Transcript Boutellier_280604_ISEP_Neuhausen_2

Catastrophes happen in a climate of
growing confidence
Verification
Innovation
Suspension bridge
Innovation
New type of bridge
Climate of confidence
Many suspension bridges
New design rules
laws, regulations
Extrapolation
Longer suspension bridges
Smaller safety factors
Falsification
Break-down
Crash
SIG Holding
R. Boutellier, CEO
2684e
Every employee an entrepreneur?
Not for high risk operations
Food
Cow
Slaughterhouse
Old:
Separation through
acids and bases
(ecology!)
Improvement: Heating up to 80° C
BSE germs survive
Meat
Fat
BSE germs!
Proteins
Sometimes innovation has to be centralized
SIG Holding
R. Boutellier, CEO
2686e
Sleep deprivation:
Source of many human errors?
The 24 hour society
 1989
Exxon Valdez
Third mate in charge, sleep deprived
 1986
Space Shuttle
Nasa managers: No sleep night before
 1986
Chernobyl
Night, tired operators
 1979
Three Mile Island
Night, tired operators
 90ies
US vehicle accidents
Over half of drivers: Fatigue
The Economist, December 21st, 2002, p 111
SIG Holding
R. Boutellier, CEO
3214e
Reaction of the public: Human error
Catastrophe
Human error
Systematic error
Everybody understands
Difficult to explain
Replace human
Difficult to repair
New errors?
Back to normal
SIG Holding
R. Boutellier, CEO
3416e
Increasing complexity in cars leads to
recall-actions
GM
Quad 4 engine
Recalled 4 times
(1987-1993)
Chrysler
Neon
Recalled 3 times
1994
Honda
Accord, Prelude
Recalled 1.8 Mio. cars
1993
Mercedes
A-Class
Moose-test,
estimated cost 100 Mio. DM
1997
USA
All manufacturers
Recalled 11 Mn cars in USA 1993
Press: If everyone would just be
a little more careful, ...
In: R. Pool, Beyond Engineering, Oxford, 1997
SIG Holding
R. Boutellier, CEO
2688e
Software: Fault-prone, even with backups
(complexity added!)
1990
AT&T software bug cripples long-distance system for 9 hours
(50 Mio. long-distance calls missed)
114
Switching Centers:
Main Computer
+ Backup Computer
+ Signaling System 7 (10 Mio. lines of code!)
Risk-Strategy:
Fault tolerance
(Backup-systems step in)
January 15, 2:25 p.m.,
minor mechanical problem in New York
Backup system: Takes center out
Fault fixed within 6 seconds
System starts to reboot, itself, ...
In: R. Pool, Beyond Engineering, Oxford 1997, p 135f
SIG Holding
R. Boutellier, CEO
2694e
Gene-technology: New challenges
Risk management in R+D
„Small“ experiments
But gene-tech produces
new creatures which can
reproduce at high speed
Contergan catastrophe
SIG Holding
• Honesty
• Good Lab Practice
• Good manufacturing practice
• Good ???
R. Boutellier, CEO
2689e
Scaling up in Biotech is very difficult
“Scientifically, we began at square one by taking
microorganism out of the lab scale and putting them into
much larger stainless steel tanks. . . . . The first time
we did it, they all dropped dead - they didn’t like it.”
Robert Swanson, Cofounder of Genentech
Pisano, The development factory, HBS, 1997, p. 139
SIG Holding
R. Boutellier, CEO
1071e
The wild type argument gives some
protection in gene-tech
The wild type:
Best suited for today's environment
(selected over millions of years)
The artificial type: Only suited for (artificial) niches
(Survives e.g. pesticides)
But: Nature has not tried everything
„There will be „catastrophes““
(Nobel laureata W. Arber, CH)
SIG Holding
R. Boutellier, CEO
2690e
Perrow’s Dilemma:
Risk cannot be overcome by technology
Complexity
Tight Coupling
• non linearities
• many components
Systematic High Risk
Backups
More complexity
More risk
Ch. Perrow: Normal accidents, Basic Books, 1984, chapter 3
SIG Holding
R. Boutellier, CEO
2692e
Reduce coupling and tight interactions
Tight
Nuclear
Power
Dams
Railways
Space
Mission
Coupling
Military
Loose
Traditional
manufacturing
"The dread"
 lack of control
 high fatalities and

