Next Article in Journal
A New Technique for Generating Distributions Based on a Combination of Two Techniques: Alpha Power Transformation and Exponentiated T-X Distributions Family
Next Article in Special Issue
Asymmetry of Authority or Information Underlying Insufficient Communication Associated with a Risk of Crashes or Incidents in Passenger Railway Transportation
Previous Article in Journal
A Prediction Method with Altering Equivalent Stiffness for Damping Evaluation of Shrouded Bladed Disk Dynamic Systems
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

On the Root Causes of the Fukushima Daiichi Disaster from the Perspective of High Complexity and Tight Coupling in Large-Scale Systems

1
Department of Intelligent Mechanical Systems, Graduate School of Natural Science and Technology, Okayama University, Okayama 700-8530, Japan
2
Department of Industrial Engineering and Management Systems, University of Central Florida, Orlando, FL 32816-2993, USA
*
Author to whom correspondence should be addressed.
Submission received: 5 February 2021 / Revised: 24 February 2021 / Accepted: 26 February 2021 / Published: 4 March 2021
(This article belongs to the Special Issue Complex Systems and Its Applications)

Abstract

:
This study explores the root causes of the Fukushima Daiichi disaster and discusses how the complexity and tight coupling in large-scale systems should be reduced under emergencies such as station blackout (SBO) to prevent future disasters. First, on the basis of a summary of the published literature on the Fukushima Daiichi disaster, we found that the direct causes (i.e., malfunctions and problems) included overlooking the loss of coolant and the nuclear reactor’s failure to cool down. Second, we verified that two characteristics proposed in “normal accident” theory—high complexity and tight coupling—underlay each of the direct causes. These two characteristics were found to have made emergency management more challenging. We discuss how such disasters in large-scale systems with high complexity and tight coupling could be prevented through an organizational and managerial approach that can remove asymmetry of authority and information and foster a climate of openly discussing critical safety issues in nuclear power plants.

1. Introduction

The Fukushima Daiichi disaster provides an opportunity to consider how risky the industrial world around us actually is. A risk of design failure is always present in man–machine systems, components, or procedures [1,2,3]. Failures occur unexpectedly when interactions between humans (organizations) and the environment (situation) cannot be managed effectively. Because of the inevitability of these unexpected failures and events within the framework of normal accidents [1], governments, regulators, or the safety management divisions in companies are responsible for regulating systems with high-damage risk and making every effort to decrease risk in these systems and to avoid disasters.
Although a working group of the Nuclear Safety Commission (NSC), Japan indicated in 1993 that station blackouts (SBOs) must be considered, the NSC continued to exclude the risk of SBOs [4,5]. Organizational optimism in excluding emergencies such as SBOs made the Tokyo Electric Power Company (TEPCO) defenseless against SBO, thus leading to a serious disaster. Such optimism in thinking that SBOs would not occur must have arisen from insufficient consideration of the risks embedded in a large-scale system characterized by high complexity and tight coupling [1,2,6] among system parts or components.
According to Perrow [1], nuclear power plants are characterized by both high complexity and tight coupling. In these systems, unexpected interactions among failures cause cascades of failures and induce a state with little slack (time and flexibility) in managing emergencies. Therefore, predicting such interactions in advance is generally difficult. Perrow [7,8,9], referring to the concept of normal accidents [1], stated the difficulty in eliminating the possibility of catastrophic industrial disasters such as the Fukushima Daiichi disaster, even if strict regulations, close attention to warnings, and careful disaster response plans are executed. Although Perrow [1] emphasizes the inevitability of disasters, Turner and Pidgeon [10] stress the importance of organizational, managerial, and communication factors in handling disasters that occur in complex and tightly coupled systems; such disasters can be foreseen and minimized if organizational and managerial approaches are executed deliberately. Pidgeon [11,12] also maintains that these disasters can be avoided by developing high-reliability organizations. Although it is difficult to assess which of these viewpoints is plausible, it is worth exploring the root causes of the Fukushima Daiichi disaster from the perspective of high complexity and tight coupling in a large-scale system and to discuss whether organizations can prevent other disasters stemming from high complexity and tight coupling embedded in large-scale systems such as nuclear power plants.
The National Research Council [13] identified the direct causes of the Fukushima Daiichi disaster as the failure of TEPCO and the principal regulator to manage the loss of all onsite AC and DC power. The National Research Council [14] has stated the importance of an independent and redundant power source and emergency training. However, the root cause underlying these direct causes has not been explored from the perspective of high complexity and tight coupling in the system.
This study aimed to examine the Fukushima Daiichi disaster from the perspective of high complexity and tight coupling in a large-scale system as proposed for normal accidents [1,2], and to obtain insights into potential countermeasures for preventing similar disasters. Based on the review of the published literature on the Fukushima Daiichi disaster, we extracted the direct causes of this accident (i.e., malfunctions and problems). Next, we examined whether the two characteristics of high system complexity and tight coupling were present in the direct causes of this disaster. We further investigated why TEPCO and the regulators failed to recognize and prepare for such a scenario from the viewpoint of the asymmetry of authority, which hinders open discussion within an organization or among organizations. On the basis of this exploration, we discuss how disasters in complex and tightly coupled systems can be managed and prevented from organizational and managerial viewpoints.

