the job of government
• through regulators
• Safety Analysis> the job of engineers and scientists
• existing methods and new approaches derived from research
• Safety Assessment> Traditionally the job of owners - to convince the
regulator that the dam is “safe”• more realistically that the dam is safe enough
– but few want to admit to this!
14-02-2006 4
Owner–regulator–engineer challenge
• To state precisely what the endeavour of dam safety assurance entails> Is it the avoidance of dam failure at all costs?
• “Absolute Safety”> Is it the avoidance of dam failure at “reasonable” cost
• “Safe Enough”– What constitutes “reasonable” cost?
» The answer to this question is a policy/political matter.
• How do we measure “safety”?> The ability to “measure” being fundamental to
engineering science and engineering practice
freq
uenc
y (/y
r)
1.e-9
1.e-5
1.e-3
1.e-2
1.e-6
1.e-7
1.e-8
1.e-4
1 10 100 10000.1Consequences
Risks that onecannot afford totake too often
Risks that onecannot afford to
take at all
Limit oftolerability
Riskprofile
Safety policy
A matter for owners and regulators
14-02-2006 6
Safe enough or absolutely safe?
• Dam owners who are liable for the consequences of dam failure, and
• Dam regulators who are responsible for safeguarding the interests of the public> should have a rational and transparent means of
explaining what is meant by a “safe dam”• definitions of what constitute a “safe dam” are difficult to
find– perhaps look outside the dams community
» where the myth of absolute safety dominates– and see that safety is defined in terms of risk
> Conclusion is that Safe Enough is the goal to be striven for
• absolute safety is unachievable
14-02-2006 7
Societal safety in general
Maximum safety possible
“Safety at any cost”
“Societal” accepted
relationship between “equity” and “efficiency”
14-02-2006 8
Dams in the context of societal safety
Leve
l of S
afet
y Pr
ovid
ed
14-02-2006 9
Safety parameters
c
m
1
A
“x = A”
“y = mA + c”
“y = mx + c”
1
14-02-2006 10
Alternative policy parameters
Leve
l of S
afet
y Pr
ovid
ed
1
max
min
14-02-2006 11
Generalised safety framework for dams
Leve
l of S
afet
y Pr
ovid
ed
14-02-2006 12
Policy reality
• Risk assessment provides the most complete characterisation of the safety issue> It is also the most complex way to characterise
safety
• Designing for the “hazard” with no “factors of safety” on the response is an option> Generally not done
• Designing to the “hazard” with “factors of safety” on the response is another option> Traditional practice
14-02-2006 13
Policy challenge
• Decide whether safety of dams should be assessed in terms of:> Deterministic standards (PMF, MCE, design rules)
• Possibly linked to the consequences of dam failure– Linear or non-linear way?
> Probability of hazard• e.g. 100 year flood or the 10-4/yr natural hazard event
– Consider the design parameters for levees post Hurricane Katrina
> Probability of failure• Integrated over the full ranges of hazard loads and dam
responses> Risk
• Full probabilistic characterisation of the combinations of hazards, dam responses and failure consequences
14-02-2006 14
PMF and MCE• The PMF is simply a large flood• The MCE is simply a large earthquake
> May be very conservative in the local context• May not be very large by global standards
> Are not the physical maxima> Are not invariant instruments of public safety policy with
respect to• Location• The state of scientific knowledge or, the people developing
them> Are not strictly “deterministic” constructs
• The extent of probabilistic characterisation varies with the extent of the scientific knowledge available
> Do not necessarily provide the upper bound of “achievable safety”
> Do not necessarily lead to consistently high levels of safety indifferent parts of the same jurisdiction
14-02-2006 15
ALARP considerations
• PMF and MCE do not necessarily maximise safety by reducing risk “As Low As Reasonably Practicable”> If it is reasonably practicable to provide performance
capacity that exceeds the PMF and/or MCE performance than the additional capacity should be provided.
