User login


You are here

Topic 37: Reliability in the wake of a mega-storm

Ryan Grekowicz's picture

When disasters like Hurricane Sandy occur, there have to be lessons that are learned so that in the future, the impacts of such storms can be minimized.  One of the reliability related lessons that I believe can be taken away from this horrible mega-storm which hit the east coast of the United States has to due with the emergency generator systems in hospitals.  These generators are the single barrier between life and death for hundreds of patients in the case of an electrical outage; everybody from premature babies in the Neonatology Itensive Care Units (NICU) who are just beginning a life, to the elderly on life support who are just completing their life.  This generator system must be able to perform to design whenever it is needed; as a result, very expensive equipment is installed, and a highly regulated inspection and test regime is in place.

During Hurricane Sandy, despite the evacuation of New York City, many hospitals were planning on operating throughout the storm.  There was just one problem, engineers never planned on the basements of the hospitals to completely flood.  So despite the equipment and the inspections, the generators failed to perform because key fuel and water pumping systems were located in the basement, and they were not capable of operating when the basements flooded.  This highlights a very important aspect of reliability, the most reliable of equipment won't perform if it's not installed correctly, or if the appropriate environmental considerations aren't accounted for.  It can be debated whether this should have been taken into consideration during the design, or was this truly an "Unknown - Unknown"; therefore there was no way to predict it.  I just hope that hospitals in my city of Houston, Texas are undergoing an effort to determine if flood waters would impact their backup generators because downtown Houston being inundated with flood waters is definitely an "identified risk".


Kareem Saheed Remi's picture

This scenerio you highlighted, to me, is more of adequacy of risk assessment than reliability issue, this is because if the fuel and water pumping systems were located at higher level than the basement the generator would have performed as needed. I want to believe that at the design stage much thoughts were not given to possibility of flood of such magnitude. That is more reason why most of the risk assessment tools like similar occurrence in the past, equipment history, environmental factor etc might not be enough and cannot not give a forecast of what will happen next. Risk assessment should not cover only "what has happened in the past" it should also capture "what could possibly happen under unusual circumstance". That is why it is good that risk assessment should involve and cut across all engineering fields and the assessment should be reasonably taken outside the box.
In summary, i would say level of risk assessment carried out determines the level of reliability and availability of installation.

Kareem R. Saheed

Foivos Theofilopoulos's picture

Ryan, you make a very interesting point here. This could be an issue of reliability only in case we were talking about equipment designed to be fully submerged under water. Since this was not their original design, then they didn't fail their intended purpose. As Professor Moan mentioned in the LRET lecture, this has to do with how far you want your design to take you. Is it a hundred-year storm (as per the definition of a hundred-year wave [1])? Is it a thousand-year storm etc. What I see looking at the extensive readiness and mobilization in the state of New York, it could not have been an "unknown-unknown", since the East Coast has seen a lot of freak storms and tornados and whatnot. I do not think that it was the first time water flooded basements and key structures, so it was not a possibility they were not prepared for. Maybe the modifications needed to keep the structures dry were too expensive. Maybe it was a failure of, say, the sewer and drain system of the city rather than of the hospital buildings.

In any case, we cannot make assumptions whether this was a case of wrong risk assessment or it was a calculated risk that was allowed to happen. One key phrase from the article you posted is "Langone didn't anticipate such heavy flooding from Sandy". There lies the human error present in all risk assessment cases.


Tony Morgan's picture

It will likely be some time before we have any real details on exactly how the city performed against its emergecny preparedness plans and maybe we shall never know how the hospitals risk assessed their power systems but i for one would like to give them the benefit of the doubt and propose that maybe, just maybe they got it spot on.

Risk assessment as we are learning is all about eliminating or reducing the risk to as low as reasonably practical. Taken at this face value then this was likely achieved.

Yes unforeseen events have to be considered. But only considered. Their liklehood and impact must be scored and some kind of mitigation put in place.