2. Identification of High Complexity and Tight Coupling in the Direct Causes of the Fukushima Daiichi Disaster

2.1. Definitions of High Complexity and Tight Coupling

The concept of normal accidents [1,2,6] is characterized by complexity and tight coupling. High complexity induces invisibility or opaqueness, unpredictable interactions among components, and vulnerability to human errors. Tight coupling of components decreases slack (less time and flexibility) and forgiveness (an inability to cancel failures). Tight coupling also induces a cascade of failures and amplifies their consequences. Even seemingly unrelated components can be indirectly connected in large-scale systems, although these connections may not be readily recognized.
After a failure, determining and directly examining what is occurring in complex systems is difficult. Sources of failure can remain in complex systems even in the presence of rigid and reasonable regulations that are faithfully followed to enhance safety. If systems have tight coupling, they are vulnerable to small failures cascading through them. The interactions among multiple failures in complex and tightly coupled systems can certainly trigger disasters that might not be anticipated by designers, operators, or engineers. Within the framework of normal accidents, accidents are not considered as abnormal occurrences but as fundamental features of large-scale systems. The term “normal” is used because the characteristics of a variety of failures are inevitably and inherently incorporated in large-scale systems. Therefore, accidents are inevitable in large-scale systems with high complexity and tight coupling, major threats can easily be ignored, and mistakes that spiral out of control can be made.
As complexity increases, the system becomes more likely to encounter failures due to unpredictable interactions among system components, and the problems become invisible, thus making direct monitoring difficult. In complex systems, it is difficult to know whether predictions about a system’s behavior are correct because of the unpredictable and invisible interactions among components of the system. Moreover, when a system has tight coupling, there is no slack (margin) to allow for failures, the consequences of failures are amplified, and a cascade of failures occurs. Thus, undoing or recovering from failures is impossible.

2.2. Direct Causes of the Fukushima Daiichi Disaster

After referring to reports and books [15,16,17] written in Japanese and Murata [18] that investigated why the Fukushima Daiichi disaster occurred, we extracted the following direct causes:
(1)
Overlooking the loss-of-coolant accident at plant 1;
(2)
Failure to cool the nuclear reactor by using a fire engine at plants 1–3;
(3)
Delayed recovery of the DC power source at plants 1–3;
(4)
Delayed vent operation and uncertainty regarding the success or failure of the vent op- eration at plants 1–3;
(5)
Failure to perform decompression via a safety relief (SR) valve at plants 1–3.
The direct cause of the Challenger disaster was a malfunction of the O-rings. Gladwell [19], referring to the concept of normal accidents [1,2,6], stated that fixing a malfunction does not ensure the removal of all risks concerning a space shuttle launch. In general, if the root causes underlying the direct cause are not removed, the system cannot be safe. After identifying the direct causes, further investigation should focus on why such direct causes occurred from multiple perspectives; such an action corresponds to the exploration of root causes. This section discusses the presence of high system complexity (invisibility and unpredictable interactions of components) and tight coupling of components (lower slack and amplification of consequences) underlying the direct causes that increase the probability of catastrophic disasters.

