System failure

System failure: Avoiding the unthinkable 

A conversation between James Stewart, Chairman of KPMG’s Global Infrastructure Practice and former Chief Executive of Infrastructure UK, and Professor Jim Hall, Professor of Climate and Environmental Risk and a Director of the Environmental Change Institute at the University of Oxford.

James Stewart (JS): We’ve been spending some time with our clients – particularly government and infrastructure planners – helping them develop a ‘systems’ view of infrastructure. Essentially, we’re trying to help the sector understand the interdependence of infrastructure and how, by taking a more holistic view, these assets can really be designed to drive growth, support productivity and enhance quality of life for their citizens.

You’ve been doing quite a bit of research into some of the risks that are involved in taking a systems view; what are some of your big concerns?

Jim Hall (JH): First, let me say that I absolutely agree that governments and infrastructure planners need to take a systems view of their investments and assets. Developing and managing infrastructure as a system certainly has significant advantages.

The problem is that – over the past decade or so – we’ve been so focused on creating efficiencies and integrating assets that we are now looking at systems that have unknown vulnerabilities. I simply don’t think that we’ve put enough thought into understanding where these vulnerabilities may be, particularly in relation to their interdependencies.

JS: We’ve certainly seen some terrifying examples of how devastating a system failure could be on an economy and a population. If you think about the blackout that hit the Northeast US and Canada in 2003, you can quickly see how failure in one infrastructure asset can easily cascade into failures across the system.

JH: Yes, and I would argue that the interdependencies that we have embedded into our systems today have created much greater vulnerabilities than ever before. One simple reason comes down to cost and the drive for more efficient infrastructure. The problem is that as owners and operators focus on trying to get as much out of their system as they can with the minimum of inputs, they start to erode away the margins for failure.

The other big reason that we are more vulnerable today comes down to the prolific embedding of information and communications technology for monitoring and control purposes. On balance, that’s a good thing because it increases efficiency and makes the system much smarter. But it also opens the system up to new risks stemming from technology failure. Not just hackers getting into the system – which I would argue is no different from any other industry sector’s concerns – but also how a failure or unexpected event in one area might impact the technology running another, even more critical system.

JS: I think one of the big challenges that our clients are struggling with as they strive towards taking a more system-focused view of infrastructure is one of ownership and responsibility. What we’ve seen is that there is a historical mismatch of incentives. We often see situations where opportunities could have been taken to make a system or asset more resilient, but it gets left out of the final design for cost reasons. In ten years’ time, however, when that asset fails, it’s usually
a different government and a different owner that is left to clean up the mess.

JH: Right. I think the question is how do we properly align incentives within what is now a market-based arrangement so that people who can do something about the risks in the system are actually incentivized to do so. And I think the big problem is that we have a number of market failures that are stopping this from happening.

One is that these are often low probability events that may not happen for a long time and I don’t think that people properly evaluate those low probability risks, even when the consequences can be very serious. I think the second market failure is that it’s often society in general that suffers the most severe consequences and governments are left to take the lead in emergency response and reconstruction – rather than the designers and developers – so there is a lack of incentive there. There’s also the issue of short-termism – whether due to political cycles or project cycles – that creates perverse market incentives to not invest for the future.

I talk to a lot of businesses – utilities, insurers, infrastructure operators – and what I’ve found is that while they have paid careful attention to the vulnerabilities within the systems for which they are responsible, they get quite nervous when you start to ask about their interdependencies with the systems they rely on.

JS: I get the impression that decision makers don’t always understand the cost vs benefit ratio of investing in greater resilience at a system level. They are fairly clear on why they don’t want a bridge to collapse or a power plant to fail, but they are less clear about the costs and the risks of systemic failure.

In a time when governments are dealing with constrained capital budgets and where the first question is always ‘how much is this going to cost?’, it’s going to become increasingly difficult to get investors – government or otherwise – to pay for mitigating systemic risk.

JH: I think you are right. We need to be able to properly value the risks and incorporate that understanding of risk into decision making. That’s the only way we are going to be able to make the economic and business case for investing in resilience. We need to be able to say what the right level of action would be in proportion to the risks and then put the appropriate investment towards it. That’s not something we’ve been terribly good at in the past.

Where I think we need to start really focusing is on uncovering some of those ‘soft’ vulnerabilities in the system. For example, some regulatory arrangements tend to be more sector-specific and are often not ideal for dealing with cross-sectoral interdependencies which can create complexity when you start to take a system view. But there are lots of other soft vulnerabilities like today’s complex ownership models, shifting regulation and even the set of human interactions that underpin these systems.

We really need to understand how the rapidly shifting market environment is creating vulnerabilities within our infrastructure systems and then see how they can be adapted to improve resilience.

JS: You included human interactions in that list. On the one hand, you could argue that human error is reduced through IT and automation, but on the other hand things can quickly go awry if there is nobody at the switch. Is the drive for efficiency and automation eliminating that human element?

JH: Certainly a lot of the source of this interdependence within systems is around people. But a lot of the resilience is around people as well; having people who understand the systems, being able to make experienced choices when things go wrong, as you say – monitoring the systems to react if there are ‘unexpected’ failures. If you take too many people out of the system then you are going to increase your vulnerability to critical failures.

JS: Do you see any countries or regions that are really doing well at understanding those system risks and acting accordingly?

JH: Interestingly, it’s those countries that have a longer-term national view of infrastructure that seem to really have a handle on this. France, Switzerland, Germany, the Netherlands – all of these countries have a tradition of thinking longer-term when it comes to infrastructure and that has given them an almost intrinsic ability to understand these issues.

Other markets have also been forced to think more holistically about the system risks of interdependent infrastructure. The US went through a series of exercises to understand the risk as part of their homeland security initiative. New Zealand has also been doing some serious rethinking since Christchurch was hit by the earthquake last year.

That said, I think there are lots of great examples right around the world that could act as a model for other governments and infrastructure planners.

JS: Do you think we’re on course for a system failure any time soon?

JH: There are system failures every day in some emerging markets. And while that may not be a problem for those readers sitting in the developed world today, it is when you take a global view of infrastructure. Power outages in India impact supply chains which stop raw materials from getting to power plants in developed markets which causes a ripple effect down the chain. Clearly, the interdependencies flow much deeper than we think.

By James Stewart, KPMG in the UK


Share this

Share this

Sign up now

Receive email alerts when new content is available

Tell us what you think

INSIGHT: Resilience

INSIGHT: Resilience
This edition of Insight explores some of the world’s most impactful stories of resilience.

Inside INSIGHT: Resilience

  • Subscribe to related feeds