If we take this case then assuming that the risk was considered it could note be eliminated therefore it would then likely be scored low on likleyhood and high on impact thereby resulting in something more REAL being given the CAPEX.

i'm sure there are practical reasons why base ments are used for the equipment ( although that may be the most obvious lesson to be learned to dedicate a 3rd or 4th floor to the equipment room instead of the basement.?)

As suggested another mitigation might be increasing the specifications or design of equipment to allow them to operate submerged ( presumably far too costly considering the liklehood of the event)

To give the engineers and authorities the benefit of the doubt -

The mitigation they decided on ( in tryin to balance the CAPEX and OPEX) might have been the training of people and provision of the most basic equipment needed to allow the safe support and maintenance of neonatal units and babies as noted here [1] and if this was the decision then i am more than happy to support the use of the simplest solution to mitigate the risk and allow expenditure on the other risks with high liklehood and high impact scoring.


tony morgan

Oluwasegun Onasanya's picture

From Ryans comment, i am of the opinion that before the hospitals basement got flooded, the generators were adequately reliable, on stand-by
and ready to run as at when needed. I am also of the opinion that a good maintanence programme must have been in place to ensure that the geneators
will be able to perform their intended purpose, so just like Kareem said in his post, i beleive it is not an equipment reliability issue.

I stand to be corrected, i beleive such problems have not been encountered before and if it has, may be not to the extent and level that was experienced
during the Hurrica Sandy storm. The reason is that records would have showed that there was flooding in the basement preventing the generators from running
and recommendations and solutions would have been put in place and that would have taken care of the Sandy experience.

Flood management in situations like this and their impacts on stationary structures should be looked into critically, as more lives could be lost not directly
from the flood but indirectly from events that could be generated thereafter.
Basements could also be designed with systems that prevents flooding or dispersed the flood away from the basement as possible, so that critical equipments like the generators which are life savers at that point in time, will be readily available for use and that will hep save more lifes.


Ryan Grekowicz's picture

I just wanted to thank the classmates who have posted on this blog, you bring up some very good points for discussion.  There are a couple comments made above to which I would like to respond and give my opinion:

1.  "this scenario is more of an adequacy of risk assessment than a reliability issue"  My response to this would be that I agree that this is a risk assessment issue, but I don't believe that you can segregate risk assessment and reliability, these topics are too intertwined.  I would like to first reference a quote from the first paragraph of the lecture notes provided by Dr. Tan entitled "Introduction to Reliability Concepts".  In the notes, Dr. Tan says "it is the role of the engineer to plan for the future and ensure that any system can cope with the demands that are placed on it in service - up to a point."  The engineers who designed the components (ie. pump, generator, fuel system) did not fail in their design, but the engineers who designed the "system" might have failed their jobs.  I would have to know more information in order to determine that.  The storm had a surge of about 4m, which equates to approximately a 1,000 year storm, if the engineers were only supposed to design to a 100 year storm level, then they did not fail, but if they were supposed to design to a 1,000 year storm, then they did fail.  My guess is that nobody anticipated this size storm surge, so the engineers did not fail; but engineers for future projects or engineers in other cities susceptible to flooding need to learn from this and modify their designs.  My point is that the system could not cope with the demands that were placed on it, therefore it is a Reliability Issue, and the reason that it couldn't cope with the demands was because there was a risk which had not been previously identified.

2.  While referring to the generators, it was said that "they didn't fail their intended purpose".  I agree that since some of the pumps were not designed to be able to operate underwater, the pumps did not fail their intended purpose, but the system's intended purpose was to provide backup power in case of emergencies, so I would say that the system did in fact fail its intended purpose. 

mohamed.elkiki's picture

I agree with you Ryan that even if engineers fail to take in consideration this nature phenomenon, other engineer should be careful and put in their calculation some factor for this nature phenomenon. However, engineer are always concerned about logic and math. Therefore, engineer cannot just add a factor for happening of nature disaster that he already doesn't know anything about it or how strong it can be in order to design system that can tackle it. Nature phenomenon can be difficult to predict. in my opinion engineers have no rule in this area, because it is beyond the seance of logic and math and can not be predicted. From another point of view, if engineers just put some huge factor in order to be sure whatever nature phenomena happened the system can tackle, this all correspond to the cost of the system and of course , engineers can not present to managers some extra costs and telling them this is for safety reasons in case an up normal natural phenomenon happened. we are dealing with something beyond our capability. safety can be achieved by certain limit but when nature thing happened don't say its the fault of the system or the engineer because it is not.