2.3. Identification of High Complexity and Tight Coupling Underlying the Direct Causes

We examined whether high complexity and tight coupling could be observed in the direct causes (1)–(5) described in Section 2.2. The detection of these characteristics in the direct causes would support the plausibility of the conclusion that TEPCO, the regulators, and the government could not have appropriately anticipated and managed the high complexity and the tight coupling underlying the direct causes.
Minor failures—such as a lack of knowledge regarding the isolation condenser (IC), reactor core isolation cooling (RCIC), piping system, vent operation (the SR valve), top of active fuel (TAF) measurements, and backup diesel generator—unexpectedly interacted with other failures, thus hindering recognition of the cascade of small failures that led to the meltdown.
Failures in risk and crisis management generally involve failed regulations, ignored warnings, inappropriate disaster responses, and human errors in decision-making. Despite active attempts to prevent disasters from occurring, complex and tightly coupled large-scale systems result in unpredictable interactions and a cascade of small failures that can lead to serious disasters such as the Fukushima Daiichi disaster.
The fail-close mechanism of the IC valve was too difficult to understand because of its complexity and tight coupling (see Section 2.3.1); workers did not easily understand that the valve of the IC must be closed in SBO to prevent the release of radioactivity from the IC piping system. A similar safety mechanism was also built into the design of the RCIC to prevent the release of radioactivity from the RCIC (see Section 2.3.2). However, this mechanism did not work under SBO. Therefore, a large amount of radioactivity unexpectedly leaked from the RCIC shaft at plant 2. The piping system feeding water into the nuclear reactor was also too complex and tightly coupled for the operators or workers to identify the right path for feeding water into the reactor (see Section 2.3.3).
The detailed identification of high complexity and tight coupling in each of the five direct causes is described below.

2.3.1. Overlooking the Loss-of-Coolant Accident

Because TEPCO did not conduct training regarding the operation of IC and the mechanism of the water gauge for measuring the TAF in emergency conditions (e.g., SBO), it was impossible for the workers to accurately measure the TAF or determine the state of IC [15,16,18]. All staff at plant 1 could not understand what was occurring in the core reactor, which corresponds to invisibility.
The fail-close mechanism was incorporated into the IC to assure safety. This fail-close design induced the unpredictable behavior of the IC under SBO. The fail-close mechanism closes the valve of the IC in case of an SBO so that the release of radioactivity from the IC piping system is suppressed. However, the staff could not understand the unpredictable interaction of the IC with the plant status. Even though the status of a nuclear reactor must be recognized to restore power quickly, the unpredictability made accurate recognition of the reactor status impossible.
Operators, engineers, and workers are required to address emergency states as quickly as possible. However, the situation worsened while the staff struggled to manage the emergency. This corresponds to the cascade of failures stemming from the failure to accurately determine the plant status from the TAF and the status of the IC. This situation corresponds to one with little slack, because reverting to a normal situation is impossible, and time cannot be taken to fix the problem.
The high complexity (invisibility and unpredictability) and tight coupling (little slack and amplification of consequences) described above must have caused the loss-of-coolant accident at plant 1 to be overlooked, and this eventually led to the meltdown.

2.3.2. Failure to Cool the Nuclear Reactor by Feeding Water via a Fire Engine

TEPCO did not have accurate knowledge on the piping systems surrounding the reactor container. They never supposed that a large earthquake could destroy the piping systems and induce serious problems that would make emergency actions, such as vent operation difficult to deal with [16,18]. They did not recognize the different behaviors of the piping systems when the power to the reactor core cooling system was on versus when it was off. The piping system interacted unpredictably with the power state of the reactor core cooling system.
No one was certain about the success or failure of feeding water into the nuclear reactor through the piping systems because the situation was not visible. The path of the feeding water presumed to be correct by TEPCO was unfortunately wrong; this was a result of the invisibility aspect. A large amount of water reached the outside of the reactor via a piping system bypath that no one noticed.
These events were amplified by a failure to correctly predict the path of the feeding water and the invisibility of the problem of feeding water via a fire engine under time pressure. In this emergency, with little slack (time and flexibility) to detect and manage failures, it was impossible to undo the feeding of the water via a fire engine. In this manner, feeding water via a fire engine failed to cool the nuclear reactor.

2.3.3. Delayed Recovery of the DC Power Source

The high complexity and tight coupling were identified as follows. The government decided that the water drainage to the storage pool of spent nuclear fuel should be conducted in the first place, although the recovery of the DC power source should have been done as soon as possible to stably cool the nuclear reactor [16,18]. The appropriateness of this priority was unpredictable under the time pressure of the emergency. The validity for which action should be done first was invisible to TEPCO, the regulators, and the government.
The operators and engineers doubted the appropriateness of such a priority. Unfortunately, water drainage to the storage pool by a helicopter failed. Executing the water drainage on a priority basis delayed the recovery of the DC power source with the highest priority. Consequently, it took an amount of time to recover the DC power source. Therefore, this situation was one with little slack, whereby choosing the wrong priority delayed the recovery of DC power and amplified the damage caused by the disaster.

