Here’s a simple truth: It’s better to bend than to break, and it’s best to be prepared for the worst. This age-old wisdom is going by a new name in slide-rule circles: “Resilience engineering” starts with the insight that it’s smart to design and maintain systems so they have some give. That means building technologies that offer extra capacity to handle sudden loads, plenty of warning when normal operations are beginning to break down, backup systems in case things do go wrong, diverse digital architectures so that a single bug doesn’t produce widespread failure, and decentralization so that when (not “if”) communication breaks down things don’t grind to a halt.
Resilience engineering as an academic idea was born in response to the 2003 space shuttle Columbia disaster. The spacecraft disintegrated on re-entry because thermal panels had been damaged by a piece of foam that broke off during the launch. But investigators identified a larger issue: NASA had responded to budget cuts in the 1990s by adopting a “faster, better, cheaper” approach, launching more missions with fewer resources. Safety margins gradually narrowed, information sharing withered and overconfidence ballooned without anyone really noticing. The organization had become brittle and prone to disaster.
When a system looks solid year after year, it’s easy to become complacent, like the generals behind France’s old Maginot Line–which, after all, was pretty good at keeping the Germans out, though useless once they found another way in. It’s just a short step from complacency to pure arrogance: Why worry about lifeboats when the Titanic is unsinkable? Resilience is about having enough lifeboats anyway.
NASA’s not the only institution where financial pressures can lead to brittle operations. When you squeeze the slack out to cut costs, you’re left with systems that have no real margin for error. Modern, “just-in-time” manufacturing methods allow factories to save money by eliminating stockpiles of parts and materials–but if transportation is interrupted, those superefficient assembly lines shut down in a hurry. This doesn’t mean that just-in-time delivery should go away, but the people in charge had better have a backup plan: early-warning systems and a plan to temporarily switch manufacturing sites, perhaps, or a short-term supply of parts always kept in reserve in case of emergencies.
Often, technologies become so tightly coupled that when one piece goes down, it produces a cascade of failures. In his 1988 book, The Collapse of Complex Societies, anthropologist Joseph Tainter suggested that it was increasing complexity that really toppled the Mayan and Roman empires. The northeastern blackout of 2003 didn’t bring about the end of our civilization–but it was serious. The problem started when a single power line brushed against some overgrown trees, then quickly spread to affect 50 million people. One proposal for adding resilience to the electrical grid is called “distributed energy,” with homes, businesses and municipalities producing at least a portion of their own electricity.
Resilience engineering is a specialized field, but it simply takes some common sense to apply its principles to the ordinary world. For instance, when the power goes out, traffic signals go down. This causes accidents and traffic jams–often exacerbated by people who decide to leave work or home in favor of finding someplace where there might be lights and a/c. During the 2003 blackout, New York City streets were gridlocked by traffic-signal failure, causing some to abandon their cars and walk, which, of course, made the congestion even worse.
Happily, there’s a simple solution to that one: Battery backups for traffic signals. The batteries may only last a few hours, but that’s a huge improvement. Most blackouts are over by then, and even if the backup power does run out, there’s enough time for traffic to disperse and police officers to arrive. The system fails gracefully rather than catastrophically. California’s Sacramento County, New York City and many smaller communities have started installing battery backups. And when New York experienced outages in 2006, many traffic lights continued working.
Backup power for cellphone systems can be equally important, but here things aren’t going as well. After studying the aftermath of Hurricane Katrina, the Federal Communications Commission ordered mobile providers to install backup power for all cell towers, but the industry resisted and the requirement was dropped. This means that cellphones, which many rely on in emergencies, aren’t as reliable in a crisis as they should be.
The Public Option
When it comes to large-scale emergencies, the country has a hidden weapon–and we can do more with this resource. I’m talking about a populace filled with self-reliant, community-minded individuals. During a major crisis, on the order of Katrina or a serious California earthquake, relief services can be overwhelmed. When individuals are prepared to look after themselves for a while, with food, water and medicine on hand, and alternative sources of heat or power, it makes a big difference. The government can’t take care of everybody at once. If disaster-relief staffs don’t have to worry about you, they can take care of others–which means that being self-reliant can actually help your community.
Often, government officials worry about the public panicking in a widespread disaster. But they have that backwards. In studies of more than 500 emergencies, the University of Delaware’s Disaster Research Center found that panic rarely occurred. In fact, people consistently jump in to help themselves and their neighbors. Research by scholars like Kathleen Tierney, who directs the Natural Hazards Center at the University of Colorado at Boulder, shows that the true first responders are often the people on the scene when a disaster strikes. They save lives by administering first aid, getting people out of hazardous areas and spreading warnings. Volunteers improvised the water-based evacuation of lower Manhattan on Sept. 11, called an American Dunkirk by some, that moved masses of people out of the danger zone.
A self-reliant attitude is good, but skills help mightily, too. Citizen training is available through the Red Cross, Community Emergency Response Teams and Neighborhood Emergency Response Teams. One underappreciated resource is the amateur radio community. Acquire a ham radio license (American Radio Relay League) and you can become a major resource if a disaster strikes. It’s fun, too.
In the meantime, architects, engineers, regulators and government officials should take heed, and think about creating systems that don’t leave us hanging when things go wrong. Because, inevitably, they will.