/* Style Definitions */
{mso-style-name:"Table Normal";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-fareast-font-family:"Times New Roman";

Uko Bassey's picture

The same flooding issue was the major cause of the March 11, 2011 Fukushima nuclear disaster but this one was more deadly even higher than the Chernobyl disaster of 1986. In this case, the engineers took adequate risk assessment and factor in the possibility of flood but the height of the flood exceeded their factor of safety and destroyed the stand by generators that were responsible to supply coolant to the reactors to keep it from melting. The flooded generators failed, cutting power to the critical pumps that must continuously circulate coolant water through a nuclear reactor to keep it from melting down. As the pumps stopped the, reactors overheated due to high radioactive decay heat that normally continues for hours or days after a nuclear reactor shuts down. Also the situation would have been arrested earlier by cooling it with seawater (salt water) but the Government did not want to destroy the costly reactors just. Salt water flooding was delayed because it would ruin the costly reactors permanently. Flooding with seawater was finally commenced only after the government ordered that seawater be used, and at this point it was already too late to prevent. Points to note in this case, sometimes our perceived, calculated and designed factor of safety are insufficient and that is another reliability challenge. Secondly, in the event of mega storm like this some key decisions should be taken at right time. This calls for massive emergency response programme.

Soseleye F. Ideriah's picture

A feat worth emulating would be the one achieved at Princeton University’s leafy campus. The university got hit by the storm but managed to stay lit by tapping its own smaller version of the power grid – a “microgrid” [1]. The micro grid provides a small scale version of the centralized electricity system. Microgrids achieve specific goals, some of which are reliability, lower carbon emissions and cost reduction. Backup generators may run out of fuel, fail to start or breakdown. Microgrids like the one at Princeton are highly efficient, tapping into reliable gas fired generators, wind turbines or solar panels. Microgrids have been found to supply energy even if the grid is out for days but they cost a lot to set up. 

Princeton wasn’t the only institution that benefitted from microgrids during the hurricane sandy. New York University, South Windsor High School and a US federal drug administration facility in Maryland also benefitted from their independent microgrids.



Hanifah N. Lubega's picture

I guess all we are all driving down to is disaster/emergency
preparedness and this comes all the way from Environmental impacts assessments
(EIA) carried out before these structures are put in place to risk assessments
which look at possible failures and/or reliability of safety systems and
possible mitigation measures. You will agree with me that one of the biggest
challenges the safety industry is facing is the issue of uncertainty especially
when it comes to natural disasters. Some of them may be predicted or detected
before they occur, but sometimes the extent of damage/consequence may not be
established especially in this climate change era where previous events cannot
be compared accurately, making it difficult to manage the risk.

The other thing is that I think we sometimes undermine
certain environmental concerns claiming the superiority of engineering (We can
build anywhere) and technology, because such places I imagine should have
adequate buffer zones (flood protection areas) from the water body/sea such
that the severity of the impact is reduced. So before we think of the hospital
and generator failure that this topic seems to be emphasising, let’s start from
questions of whether an EIA was carried out where such disasters in relation to
previous scenarios could be predicted and incorporated in the design.