2.3.4. Delayed Vent Operation

It was impossible for TEPCO to quickly and appropriately execute the vent operation because it never carried out the training of vent operation under SBO to learn how to open and close motor-operated (MO) and air-operated (AO) valves for ventilation. Because TEPCO did not have sufficient knowledge of ventilation and MO and AO valves, and experienced difficulties in preparing for ventilation under high radioactivity, it could not definitively explain to the Japanese government why ventilation was not conducted as quickly as possible [15,16,18]. The states of the MO and AO valves were directly invisible. Moreover, the operators, engineers, and workers were uncertain about the success or failure of the wet well vents at plants 1 and 3, thus worsening the situation. TEPCO also could not directly examine the vent state. These situations correspond to the invisibility common in complex systems.
Radioactivity can be decreased by 99.9% under normal temperature conditions of around 27 degrees Celsius. However, under high temperature conditions, wet well vents can only slightly decrease radioactivity (to levels estimated to be less than 50%). This interaction between vent operation and temperature was unpredictable because TEPCO did not test the radioactivity-filtering vent to verify the effectiveness of filtering under high temperatures; therefore, the vent operation was further delayed, which resulted in the release of much radioactivity into the air.
Plant 2 did not explode as plants 1 and 3 did. However, it is estimated that the nuclear reactor at plant 2 released much radioactivity into the air. Although plant 2 could maintain the function of the RCIC system [15,16,17,18] even under the SBO, it was uncertain how long the RCIC could be operated stably. Consequently, the state of the RCIC was invisible. In plant 2, like plants 1 and 3, all staff could not recognize the success or failure of the vent operation. The state of the vent was also invisible. The destruction of the piping of the reactor container must have led to the failure of the vent operation, which caused the release of radioactivity. To avoid the explosion of the reactor container, TEPCO needed to decompress the container as soon as possible.
It was expected that the safety mechanism incorporated in the RCIC prevented the release of radioactivity from the RCIC. However, no one was aware that this mechanism did not work under SBO. This aspect corresponds to an unpredictable interaction of the RCIC with an emergency situation. Radioactivity leaked unexpectedly from the RCIC shaft, and a large amount of radioactivity was released. This leakage of radioactivity from the RCIC shaft was also unpredictable.
The situation worsened while the staff struggled to manage the emergency under time pressure and without reasonable judgment of the situation. This aspect corresponds to a cascade of failures stemming from a failure to accurately determine the state of the MO and AO valves, RCIC, and vent. This situation also corresponds to one with little slack, because the situation could not be reverted to a normal one, and time could not be taken to fix the problem.

2.3.5. Failure to Perform Decompression via an SR Valve

The damage caused by the tsunami made it impossible to use a high-pressure pumping system. The pressure vessel of a nuclear reactor must be decompressed so that water is fed to the nuclear reactor by a low-pressure pumping system. As the SR valve could not be operated in the emergency, it was impossible to decompress the container [16,18].
The characteristics of high complexity (unpredictable interactions among parts or components and the invisibility of problems) were identified as follows. The SR valve is equipped with relief and safety functions. It is possible to control the relief function from a central control room. When the pressure inside the reactor container reaches 75 Pa, the safety function makes it possible to automatically open the SR valve. When the pressure is less than 75 Pa, the SR valve closes automatically. TEPCO overlooked such a characteristic of the safety function. This corresponds to the unpredictable interaction of the SR valve with the surrounding environment, that is, the pressure inside the reactor container. The emergency made the pressure inside the reactor container invisible.
Although computerized valves are usually opened automatically, operators must open and close them manually in case of an SBO. TEPCO had not assumed an SBO under which the valves could not be opened and closed manually. No one at plants 1–3 learned how to keep the SR valve open to decompress the pressure vessel in an emergency. This interaction of the SR valve system with the surrounding environment was also unpredictable.
Several properties of tight coupling (cascade of failures, or amplification of consequences, and little slack) were identified as follows. The chain of unpredictability and the invisibility of the problem led to amplification of the consequences. There was no time to consider failures of decompression, and the failures could not be undone to allow decompression to be appropriately executed. Eventually, the result was critical failure in decompressing the core reactor via the SR valve.

2.3.6. Summary

The analysis above shows that situations where high complexity and tight coupling are embedded in a system are likely to have a high risk of disaster. High complexity increases opportunities for failures, and tight coupling amplifies the outcomes of failures. While a system with high complexity and tight coupling, such as a nuclear power plant, provides tremendous benefits, it also carries a risk of major disaster. The identified high complexity and tight coupling underlying the direct causes outlined in Section 2.3.1, Section 2.3.2, Section 2.3.3, Section 2.3.4 and Section 2.3.5 are summarized in Table 1.
The causes underlying the direct causes of the Fukushima Daiichi disaster are the invisibility of the states under SBO and the unpredictability of procedures under SBO, while interacting with other events or components of the system. Moreover, one of the causes appears to have been tight coupling, which restricted the time available to fix failures, such as the loss of the DC power source, because of the lack of margin for such failures. Tight coupling also amplified a variety of malfunctions or problems that stemmed from the failure of the DC power source, thus making it difficult to control and rapidly recover from the SBO.