catastrophic potential
 inequitable distribution of

risks and benefits
 increasing risk
Universities
Linear
 no technical fixes
Complex
Interactions
Ch. Perrow: Normal accidents, Basic Books, 1984, p 327
SIG Holding
R. Boutellier, CEO
2693e
Failure Mode and Effect Analysis
1. Select team
 Experts
 Users
 Affected
2. Determine
Failure modes
Risk Management
3. Estimate
 Effect
 Probability of occurrence
 Surprise
4. Prioritize
E x P x S  10 x 10 x 10 = 1000
5. Act
6. Control effects of actions
SIG Holding
Risk Assessment
R. Boutellier, CEO
3851e
High reliability organizations: Double loop
learning
 Every failure can be deadly
 One team does the work
 A second smaller team watches
the first and serves as backup in
case of emergency
 The two teams discuss
improvements
SIG Holding
R. Boutellier, CEO
2695e
Learn from incidents to avoid accidents
 Talk
 Report
 Make a story
and use it in training
SIG Holding
R. Boutellier, CEO
3852e
Publish or perish
Bayer‘s shares fell heavily after reports emerged that the German
drug and chemicals firm‘s management knew of problems with
Baycol, an anti-cholesterol treatment, some time before the product
was recalled. Bayer faces several thousand lawsuits from people
who had taken the drug.
The Economist, February 22-28, 2003
SIG Holding
R. Boutellier, CEO
3320e
Shannon: Signal to noise makes
communication!
Search for risk
at smallest possible level
+
Improved detection technology
+
Even small doses are dangerous
+
Press calls it deadly

Hunt for small traces

Warning labels that are no warning labels
SIG Holding
R. Boutellier, CEO
3853e
The deep pocket issue:
Somebody has to pay
“… the assignment of blame to people
whose principle sins are to have been
in the chain of events that led to the damage
and to have money to pay …”
H.W. Lewis, Technical Risks, Norton, 1911, p 101
SIG Holding
R. Boutellier, CEO
3141e
Nestlé policy: USA immediately public,
Europe case by case, quiet
USA
Smallest hint
Recall all batches
Inform FDA
Go public
Stop products for
several weeks
Europe
If clear hints
Recall „direct“ batches
Keep it „silent“
Remove error
Go on with production
SIG Holding
R. Boutellier, CEO
3417e
Terrorists: Threat No 1, September 11th, 2001
SIG Holding
R. Boutellier, CEO
2268e
Proliferation: Since many years biggest
concern of NATO
Main priorities:
1) Defusing proliferation incentives
2) Enforcing international sanctions
3) Offensive military actions
4) Ballistic missile defense
From Ruhle et al., Comparative Strategy, vol 13, 3 / 1994, p 313 - 320
SIG Holding
R. Boutellier, CEO
2701e
Nuclear program Iraq: 1991
2 – 4 years from the bomb
Start
Lead
Costs
Employees
Method
1981
Defense ministry
~10 billion $
~12 000
1. Chemical (France does not sell)
2. Civil reactors (destroyed by Israel, Osirak)
3. Gas centrifuges (not possible, sanctions)
4. Isotopes (very time consuming)
Nonproliferation actions successful!
SIG Holding
R. Boutellier, CEO
2703e
Third party delivery: Example during Iran
– Iraq war
EU country
Special optics machinery
Intermediary
Singapore
Singapore
Iran
End user Iran
Training of personnel in Singapore
But:
End user certificate:
Maintenance:
Costs:
Technology transfer:
SIG Holding
Difficult
Direct contacts?
Too high!
2 steps need time
R. Boutellier, CEO
2704e
Technology drives and intimidates
„ We are energized by the great power of
technological impact on us.
We are intimidated by the magnitude of problems
it creates or alerts us to. “
H.A. Simon, the Science of the Artificial, 3rd ed, 1996, p 139
SIG Holding
R. Boutellier, CEO
1073e
Technology for good and bad is available
for everybody
SIG Holding
R. Boutellier, CEO
3854e