As a person with some environmental background, I therefore
think it is important to include environmental impacts as we predict system failure
probabilities and/or reliability. I know its being done to some extent but maybe it requires more emphasis.

farman oladi's picture

Biomass energy can theoretically be made
from any material that is, or was, living such as Wood Energy , Water Energy
consist of municipal solid waste, manufacturing waste and land fill gas ,
Biofules which are Ethanol , Biodiesel  ,

Dilution of land and water is by far less
through Biomass  energy compared to
fossil energy .  However  throw burning Biomass  it can pollute  the air . it is important to know that in
some locations there are bans on burning wood since it has a substantial
pollution to the air .

Due to new technology based on combustion
engineering and advancement of pollution control , emission from biomass
industry  has by far been less than
fossil fuel . According to a study carbon based ethanol nearly doubled
greenhouse gas emission over thirty years.

As a report issued in March 2012 in Monthly
Energy review in USA , consumption of Biomass is only 4.5% in comparison to
95.5 % of other sources of energy in use . 
United State has already joined Brazil as the world leading producer of ethanol
to produce 40 % of expected corn harvest to increase production capacity of

Based on current studies Biomass advantages
is more beneficial to future of humanity due to no  Sulfur emission , in comparison to
conventional Diesel Fuel  .

Despite recent growth, while it makes sense
in theory, the practicalities are far too complex  ,biomass 
still remains a small fish in the ocean of global energy markets

Trevor Strawbridge's picture

Its a fair point that if you have back up generators for emergency use, then they should be well maintained particularly in hospitals. However, New Yorkers may have taken their climate for granted here; to adopt the phase "that'll never happen here" and as a result the generators housed in the basements of these buildings, as well maintained as they may have been; were actually useless due to flood water. The point is that New York City never considered the consequences of this type of storm, but then should they have where they are situated on our globe? Maybe so. Regardless, NYC have lessons for the future, as do many of the other affected states, and hopefully the good people of New York and its neighbouring states will act upon whatever lessons transpire from this tragedy.

RossWinter's picture

I agree with many of my classmates, it isn't a reliability issue with the failing of the generators, the failing is with the planning and implementing them in an area where, if flooded, could cause damage to the machines. Obviously the risk assessment in the implementation of the generators in the basement thought that is was highly unlikely that this was a likely event to occur. The bigger worry was that much of New York was without power for over a week, due to a power station being affected. Being located on the East Coast of America, they must have known that these storm events are likely to occur and even if they didn't think it was possible that is would happen to them, they still should have had measures in place to survive the most severe storms due to the vital nature electricity has on our lives in the modern world.

Ross Winter Msc Renewable Energy

YAKUBU ABUBAKAR 51126107's picture

In addition with my friend Ryan said about, I want to say Mega
storm especially the recent  hurricane sandy
which occur in the united states is a natural phenomenal in which human have
little or no control over it, which has a devastating effect to life and
property to the coastal city.

During that event in the ocean city in the US over five
million people are cut off with electricity and most of the streets are
flooded, with schools, offices and hospital destroyed.

I’m not sure how reliability arrangement can change or safe
anything when disaster of this nature strike, but the only good news is that
this kind of mega storm can be predicted correctly where by people can take
action by evacuating the area and go to safer areas.

And that is what happen in the wake of hurricane sandy but
still many people decide not to leave and therefore got cut off in the mega
storm with its devastating effect.

What is important for safety here is rapid response to
disasters and emergency preparedness to limit the number of casualties and loss
of sensitive properties by prompt evacuation before and during disasters like
mega storm.



Adejugba Olusola's picture

I agree with Saheed that the issue is on adequacy of risk assessment rather than reliability. It is pertinent to note that while these storms are not uncommon in the east coast of the US in recent past, the associated flooding in the scale of Katrina has happened only in the past couple of events.


This same issue of the adequacy of risk assessment could be said to be a key factor in the after-effects of the Tsunami that hit the coast of Japan. The word “Sotegai – outside our imagination" came to the fore. The Fukushima nuclear facilities had been designed by mechanistic safety analysis to withstand the strongest earthquakes at the 8.6 magnitude level for the Fukushima prefecture but the 6m protective wall built from calculations was insufficient to handle the 14m-high tsunami wave{1} that hit facility resulting in the flooding and eventually, this was their undoing. The diesel tanks supplying the generators were swept away by the tsunami flood leading to loss of power generation and the rest is what we now know of the story of how they had to battle to prevent the accident from deteriorating to a full scale disaster.