3. How Disasters Should Be Prevented in Large-Scale Systems with High Complexity and Tight Coupling

After identifying the direct causes (1)–(5) described in Section 2, one could conclude that attention to these causes could be useful in preventing other disasters. With the lack of knowledge about the sources of such direct causes and if no countermeasures are taken to remove these causes, the risk of similar disasters can be repeated. The root causes must be identified and analyzed by exploring why these occurred and why the organization failed in preparing for and managing such direct causes (Anderson and Fagerhaug [20]). As discussed in Section 2, it can be concluded that high complexity and tight coupling lead to the direct causes (malfunctions and problems) and to cause major disasters such as the Fukushima Daiichi disaster (Table 1). The observation of high complexity and tight coupling underlying the direct causes of the Fukushima Daiichi disaster demonstrates that the risk of catastrophe is embedded in complex and large-scale systems, such as nuclear power plants. This section further discusses why TEPCO and the regulators failed to manage the high complexity and tight coupling embedded in the nuclear power plant from the viewpoint of the asymmetry of authority which can hinder open discussion within an organization or among organizations.
The difficulties involved in managing emergencies in complex and tightly coupled systems make it vulnerable to organizational and managerial failures in responding to disasters. Instead of benefiting from such systems, we struggle with managing unpredictable interactions among their components and the amplification of failures. We currently have no definite guarantee that serious disasters such as the Fukushima Daiichi disaster will never occur again.
Several studies have attributed the Fukushima Daiichi disaster to organizational failures in forecasting, preparing for, responding to, and mitigating disaster [5,10,11,12,21,22,23]. Safety cannot be ensured without organizational learning from failures. Despite valuable suggestions by its working group, the NSC of Japan did not consider the risk of SBO and did not understand the damage caused by high complexity and tight coupling embedded in large-scale and complex systems, such as nuclear power plants. The problems associated with high complexity and tight coupling should be addressed, and discussion of how major disasters such as the Fukushima Daiichi disaster should be prevented within the framework of organizational rather than personal aspects is valuable. However, few analyses of the Fukushima Daiichi disaster have been performed from an organizational viewpoint.
As indicated by Syed [24] and Pidgeon [11,12], similar disasters are highly likely to occur repeatedly worldwide if organizations fail to actively and continually learn from failures, identify the root causes, and take steps to prevent them. The difficulties in handling the Fukushima Daiichi disaster, which were amplified by high complexity and tight coupling, might be attributed to insufficient organizational and managerial emergency responses.
Under high complexity and tight coupling, accurately predicting the cascade of errors or failures that will emerge and behaving rationally are difficult, as described in Section 2.3. Owing to confirmation bias, people tend to listen only to opinions that are consistent with their expectations and do not accept opinions that counter their expectations. That is, the mind’s limited rationality, particularly confirmation bias, prevents attention from being paid to the unexpected events caused by the high complexity and tight coupling of a system. Therefore, organizations are frequently vulnerable to irrational behaviors that result in failures (e.g., Section 2.3.1, Section 2.3.2, Section 2.3.3, Section 2.3.4 and Section 2.3.5) leading to disasters. Evaluating whether a system is in a state of high complexity and tight coupling and reducing these characteristics should be effective in avoiding major disasters. The root causes may plausibly lie in organizational failure to recognize the risk of high complexity and tight coupling embedded in large-scale systems and to manage the risk appropriately.
In general, effective communication within an organization or between organizations is significantly impacted if there is information asymmetry [25]. Furthermore, as pointed out by Antonsen [26], the asymmetry of authority also hinders communication within an organization or between organizations. TEPCO’s authority and the regulators’ dominant asymmetry impeded the review and in-depth analysis of both optimistic and pessimistic scenarios related to nuclear safety and the ability to appropriately account for the high complexity and tight coupling embedded in the Fukushima Daiichi nuclear plant. In other words, the asymmetry of authority induced confirmation bias, making it difficult to openly discuss the safety risks due to high complexity and tight coupling and to prepare for such risks that constituted direct causes (1)–(5), as described above. All the plant’s organizational levels should have equal risk prevention decision-making authority and be knowledgeable about critical nuclear power safety issues. If asymmetry of authority occurs in an organization, such an organization cannot reduce the complexity and loosen the coupling in a large-scale system, leading to significant safety risks.
