Skip to main content
Heltaher
Heltaher

The Resilience Premium

Key Insights Across the Series
#

  • The SRR equation reveals the independence test: Safety Return on Redundancy (SRR) = Reduction in failure probability per redundancy layer ÷ (cost of that layer ÷ total system cost). A positive SRR > 1 requires that the redundancy layer reduces failure probability by more per unit cost than the investment it represents. This is only possible when the failure modes of redundant layers are genuinely independent.

  • Shared vulnerability is invisible until the moment it matters: The most dangerous form of redundancy is the kind that appears protective on paper but fails correlated — all layers inside the same geographic envelope, all dependent on the same infrastructure, all vulnerable to the triggering event. Fukushima's diesel backup generators and its seawall were both real redundancy investments; both failed in the same moment because they shared the same vulnerability to tsunami inundation. The SRR for each layer, evaluated honestly, was approximately zero.

  • Redundancy can increase failure probability: If a safety system introduces new failure modes — its own failure pathways, human interface errors, or complexity-induced vulnerabilities — the net effect on system reliability can be negative. Boeing's MCAS was conceived as a stability-augmentation safety feature. In the configuration shipped to customers, it was a single point of failure with authority to override any crew input. The paradox is that adding a safety layer decreased rather than increased system reliability when the layer's own failure mode exceeded the risk it was meant to address.

  • High-SRR redundancy is structurally engineered, not procedurally declared: Aviation's ETOPS record demonstrates that SRR > 1 is achievable at scale. The key is that engine independence in commercial aircraft is not a policy — it is a physical architecture. Separate fuel systems, separate hydraulic circuits, separate electrical generators, separate fire suppression. Independence is enforced by the design, not declared in the operating manual. The distinction between engineered independence and procedural independence determines whether redundancy genuinely reduces failure probability.

  • The SRR framework reframes resilience from cost to investment: Conventional safety cost analysis treats redundancy as an overhead — the additional expense of a backup system that will never be needed except in rare events. The SRR framework reframes redundancy as an investment with a measurable return: the reduction in failure probability per unit of cost. Systems with high SRR generate large returns on safety investment (measured in reduced incident rates, reduced liability, extended operational envelope) compared to their cost. The resilience premium is the difference in total cost between a high-SRR system and the failures it prevents — a quantity that is consistently underestimated before the event and painfully apparent afterward.

References
#

  1. Reason, J. (1990). Human error. Cambridge University Press.
  2. Reason, J. (1997). Managing the risks of organizational accidents. Ashgate.
  3. IAEA. (2015). The Fukushima Daiichi accident: Technical volume 1 — Description and context of the accident. International Atomic Energy Agency.
  4. National Diet of Japan. (2012). The official report of the Fukushima Nuclear Accident Independent Investigation Commission. National Diet of Japan.
  5. Joint Authorities Technical Review. (2019). Joint authorities technical review of the Boeing 737 MAX flight control system. Federal Aviation Administration.
  6. Ethiopian Accident Investigation Bureau. (2020). Aircraft accident investigation preliminary report: Ethiopian Airlines Group, Boeing 737-8 MAX, registration ET-AVJ. Ethiopian Accident Investigation Bureau.
  7. National Transportation Safety Board. (2019). Preliminary report: Safety issues identified during the investigation of the Lion Air Flight 610 accident. NTSB.
  8. Wood, S., & Goddard, J. (2011). Fukushima: The facts. Bulletin of the Atomic Scientists, 67(4), 1–8.
  9. Boeing Commercial Airplanes. (2018). 737 MAX flight crew operations manual bulletin: Runaway stabilizer. Boeing.
  10. Federal Aviation Administration. (2011). ETOPS and polar operations, FAA Advisory Circular 120-42B. FAA.
  11. Heinrich, H.W. (1931). Industrial accident prevention: A scientific approach. McGraw-Hill.
  12. Leveson, N.G. (2011). Engineering a safer world: Systems thinking applied to safety. MIT Press.
  13. Perrow, C. (1984). Normal accidents: Living with high-risk technologies. Basic Books.
  14. Hollnagel, E., Woods, D.D., & Leveson, N. (Eds.). (2006). Resilience engineering: Concepts and precepts. Ashgate.
  15. Aven, T., & Vinnem, J.E. (2007). Risk management: With applications from the offshore petroleum industry. Springer.