I guess it can be argued that the resulting consequences from the two main events were pretty much foresee-able but hindsight is a wonderful thing not forgetting these facilities were designed & constructed over 20years ago.

 Human factors will always play a part in the limitation of risk assessments as long as the design and risk assessments are done by humans. However, engineering experience, lessons learnt, adoption of new technology and industry best practices will aid in reducing the likely influence of human factors on the limitation of risk assessment. 


1.      M. Ragheb. “Fukushima Earthquake and Tsunami Station Blackout Accident”. 2012

Emmanuel Mbata's picture

My own opinion:  Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and recognized threat(also called hazard)When it comes to natural disaster, it is almost impossible for now to quantify the risk associated to it because the magnitude or the devastating effect can not be seen until after impact.

Like the example you gave above concerning fukushima, the engineers built the walls of the reactor to withstand the strongest earthquarke, that is as a result of risk assessment they did, but that proof insufficient when a storm greater their imaginations came.

Risk assessing a natural disaster is almost imposible, this are "known unknowns". I think, improving emergency response and ensuring that the safety critical elements are available and functions during a disaster will minimise the fatality.




sreehariprabhu's picture

I agree with friends who question about the reliability. Since it was a natural disaster which lead the incident, I think it is not related to reliability. The defenition of reliability is the ability of a system or component to to perform its required functions under stated conditions for a specified period of time. So during the design, the Engineers might have not made the equipments to be performing their functions during a powerful storm. If these equipments failed during their routine working process, we can question about the reliability.

I also agree with Mbata since during a risk assessment, we cannot actually predict how much impact a natural disaster can bring. So during risk assessments, the Engineers can design the plant only according to the past natural disaster record that they can get. They cannot predict the impact of the forthcoming disasters and design for it. This is because, if they do so, it will be an expensive task to carry out design for the maximum impact. So the only way to mitigate problems during these kind of situation is that you have to make sure the safety critical elements are not struck by great impact. A huge disaster can be prevented if atleast this is carried out.

Sreehari Ramachandra Prabhu

Bassey Kufre Peter's picture

My colleagues have
given a lot of insight on the this topic, though storm is a natural phenomenon
and we do not necessarily have a total control over it, but with proper Risk Assessment which will certainly
include  getting a Metrological data from
the weather department  from which the
weather condition of a given geographical location can be predicted upfront, we
can always design our systems for reliability incase of such occurrence  by always designing for the worst scenario so
that even if the system fails, it fails safely .

The Alaxander L.
Kielland disaster gave a more insight on this, I am sure if the weather
condition of the North Sea and its behavior were properly considered by the
Risk Engineers during the designing stage of the platform, they would have
recommended redundancy for critical
components such as the D6 bracing
, this decision would have certainly increase
the reliability of the platform during the event of the high storm.

I will say that as
Engineers, we should always consider the worst scenario in our designs as such
decision will always keep the risk associated with such system to As Low As
Reasonably Practicable.

Bassey, Kufre Peter
M.Sc-Subsea Engineering-2012/2013
University of Aberdeen.

Mohamed H. Metwally's picture


it is a great lesson to be leant, however I don't think any designer could have
accounted for that especially when assuming that the water would enter to
the basement and damage the generators...O my God, if he had accounted for that
he would have been accused of over-over-conservatism..!!!!

Now, Let us look at the solution
from a broader perspective....instead of putting the generators somewhere else
we should have a backup system of energy and it would be much better if it was
renewable energy...that is how it should be especially in hospitals when it
comes to our lives..... 


Subscribe to Comments for "Topic 37: Reliability in the wake of a mega-storm"

Recent comments

More comments


Subscribe to Syndicate