Understanding the asymmetry of authority seems essential for managing large-scale nuclear power plants with high complexity and tight coupling. Figure 1 summarizes the identification of root causes underlying such direct causes (see Section 2.2). As described in Section 2.3, high complexity and tight coupling were observed in malfunctions and problems related to direct causes (1)–(5) of the Fukushima Daiichi disaster. TEPCO’s organizational failure and the inability of the regulators to recognize and manage the risks related to high complexity and tight coupling of the investigated nuclear power plant hindered open discussion and effective communication (see Figure 1) that would allow identifying such direct causes (1)–(5).
Perrow [1] has stressed the fatalism or inevitability of disasters within the framework of normal accidents. However, Turner and Pidgeon [9] advocate for the importance of organizational, managerial, and communication factors in handling disasters occurring in complex and tightly coupled systems. Notably, if no action is taken, major disasters cannot be avoided, as suggested in normal accident theory [1,2]. Turner and Pidgeon [10] believe that such disasters are foreseeable and that their effects can be minimized as long as organizational and managerial approaches penetrate sufficiently in an organization. Pidgeon [11,12] supports this claim, stating that disasters occurring in complex and tightly coupled systems can be prevented by fostering high-reliability organizations [27]. To this end, organizations must practice collective mindfulness toward safety, open communication, and long-term learning within the organization by removing asymmetry of authority.
The recognition of insufficient organizational and managerial approaches to emergencies can help cultivate high-reliability organizations that can respond robustly to disasters occurring in complex and tightly coupled systems. Weick et al. [28] also concluded that organizations with the ability to manage the unexpected should adopt organizational mindsets such as a preoccupation with failures, deference to expertise, and commitment to resilience.
Effective measures to prevent serious disasters from occurring are (1) recognize the impact of high complexity and tight coupling and the human vulnerability to cognitive biases, such as confirmation bias, particularly during emergencies, (2) remove asymmetry of authority and promote open discussion on safety issues within an organization and between organizations, and (3) lessen the complexity and loosen the coupling of plants or systems in preparation for future disasters. If sufficient time is taken to enhance the ability to forecast the unpredictable interactions among components in a system with high complexity and tight coupling, to build a plant with reduced complexity (increasing visibility), to loosen coupling (adding slack), and to cultivate high-reliability organizations, disasters can be prepared for, responded to, and mitigated. If high complexity and tight coupling embedded in a system are not addressed deliberately, efforts to address an emergency will presumably interact in unexpected ways and undermine all safety countermeasures, as occurred at the Fukushima Daiichi plant. This issue of preventing a major disaster could be effectively addressed through creating high-reliability organizations [11,12,27] without asymmetry of authority.
For organizations to be robust and less vulnerable to the negative effects of high complexity and tight coupling—such as invisibility, unpredictability, little slack, and amplification of failures—we should promote organizational management that can recognize and understand irrational behavior, on the basis that irrational organizational management of failures under high complexity and tight coupling can trigger major disasters. The following organizational management policies are recommended, providing that asymmetry of authority is removed as much as possible:
(1)
Redundancy of technologies and human resources to reduce complexity and tight coupling
(2)
Continual learning through feedback from one’s own and others’ experiences of failure
(3)
Collective mindfulness toward safety within an organization
(4)
Climate of open discussion of safety-related issues.
The major points in this study are summarized in Figure 2.