• e.g. concrete dam with PMF spillway designed to withstand overtopping
• e.g. earthfill dam with liquefaction failure mode eliminated– Such a dam could well withstand earthquakes larger than
the site specific MCE
• The ALARP demonstration requires joint consideration of all “hazards”, and the associated “dam response”
14-02-2006 16
“Hazard” and “Dam Response”
Mea
n lo
ad
Mea
n re
sist
ance
Des
ign
load
Des
ign
resi
stan
ce
Nominalsafetymargin
Mean safety margin
Pro
babi
lity
dens
ity
Denotes"Probabilityof Failure"
14-02-2006 17
Prob
abili
ty o
f fai
lure
0
1
Distributions ofprobability of failure
Probability of Hazard Probability of Failure given Hazard
Probability of Failure
Ann
ual E
xcee
danc
e Fr
eque
ncy
14-02-2006 18
Natural hazards, dam response and risk
14-02-2006 19
Towards a rational approach….
• Risk analysis> Provides the most comprehensive means of characterising
the safety of dams• Explicit treatment of all uncertainties
– Transparent and founded in sound science– Necessarily embodies all attributes of traditional analysis
• Goes beyond traditional analysis– Traditional analysis practice is embodied in the risk analysis
approach» As a subset
> A comprehensive risk analysis will include loads and responses outside the range of traditional practice
• Risk analysis demands more comprehensive analysis
14-02-2006 20
The problem of the “unknowable”!
• Impossible to know if an estimate of risk is a good estimate> If probability of event is very low and nothing happens
• then one might be tempted to assume that it is a good estimate– this is not the case– similarly for events that occur when previously two very different
estimates of the probability of the event (0.1 and 0.00001) wereestimated independently
» impossible to determine if the event that occurred was the 0.1 or 0.00001 event!
• This problem is not unique to risk analysis> same problem with traditional practice,
• How does one assure quality of engineering judgement?
14-02-2006 21
Dangers of judgements of probability
• Sound judgement: a vital part of good engineering> safety assessment is arguably not engineering because
nothing is being “engineered”> safety assessment is arguably “engineering science”
• “engineering science”:- the development of reliable knowledge concerning matters of engineering.
» safety assessment involves inferences from incomplete and uncertain data:- the domain of scientific inference
• Judging probability is notoriously difficult> rigorous qualification of experts and adherence to the rules
of scientific inference is the only safeguard against inadequate judgements
• deterministic or probabilistic
freq
uenc
y (/y
r)
1.e-9
1.e-5
1.e-3
1.e-2
1.e-6
1.e-7
1.e-8
1.e-4
1 10 100 10000.1Consequences
Risks that onecannot afford totake too often
Risks that onecannot afford to
take at all
Limit oftolerability
Riskprofile
Going straight to the point: –safety assessment in terms of “risk”
The integrated form of the policy and analytical considerations
14-02-2006 23
PAR AND LOSS OF LIFE
SUMMERSPRING
FALLWINTERPAR (Spring/
Summer
PAR (Fall)
PAR (Winter)
NEAR DAMLOCATION
ENTIRE INUNDATED AREA
DISTANT LOCATION
PAR AND LOSS OF LIFE
Probability of Failure Consequences of Failure
(PAR) = Population at Risk
UNACCEPTABLEREGION
TOLERABLEREGION
Tolerable risk toan "Individual"
Safety Management ObjectiveRisks are "Tolerable"Risks have been reduced AsLow As ReasonablyPracticable "ALARP"Risks are being effectivelycontrolledActions are "Precautionary" inproportion to: "Uncertainty"and "Consequences ofFailure"
Unacceptable riskto an "Individual"
Risks to Individuals
F-N
1.0000E-09
1.0000E-08
1.0000E-07
1.0000E-06
1.0000E-05
1.0000E-04
1.0000E-03
1.0000E-02
1 10 100 1000
N
F>=N
Societal Risk
14-02-2006 24
“Established” criteria
F-N
1.0000E-09
1.0000E-08
1.0000E-07
1.0000E-06
1.0000E-05
1.0000E-04
1.0000E-03
1.0000E-02
1 10 100 1000
N
F>=N
Netherlands intolerability line
Hong Kong intolerability line
UK local intolerability line
UK negligible line - major hazards of transport
Hong Kong negligible line
Det
aile
dan
alys
is -
UK
Proposed limit of tolerabilityfor loss of life above bank full
Extrapolation of R2P2intolerability point
Damage
freq
uenc
y (/y
r)
1.e-9
1.e-5
1.e-3
1.e-2
1.e-6
1.e-7
1.e-8
1.e-4
1 10 100 10000.1Consequences
Risks that onecannot afford totake too often
Risks that onecannot afford to
take at all
Limit oftolerability
Riskprofile
Two examples
14-02-2006 26
Ruskin Dam
58 m high
130 m long
14-02-2006 27
Tolerability of Risk Framework
SIMPLIFIED MATRIX APPROACH
1.0E-09
1.0E-08
1.0E-07
1.0E-06
1.0E-05
1.0E-04
1.0E-03
1.0E-02
1 10 100 1000
N
f
Extrapolation of R2P2 intolerability point
UK Broadly Acceptable
FERC (West USA)
USBR (broadly acceptable)
Dam crest (now)
Dam crest (fix)Dam body (now)
Dam body (fix)
Recreational Risk
CDA Guidelines
14-02-2006 28
Hugh Keenleyside Dam
14-02-2006 29
Detailed quantitative risk analysis
10.0 M DisplacementDispl. Exaggeration : 2.0
Reservoir Level : 440.0 ; (sr)2 = 500. psf ; γlim = 15. %
3PGA
2WATERLEVEL
4MAG.
5DYN. RESP.
AND LIQ.
6sr
8CREST
SLUMPING
9RAPID
RELEASE
440 m
435 m
430 m
0.50 G
0.42 G
0.34 G
0.26 G
0.18 G
0.10 G
M 7.5
M 7.0
M 6.5
M 6.0
M 5.5
M 5.0
P=0.85
P=0.50
P=0.15
CRRFOR
900
700
500
330
205
(psf)
15%
30%
45%
0 to 1/8
1/8 to 1/2
1/2 to 1.5
1.5 to 3.0
3.0 to 5.0
> 5.0
No RapidRelease
7γlim
(N1)60=6
(N1)60=8
(N1)60=10
1N -
VALUE
RapidRelease
14-02-2006 30
Probabilities of earth dam failure M=6.5, all PGA’s
Bounded Estimate of Probability of Failure (M = 6.5)
0.000.20
0.400.60
0.801.00
.10g .18g .26g .34g .42g .50g
PGA
Pf
14-02-2006 31
Loss of life scenarios
SIMPLIFIED MATRIX APPROACH
1.0000E-09
1.0000E-08
1.0000E-07
1.0000E-06
1.0000E-05
1.0000E-04
1.0000E-03
1.0000E-02
1 10 100 1000
N
f
Extrapolation of R2P2 intolerability point
UK Broadly Acceptable
UK Tolerable Det
aile
dan
alys
is
Minimum (FERC) forwest US damsCanadian Dam Safety Guidelines
Keenleyside Earthfill Dam
Concrete dam
Acceptable “traditional practice”
Unacceptable “traditional practice”
14-02-2006 32
Some comments on “ALARP”• It is not sufficient for the estimated probability of
failure meet one or several numerical Risk Tolerability criteria> Nor is it sufficient to meet numerical risk tolerability criteria
and some Cost:Benefit criterion• These considerations are only the starting point.
• The remainder of the ALARP demonstration involves explaining:> what level of safety is physically achievable i.e. what is
practicable> why the safest of the physically achievable options was not
selected• why other options that provide more safety than the option that
was selected were not chosen> justifying the selection to the regulator and the affected public
• Demonstrating reasonableness – a “societal value” judgement, not an “engineering judgement”
14-02-2006 33
Some conclusions
• Dam safety assessment is not an “exact science”> Dam safety assessment can be a “rigorous science”
• if dam owners, dam safety regulators and the engineering profession want it to be!
– Given the consequences of dam failure, why is rigorous engineering science not a requirement of dam safety assessment?
» why are dam owners and regulators not demanding it?
• Risk analysis provides the framework for scientific rigour and transparency in dam safety assessment> risk assessment provides a means of compensating for the
weaknesses in traditional practice• why not use it?
14-02-2006 34
ReferencesRisk and Uncertainty in Dam Safety
By D.N.D. Hartford and G.B. Baecher on behalf of:
BC Hydro, Bureau of Reclamation, Corps of Engineers, Hydro Quebec, Manitoba Hydro, Ontario Power Generation, Scottish & Southern Energy and Vattenfall
Published by Thomas Telford, available through ASCE
ICOLD Bulletin 130: Risk Assessment in Dam Safety Management ,