Infrastructure security: a critical issue
Moody’s RMS’ Gordon Woo examines the vital issue of infrastructure security at a time of geopolitical instability.
The devastating breach of the Soviet-era Nova Kakhovka dam on the Dnipro River in southern Ukraine in the early hours of 6 June will leave a cascade of human, economic and environmental losses for many months, and even years.
The long-term damage to prime agricultural land will also have major international repercussions on the world’s grain markets.
Dam breaches are rare, but near-misses are far more common. Since 1950, there have been around 200 earthquake deaths in California. However, this death toll might have been enormously inflated if the Lower San Fernando Dam had been overtopped on 6 February 1971.
The dam was badly damaged by the M6.7 San Fernando earthquake, and if the water had been at its maximum height – as it had been the previous year – the valley might have been flooded, with massive downstream casualty and property losses.
A combination of heavy rain and strong seismic ground motion might have triggered an extreme engineering disaster and a cascade of losses, while aftershocks might also have caused further significant damage.
Toddbrook Reservoir dam failure
On 1 August 2019, the Toddbrook Reservoir, located just upstream of the town of Whaley Bridge in the High Peak area of Derbyshire, central England, provided a European example of heavy rainfall creating a dam failure crisis.
The almost 80-foot-tall (24.3 metres) Toddbrook Reservoir dam embankment was constructed between 1837 and 1840, and at the time of construction, it was the tallest dam in the UK.
It was originally constructed with a single spillway at the left abutment of the dam. A concrete auxiliary spillway was completed in 1970 on the central portion of the downstream face of the embankment.
This auxiliary spillway suffered a serious incident after almost a week of intense rainfall in late July 2019, with the incident occurring during two separate storm events, the second of which was more severe, and had an estimated annual exceedance probability of 1 percent.
As the reservoir peaked during the evening of 31 July 2019, distress in the auxiliary spillway chute panels was observed starting the next morning, and according to the local Derbyshire Police chief constable, the structural integrity of the dam wall was at a critical level and there was a substantial risk to life should the dam wall fail.
Counterfactually, the dam might have failed if the heavy rain had persisted.
An independent review determined that the most likely cause of the failure of the auxiliary spillway at Toddbrook Reservoir was its poor design, exacerbated by intermittent maintenance over the years which would have caused the spillway to deteriorate.
Swiss cheese model
The ‘Swiss cheese model’ represents a well-known approach to analysing accident causation, with human defence systems likened to multiple slices of Swiss cheese.
Each slice of cheese is randomly stacked together side-by-side with randomly sized holes in each slice.
For the risk of a threat to become a reality, it would need to penetrate all the slices of cheese that act as the differing mitigating defence layers.
The principle is that multiple lapses and weaknesses in one defence do not allow a risk to materialise.
If a risk gets through one hole in the cheese, it would not get through another hole as the other slices of cheese in the stack would prevent the failure.
As a broad concept, it has validity, but only if the defences are appropriately designed for the risk.
For a dam, the defence systems may be effective when the dam was constructed many years ago, but as hazard levels have increased, such as with climate change leading to more severe periods of rainfall, the defences may be insufficient. Worse still, the existing defence systems may be poorly maintained, so they are not effective for their original purpose.
And there is a natural tendency for systems to move towards failure: continual human effort is needed to maintain order and prevent failure, especially throughout the life of a structure like the Toddbrook dam, which is more than 180 years old.
The combination of a major geohazard event with human risk factors can cause a system state to transition through a tipping point boundary into a domain of multi-risk cascade losses that may not be modelled (see figure below).
This transition can be explored through consideration of downward counterfactuals: alternative realisations of the past, where things turned for the worse.
One of the consequences of climate change is increased geohazard severity, which can be compounded by human factors to make a transition to the multi-risk domain of cascade losses more likely.
Human factors include human error, negligence – and also malevolent action. There have been a number of terrorist plots that have targeted dams, for example Folsom Dam in northern California, and other critical infrastructure.
Nato intelligence indicates a significant risk that Russia could target critical infrastructure in Europe or North America, including gas pipelines and internet cables, as part of its confrontation with the West over Ukraine.
Russia has also been actively mapping the infrastructure of Ukraine’s allies both on land and on the seabed. According to Admiral Lord West, former head of the Royal Navy, Russia may have already put sleeper explosives on critical infrastructure in the UK sector of the North Sea.
On 4 May 2023, Nato secretary general Jens Stoltenberg met with industry leaders in energy and communications infrastructure to discuss Nato’s role in contributing to the security of critical undersea infrastructure and cooperation with industry.
In these times of geopolitical instability, infrastructure security is a vital issue not only for corporations but also for their insurers.