4. Conclusions

When high complexity and tight coupling are embedded in large-scale systems, the system components can interact unpredictably, particularly in emergencies. Therefore, organizations are more vulnerable to managerial failures and cannot rationally prepare for and manage emergencies. Even without active preparation for emergencies occurring within systems with high complexity and tight coupling, we tend to presume that an emergency can somehow be controlled. It can be reasonably concluded that one of the root causes of the Fukushima Daiichi disaster was the organizational failure to manage a system with high complexity and tight coupling and to reduce these two characteristics.
This study showed that high complexity (unpredictability and invisibility) and tight coupling (lower slack and amplification of consequences) underlay the identified direct causes. We conclude that fostering high-reliability organizations without asymmetry of authority that can learn appropriately from failures and predict interactions among components might be an effective countermeasure for future disasters in complex and large-scale systems.

Author Contributions

Conceptualization, A.M.; methodology, A.M. and W.K.; validation, A.M. and W.K.; formal analysis, A.M.; investigation, A.M.; resources, A.M.; writing—original draft preparation, A.M.; writing—review and editing, A.M. and W.K.; supervision, A.M. and W.K. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Perrow, C. Normal Accidents: Living with High-Risk Technologies; Princeton University Press: Princeton, NJ, USA, 1999. [Google Scholar]
  2. Perrow, C. The Next Catastrophe: Reducing Our Vulnerabilities to Natural, Industrial, and Terrorist Disasters; Princeton University Press: Princeton, NJ, USA, 2011. [Google Scholar]
  3. Gladwell, M. The ethnic theory of plane crash. In Outliers; Back Bay Books: New York, NY, USA, 2008; pp. 206–261. [Google Scholar]
  4. Asahishimbum. Proposal of Countermeasures Prepared for SBO in 1993-18 Years Ago from Fukushima Daiichi Disaster. 2011. Available online: http://www.asahi.com/special/10005/TKY201107130644.html (accessed on 28 June 2019). (In Japanese).
  5. The National Diet of Japan; Fukushima Nuclear Accident Independent Investigation Commission. The Official Report of the Fukushima Nuclear Accident Independent Investigation Commission; National Diet of Japan Fukushima Nuclear Accident Independent Investigation Commission: Tokyo, Japan, 2012.
  6. Clearfield, C.; Tilcsik, A. Meltdown-Why Our System Fails and What We Can Do about It; Penguin Press: New York, NY, USA, 2018. [Google Scholar]
  7. Perrow, C. Fukushima and the inevitability of accidents. Bull. At. Sci. 2011, 67, 44–52. [Google Scholar] [CrossRef]
  8. Perrow, C. Fukushima, risk and probability: Expect the unexpected. Bull. At. Sci. 2011, 67, 53–61. [Google Scholar]
  9. Perrow, C. Nuclear denial: From hiroshima to fukushima. Bull. At. Sci. 2013, 69, 56–67. [Google Scholar] [CrossRef]
  10. Turner, B.; Pidgeon, N. Ma-Made Disaster; Wykeham Science Press: London, UK, 1997. [Google Scholar]
  11. Pidgeon, N. In Retrospect: Normal accidents. Nature 2011, 477, 404–405. [Google Scholar] [CrossRef]
  12. Pidgeon, N. Complex organizational failures-culture, high reliability, and lessons from Fukushima. Bridge Natl. Acad. Eng. Fall 2012, 42, 17–22. [Google Scholar]
  13. National Research Council of the National Academy. Lessons Learned from the Fukushima Nuclear Accident for Improving Safety of US Nuclear Plants; National Academies Press: Washington, DC, USA, 2014. [Google Scholar]
  14. National Research Council of the National Academy. Lessons Learned from the Fukushima Nuclear Accident for Improving Safety of US Nuclear Plants-Phase 2; National Academies Press: Washington, DC, USA, 2016. [Google Scholar]
  15. NHK Meltdown Investigation Group. Meltdown-Truth about Chain of Events; Koudansya: Tokyo, Japan, 2013. (In Japanese) [Google Scholar]
  16. NHK Meltdown Investigation Group. Seven Puzzles of Fukushima Daiichi Disaster; Koudansya: Tokyo, Japan, 2015. (In Japanese) [Google Scholar]
  17. Hirose, T. Fukushima Meltdown—The World’s First Earthquake-Tsunami-Nuclear Disaster; Lummis, D., Ed.; CreateSpace: North Charleston, SC, USA, 2011. [Google Scholar]
  18. Murata, A. Cultural aspects as a root cause of organizational failure in risk and crisis management in the Fukushima Daiichi disaster. Saf. Sci. 2021, 135, 105091. [Google Scholar]
  19. Gladwell, M. Blowup. In What the Dog Saw; Little, Brown and Company: New York, NY, USA, 2009; pp. 345–358. [Google Scholar]
  20. Anderson, B.; Fagerhaug, T. Root Cause Analysis-Simplified Tools and Techniques; ASQ Quality Press: Milwaukee, WI, USA, 2006. [Google Scholar]
  21. Pillay, M. Advancing organisational health and safety management: Are we learning the right lessons? In Advances in Safety Management and Human Factors (Advances in Intelligent Systems and Computing 604); Arezes, P., Ed.; Springer: New York, NY, USA, 2017; pp. 37–44. [Google Scholar]
  22. Reason, J. Managing the Risks of Organizational Accidents Revisited; Ashgate Publishing: Farnham, UK, 1997. [Google Scholar]
  23. Reason, J. Organizational Accidents Revisited; Ashgate: Farnham, UK, 2016. [Google Scholar]
  24. Syed, M. Black Box Thinking: Marginal Gains and the Secrets of High Performance; John Murray Publishers Ltd.: New York, NY, USA, 2016. [Google Scholar]
  25. Akerlof, G.A. The market for ‘Lemons’: Quality uncertainty and the market mechanism. Q. J. Econ. 1970, 84, 488–500. [Google Scholar] [CrossRef]
  26. Antonsen, S. Safety Culture: Theory, Method, and Improvement; Ashgate: Farnham, UK, 2009. [Google Scholar]
  27. Roberts, K.H.; Rousseau, D.M. Research in nearly failure-free, high-reliability organizations: Having the bubble. IEEE Trans. Eng. Manag. 1989, 36, 132–139. [Google Scholar] [CrossRef]
  28. Weick, K.E.; Sutcliffe, K.M. Managing the Unexpected: Sustained Performance in a Complex World; John Wiley & Sons: Hoboken, NJ, USA, 2015. [Google Scholar]
Figure 1. Summary of the investigation of root causes in the Fukushima Daiichi disaster.
Figure 1. Summary of the investigation of root causes in the Fukushima Daiichi disaster.
Symmetry 13 00414 g001
Figure 2. Summary of this study. Prevention of major disasters in large-scale systems with high complexity and tight coupling through fostering high-reliability organizations without asymmetry of authority.
Figure 2. Summary of this study. Prevention of major disasters in large-scale systems with high complexity and tight coupling through fostering high-reliability organizations without asymmetry of authority.
Symmetry 13 00414 g002
Table 1. Identified high complexity and tight coupling underlying the direct causes in Section 2.3.1, Section 2.3.2, Section 2.3.3, Section 2.3.4 and Section 2.3.5.
Table 1. Identified high complexity and tight coupling underlying the direct causes in Section 2.3.1, Section 2.3.2, Section 2.3.3, Section 2.3.4 and Section 2.3.5.
Direct CauseHigh ComplexityTight Coupling
UnpredictabilityInvisibilityLess SlackAmplification of Consequence
Section 2.3.1. Overlook of loss-of-coolantInteraction of IC with the situation of plant (SBO or normal)State of TAF and whether IC is working or notUndoing the process of failures is impossibleContinued loss-of-coolant and DC power shutdown ⇒meltdown
Section 2.3.2. Failure to cool the nuclear reactorInteraction of piping systems with on or off of the power of reactor cooling systemState of feeding water (success or failure)Undoing the process of failures is impossibleAggravation of meltdown
Section 2.3.3. Delayed recovery of DC power sourceEffect of the priority “water drainage to the storage pool of spent fuel ⇒ DC power source recovery”Validity of the priority “water drainage to the storage pool of spent fuel⇒DC power source recovery”Undoing the process of failures is impossibleAggravation of meltdown and explosion of the storage pool of spent nuclear fuel
Section 2.3.4. Delayed vent operationInteraction of vent operation with temperature (27 °C or higher temperature) or situation of the plant (SBO or normal state)State of MO and AO valves and success or failure of ventUndoing the process of failures is impossibleFailure of vent and release of a large amount of radioactivity in the air (serious radioactivity contamination)
Section 2.3.5. Failure to decompress the pressure vesselInteraction of the state of SR valve with the state of plant (SBO or normal) or the pressure inside a reactor container (75 Pa or less than 75 Pa)Pressure inside the reactorUndoing the process of failures is impossibleFailure of decompression of a reactor and vent and serious radioactivity contamination
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Murata, A.; Karwowski, W. On the Root Causes of the Fukushima Daiichi Disaster from the Perspective of High Complexity and Tight Coupling in Large-Scale Systems. Symmetry 2021, 13, 414. https://0-doi-org.brum.beds.ac.uk/10.3390/sym13030414

AMA Style

Murata A, Karwowski W. On the Root Causes of the Fukushima Daiichi Disaster from the Perspective of High Complexity and Tight Coupling in Large-Scale Systems. Symmetry. 2021; 13(3):414. https://0-doi-org.brum.beds.ac.uk/10.3390/sym13030414

Chicago/Turabian Style

Murata, Atsuo, and Waldemar Karwowski. 2021. "On the Root Causes of the Fukushima Daiichi Disaster from the Perspective of High Complexity and Tight Coupling in Large-Scale Systems" Symmetry 13, no. 3: 414. https://0-doi-org.brum.beds.ac.uk/10.3390/sym13030414

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop