Technological vulnerability: How and Why Technological Systems are Vulnerable to Disaster?

[논둑길맨발로]

GETTING TO CATASTROPHE

CONCENTRATIONS, COMPLEXITY AND COUPLING

***

By Charles Perrow

***

The Montréal Review, December 2012

***

Complex Organizations (1972)	Normal Accidents (1984)	Organizing America (2002)	The Next Catastrophe (2007)

***

"[Perrow's] 1984 book Normal Accidents and his many publications analyzing how and why technological systems are vulnerable to disaster have achieved iconic status."

--The American Prospect Magazine

***

Complex Organizations was a serial of sorts. The first edition (1972) argued for the importance of bureaucracy in organizations - in contrast, most notably, to the human relations school that was then dominant - and for the importance of organizations in shaping society. True to the subtitle, A Critical Essay, its chapter on the institutional school argued that power played a larger role than the institutional school, and my mentor, Philip Selznick, admitted to. The 1979 installment expanded and sharpened the 1972 chapter on the environment; critically examined a new boy on the block, the population-ecology school; but gushed over another new entry, network analysis. In the last installment in 1986 the serial finally found the implicit theme in the previous ones and pushed for a power analysis of both the internal operation of organizations and especially their role in society. I have not moved from a power analysis since.

But back in 1979 I had been asked for a position paper on the accident at the Three Mile Island nuclear power plant in Pennsylvania. Something other than power was at work here, I quickly decided, and it was a dimension of organizational structure (complexity) and process (tight coupling) that had not been explored. The immense complexity of some industrial organizations and their tight internal connections occasionally allowed even some small local failures, inevitable in complex systems, to cascade through the system and bring it down. If the system also had catastrophic potential, perhaps it should not exist. In 1984, I published Normal Accidents, concerned with accidents in a variety of risky systems.

Normal Accident drew attention to two different forms of organizational structure that Herbert Simon had pointed to years before, vertical integration, and what we now call modularity. Examining risky systems in the Accident book, I focused upon the unexpected interactions of different parts of the system that no designer could have expected and no operator comprehend or be able to interdict. The difficulty of anticipating unexpected interactions appeared to stem from a system design that emphasized efficiency and speedy construction and speedy operation. In contrast, an equally complex design was a network of modules. This design anticipated the inevitable failure of some parts of a system, e.g. because of design mistakes, operator errors, faulty parts or supplies, poor procedures, or an unfriendly environment. It sought to decompose the vertical integration into modules, such that failures in one module would not cascade through the system, a design that loosened the coupling of parts. Modularity also allowed inventive designs within each module and allowed testing of independent modules rather than having to test the whole system.

Eight years later I published a book on a totally different topic: the 19th Century origins of the United States' distinctive form of capitalism, Organizing America. But there was a connection with the accident book, though I did not make it at the time. The first mass production organizations in the new country were the textile mills of New England. They were fully integrated systems; huge companies with highly specialized tasks, mass producing cheap fabrics, with a frozen technology. The firms owned the towns, the water supply that drove the mills, and, in effect, owned the workers and their families. Highly centralized, very efficient, and very profitable, they were all giants, though vulnerable to economic downturns and to disastrous fires and floods.

In contrast, the textile industry around Philadelphia, as large as the New England one, was made up of small firms, decentralized, innovative technologically, emphasizing high quality and producing more expensive fabrics. The firms were small, family owned, and constantly changing their ownership and employees. The towns in New England were barren of infrastructure, while those in Pennsylvania had good streets, technical schools, no worker dormitories, and generally good public services. If a firm did not get enough business to survive, its workers merely moved to another nearby that did get orders; owners became workers, as workers became owners; innovations spread rapidly as the experimenters - not locked into a huge mass production machine - moved about. "Renting rooms with power" resembled "changing jobs without changing your car pool," as in Silicon Valley a century later.

One important reason for the different industrial system was that laws of Massachusetts favored capital accumulation while Pennsylvania had laws that favored investments in public services such as transport, thus less capital was available for private ventures. With concentrated capital the Boston wealthy could build huge mills; with distributed capital, only small firms could prosper in Philadelphia. Prosper they did, until the end of the 19th Century when both New England and Philadelphia textile firms went into a slow decline because of foreign competition and cheaper labor in the southern states.

The US railroad industry started out, necessarily, as a number of small organizations geographically dispersed and mostly public or public-private in ownership. But by the middle of the 19th Century they were being privatized, and then mergers and consolidations took place until, by 1910, the hundreds were only four. Most of the profits came from long distance hauling. Accordingly, they structured the US economy around national centers instead of regional centers. Regional, decentralized development, "modules," so to speak, were favored by some in Congress such as Senator Robert La Follette Sr., who anticipated growing inequality if we allowed national centers of grain, meats, steel, or furniture. The efficiency and safety of some regional railroad lines was greater than the national lines, but the giant railroad corporations bought them out and even neglected their innovations.

The theme of consolidation, increasing the political power of corporations, was expanded when I looked at the growing vulnerabilities of systems with catastrophic potential in The Next Catastrophe (2007, 2011). The consequences of natural disasters, industrial accidents, and terrorist attacks, were all being magnified by increasing accumulations of hazardous substances in industries, concentrations of populations in risky settings, and concentrations of political power in parts of our critical infrastructures such as communications, finance, and transport. We needed vast decentralizations to meet the challenges of climate change, terrorism, and infrastructure interdependencies, yet the opposite has been occurring. Some systems, such as existing nuclear power plants, which could not be modularized or decentralized, simply should be abandoned because of their catastrophic potential- a conclusion I had reached in 1984 when I anticipated a major nuclear power plant disaster in the next decade. We had two in the next three decades: Chernobyl in 1986, Fukushima in 2011.

Neither of these two disasters were "normal accidents" and thus unpreventable. A normal accident is where everyone tries very hard to play safe, but unexpected interaction of two or more failures (because of interactive complexity), causes a cascade of failures (because of tight coupling). The combination of complexity and coupling will bring down the system despite all safety efforts. In November, 2012, 20 months after the accident at Fukushima, the responsible utility, TEPCO, finally reversed itself and admitted that they had been warned of the earthquake and tsunami dangers but chose to ignore them, and admitted many other management failures such as evading regulations, poor training of worker, lack of emergency preparedness, etc. They did not play safe. As with many other industrial disasters such as Bhopal, Chernobyl, Exxon-Valdez, and BPs Gulf of Mexico oil spill that I have written about, it was an accident waiting to happen because of management failures. It was aided by complexity and coupling but not caused by it.

The cause of another meltdown, the 2008 financial crisis that shook the world's financial markets and the world economy, is still the subject of debate, but it is clear that warnings were ignored for years. They came from risk assessors within the financial firms, from government agencies, some big investors and gurus such as Warren Buffet, thousands of newspaper and magazine articles, and a few hedge funds that stood to profit from the collapse by betting against firms with heavy subprime mortgage holdings. Even Goldman Sachs knew enough to bet against the loans they were selling to clients just before the collapse.

Deregulation and the increasing complexity of the financial system made it easy to "game" the system and engage in fraudulent behavior, and its tight coupling allowed the failures to cascade. But it was not the case that no one could anticipate the failures. Firms were making so much money on the new financial instruments such as derivatives that the warnings were ignored and fraud was easy. The system had been concentrating since the deregulations of the late 1990s, magnifying the risks. There had been a degree of modularity in the larger system when commercial and investment functions were forced to separate following the Great Depression of the early 1930s. But in 1999 the two activities were permitted to take place in the same firm. Within the firms, the short-run, risky and highly profitable investment activity prevailed over the longer term, low risk activity. The takeover was aided by the predominance of shareholder value interests (short run) over the broader stakeholder interests (long run). The latter had ruled since the prosperous post World War II period, but shareholder value interests gained prominence in the 1990s as firms turned to the stock market instead of commercial banks for investment capital.

The themes of Organizing America, Normal Accidents, and The Next Catastrophe are linked: Multiple, independent producers will distribute power and wealth more broadly; consolidation will concentrate wealth and power. Modular systems enhance safety by making complexity less interactive and coupling less tight; vertically integrated systems do the reverse. It will not be hard to apply these concepts to the "last catastrophe," global warming, which I am currently working on.

***

Charles Perrow is professor emeritus of sociology at Yale University. He has worked as a consultant for the U.S. military, the White House, and the nuclear-power industry.

http://www.themontrealreview.com/2009/Normal-Accidents-Living-with-High-Risk-Technologies.php

Technological vulnerability: a neglected area in policy-making

Prometheus, Vol, 7, No. 1, June 1989, pp. 49-60

Colin Kearton and Brian Martin

This work was supported by the Australian Research Grants Scheme. We thank the many employees of BHP Steel at Port Kembla who we interviewed for their cooperation and their valuable comments, and Michael McKinley, Stewart Russell, Pam Scott and an anonymous referee for useful comments on a first draft of this paper.

---

Go to

Brian Martin's publications on technological vulnerability

Brian Martin's publications

Brian Martin's website

---

Many technological systems are vulnerable to threats such as military attack, sabotage, sudden economic change or social disaffection. There are various ways to reduce such vulnerabilities, such as direct planning, diversification and self-reliance, but current policy-making takes little cognisance of the issue.

Keywords: vulnerability, resilience, risk, policy-making

Australia's highly sophisticated telecommunications network is an open target for saboteurs. When someone chopped through a set of Telecom cables in 1987, it interrupted a large proportion of Sydney's telephone service.

A small number of workers at one of Australia's larger oil refineries, by deciding to go on strike, can threaten the entire economy by interrupting the vital flow of liquid fuel. Much of Australia's petroleum production in the Bass Strait is an open target for small commando or terrorist groups. Again, the entire economy could be affected.

The $160 million Australian Animal Health Laboratory was opened in 1984 in Geelong. Designed at great expense to handle live foot-and-mouth disease virus, the organised opposition of farmers has meant that the laboratory is not being used for its intended purpose.[1]

These are examples of vulnerabilities in contemporary Australian society which are associated with technologies - 'technological vulnerabilities' for short. They are vulnerabilities of crucial systems to a variety of serious but very unlikely threats coming from outside the technological systems themselves.

When technological systems are set up, due attention is usually given to the obvious and routine threats. A factory building will be constructed according to specifications to ensure it is not faulty, routine security measures will be taken to prevent vandalism, and an assessment of markets will be made before producing a new product. By contrast, some other threats are ignored entirely, typically threats which are considered by planners to be unlikely, impossible or too expensive to guard against. The factory building will not be constructed, in Australia at least, to survive a major earthquake or a military attack; nor will market planning for export seriously take into account the possibility of world economic collapse. It is vulnerabilities to such unlikely but serious contingencies that are the focus of our attention here.

What we call technological vulnerability can be distinguished from the related and partially overlapping category of technological risk. In the latter category fall events such as the Chernobyl nuclear power plant meltdown, the Bhopal chemical plant disaster, the Challenger space shuttle failure and the shooting down of the Iranian Airbus. In these accidents the dominant focus is on technological failures most of which are the immediate consequence of internal breakdowns (though having wider social roots) and most of which result in hazards to the public. Some of the literature on risk assessment deals with the processes involved in such events.[2] Attention is usually given to failures in individual units of a wider system, such as accidents in particular power plants rather than the failure of the entire electricity grid.

By contrast with this category of technological risk, our focus on vulnerability is on the major technological systems themselves and the ways in which they may fail or become obsolete due to events in society largely external to the technological system. In short, in technological risk the focus is on hazards to the public from localised technological failures while in technological vulnerability the focus is on failure of extensive technological systems due to outside impacts. Where the study of technological risk may connect with technological vulnerability is in offering certain tools for analysis, such as judging a risk by its probability times its severity.

The study of what we call technological vulnerability has been sparse, unsystematic and driven by events. The area of greatest interest has been energy, triggered by the threats to exports of Middle East oil from 1973 onwards.[3] This has led to examination in oil-importing countries of a variety of strategies, including stockpiling, rationing, indigenous oil production, alternative sources of imports, energy efficiency, and developing non-petroleum energy sources including coal, nuclear and solar power.

Another area of interest has been computers, especially in their role in the systems used to launch a nuclear weapons attack or guard against such an attack. A straight military concern is the vulnerability of command, control and communications systems to enemy action; wider concerns have been expressed about the danger of accidental nuclear war.[4]

Although there is some useful material in specific areas such as energy and computers, the wider issue of technological vulnerability has received surprisingly little attention. In this paper we aim to give a brief overview of the issues. We begin by describing some threats and then describe how the vulnerabilities and resiliences of different technologies arise and interact. We itemise a range of ways to reduce vulnerabilities, and finally suggest some policy implications.

It is not our aim here to argue that resilience to remote threats is an overriding goal in technological policy. It is simply one factor among many that should be taken into account in a careful consideration of options. But at the moment many aspects of vulnerability and resilience are given little attention at all. To change this could provide a bit of insurance, at low cost, against the possibility of catastrophe.

THREATS

The number and variety of possible threats to technological systems is large. Here we note a selection of different threats which illustrate a range of dangers and effects.

• Collapse of markets. A sudden change in overseas circumstances, such as a world economic depression, a trade war or revolutionary change, could lead to a dramatic reduction in export markets. The technological infrastructure developed to serve these markets would thus become obsolete.
• Loss of markets. New trends or inventions can lead to sudden loss of markets. The collapse of the Swiss mechanical watch-making industry in the face of digital watches is an example. Viable synthetic substitutes for wool or beef, into which research is continuing, would see those Australian industries go the way of natural rubber.
• Social disaffection. Massive investments made in certain technologies may be wasted if opposition makes it impossible to use them fully. The opposition to nuclear power in many countries has meant that some highly expensive plants have not been completed or, after completion, not been used. If the Australian government had persisted with its national identity card plan, it is possible that citizen noncooperation would have wrecked the scheme and thus caused the investment in it to be wasted.

The above possibilities could, without causing physical damage, make technological systems obsolete or unworkable. The following threats could destroy or interrupt their functioning.

• Sabotage. Teams of saboteurs or terrorists, or even a few dedicated individuals, could wreak havoc in a range of technological systems.[5] Insiders pose the greatest threat; a single strategically placed individual could, in many industries, bring operations to a halt. The axing of Telecom cables is an example.
• Interruption of imports. A major nuclear war in the northern hemisphere could decimate industrial production in Europe, Japan and North America while leaving Australia physically unscathed.[6] Most imports would cease, leading quickly or eventually to severe problems with many technologies: as breakdowns occurred, replacements or spare parts normally imported would be unavailable or highly expensive. Another scenario with a similar outcome would be a naval blockade of Australian ports.[7]
• Direct military attack. Some major facilities may be targeted because of their strategic or economic value, such as airports, seaports, communications bases, oil refineries, aluminium smelters, dams and power stations. Other facilities would suffer 'collateral damage' from attacks made for other purposes. A major attack, whether nuclear or conventional, on a metropolitan area would probably disable electricity and water distribution systems and most communications systems.
• Electromagnetic pulse. A nuclear weapon exploded high above the atmosphere leads to a pulse of electromagnetic radiation over an area as wide as a continent.[8] The voltage rise induced by the pulse can be ten times as great as for lightning. It is likely that all microcircuits not specially protected would be disrupted - affecting computers, electricity supplies and so forth - and it is possible that such circuits could be permanently damaged.

The likelihood of the above threats is obviously open to debate. While the view of most Australian military experts is that global nuclear war is extremely unlikely,[9] others disagree. For example, there seems to be a variety of assessments of the likelihood of accidental nuclear war.[10] The Swedish and Swiss governments have implemented extensive civil defence programmes on the basis of their continuing strategic eval‎uations, unlike most other countries. The New Zealand Planning Council has carried out an extensive assessment of how nuclear war would affect New Zealand, something which has never been done in Australia.[11] Not surprisingly, there are differences between countries and differences between different groups within any country as to whether certain threats necessitate advanced thought and planning. Our contention is that in many instances technological vulnerability has been neglected because there is no group which has any immediate interest in examining it.

VULNERABILITY AND RESILIENCE

A technological system can be defined as a patterned arrangement of artefacts and humans designed for a purpose. If the purpose is satisfied, the system is said to 'work'. Any sudden change in the external or internal environment - an earthquake, a strike or change in preference by users - poses a threat to the system. If the system is in danger of not working when a particular threat is realised, it is said to be vulnerable to that threat. If instead the system can continue to satisfy its purposes, typically by rapid adaptation, it is said to be resilient in the face of that particular threat.

There are various reasons why a technological system becomes either vulnerable or resilient to a particular threat. First, there may be direct planning to handle certain contingencies. For example, to prevent social disaffection, promoters of a technology may engage in advertising, lobbying, attacking opponents or involving them in decision-making.

Second, the system may have been designed to survive a related threat, and this may provide resilience against the threat in question. For example, electricity supplies for continuous-process manufacturing must not be interrupted. For maintenance purposes, double or triple lines and junction boxes may be provided. This also provides resilience against vandals who strike out randomly at cables, even though vandals may not have been considered in the planning.

Third, the wider configuration of technological-social systems in the society greatly affects vulnerabilities. If all imports were cut off, the capacity of industries to continue production would depend on the capacity of other industries to provide raw materials, spare parts, skilled labour, etc.

Finally, chance often plays a role in providing resilience. It is essentially geological chance that put Australia's major oil fields in the Bass Strait where they are vulnerable to sabotage.

Of these four reasons for vulnerability or resilience, three are reasonably straightforward to analyse: direct planning, planning for related threats, and chance. The other reason, the organisation of technological, economic and social systems, is more complex and interesting. To illustrate the factors involved, we outline some of the interactions between vulnerabilities and resiliences in the three crucial areas of computers, electricity and steel manufacturing, focusing on one particular threat, interruption of imports.

Consider first the production of steel. Australia's steel is largely produced by integrated plants, which depend on a variety of imported materials, including some raw materials, refractories and electronic equipment. Without imports, steel production could only continue if local suppliers or substitutes could be found.

Electricity supplies from state electricity authorities are essential to steel production. Therefore, an analysis of the impact of cessation of imports on the electricity supply industry would be necessary to assess whether or how much steel production could continue.

Computers are becoming increasingly vital to steel production. Reverting to manual methods would be possible at the expense of increased use of labour, but as computerisation continues the difficulty of reversion becomes ever greater. Because computer chips are not manufactured on any scale in Australia, restriction of imports would be followed by gradual loss of computers, cannibalisation of some computers to keep others going, and eventually conversion to noncomputerised methods - unless some local computer manufacturing capability could be built up quickly. Therefore the resilience of the steel industry to interruption of imports depends on Australia's capacity to produce computing equipment.

Working in the other direction, the capacity to produce electricity in Australia without imports would depend on repairing and eventually replacing generating plants, maintaining coal production, or introducing new sources such as wind-powered generating plant. In all cases, the production of steel and other high quality metals would be essential. Thus, the resiliences of the steel and electricity sectors are mutually dependent.

The full picture would need to take into account further sectors, the strength and detailed implications of mutual interactions, the likely time delays involved as non-replaceable imported equipment gradually broke down, issues of skills and availability of labour, possibilities of doing with less steel, electricity and computer power, and other threats occurring at the same time.

While the total assessment of vulnerability and resilience is complex, it is possible with detailed analysis to separate crucial from marginal vulnerabilities and to focus on key areas of concern. In our study of vulnerabilities of the Australian steel industry to military threats, it quickly became apparent that certain imports, such as limestone and electrical equipment, could easily be obtained or produced locally, whereas others, such as iron ore (from Western Australia) and computers (from overseas), would be very hard to obtain should shipping to and around Australia be blockaded or otherwise interrupted.[12]

THE STEEL MINIMILL

The case of the steel minimill epitomises the neglect of issues of vulnerability and resilience in policy-making. This century, the standard method for steelmaking has been the integrated plant. This includes coke ovens for producing coke from coal, blast furnaces (using the coke) for producing iron from iron ore, basic oxygen furnaces (earlier, the open hearth) for producing steel from iron, and a multitude of rolling mills for producing rails, tubes, sheet and other forms from hot steel. The integrated plant requires a large investment, careful physical location for obtaining large quantities of inputs such as coal, iron ore, limestone and water, and a stable market for standard products. The scale of integrated plants is large, typically millions of tonnes of steel per year. In Australia, almost all steel production takes place at three integrated plants at Port Kembla, Newcastle and Whyalla.

In the past couple of decades, economic conditions have provided opportunities for a competing technology, the so-called minimill. The minimill typically uses an electric furnace to make steel directly from scrap, and then with a limited rolling operation fashions products such as rods, bars, wire and tubes. Because its main physical inputs are scrap and electricity, and because its size is usually much smaller (with output perhaps one-tenth of an integrated plant), minimills can be built close to markets, often in the middle of cities. The smaller capital requirements mean that output is more readily adapted to changing market conditions.

In the United States and Europe, minimills have taken a rapidly growing proportion of steel production.[13] Technical advances in electric furnaces and in quality control in small milling operations have made them competitive in terms of material outputs; economic changes, especially a stagnant market for steel and hence lower prices for scrap, plus high interest rates and hence a premium on rapid construction, have made minimill operations economically competitive.

Another major factor, at least in the United States, is the cost of labour. Accommodation to strong trade unions has meant that labour costs in integrated plants are far higher than the average in manufacturing industry. Minimills have typically been located where they can rely on non-unionised labour at far lower wages.[14]

The Australian move towards minimills has been slower than overseas, perhaps because of the dominance of BHP and its heavy investment in integrated plants. Only one minimill has been built, by Smorgons in Melbourne.

BHP's plan to build a minimill in Rooty Hill (western Sydney) has met with a storm of opposition. Rooty Hill residents oppose it because of environmental considerations (and, no doubt, consequent reductions in property values). Wollongong trade unions and council officials say the minimill should be built in Wollongong - where Australia's largest integrated steel plant resides - because of the region's high unemployment rate. Many workers would also see the Rooty Hill location as offering BHP a way to escape the power of the trade unions in Wollongong.

Through this debate, the issue of vulnerability and resilience of steel production has not been raised.[15] A basic feature of the centralised and capital-intensive nature of integrated plants is that they are highly vulnerable to a variety of threats, including military attack, natural disaster and sabotage, not to mention rapid technological change. For example, one study of the effect of 'small' nuclear attacks on the United States showed how few bombs are necessary to destroy a large fraction of production in various areas of industry, of which steel is a crucial one.[16]

The rise of the minimill has made the steel industry much more resilient to such threats. The larger the number of independent plants there are, the less vulnerable is steel production to the failure of a specified few of them. For example, militarily it would be much easier to disable three integrated plants than 30 minimills. Furthermore, since minimills commonly only run two shifts, they would be able to greatly expand output in an emergency. In the type of crises envisaged, scrap would be plentiful due to possible destruction of the built environment, comprehensive recycling and lowered production which would extend existing supplies of scrap. Furthermore, with a proliferation of minimills, there would be greater capacity to provide replacement parts and, if necessary, to cannibalise one plant to keep others going.

In Australia, with its high dependence on three integrated plants, the contribution of minimills to resilience in the face of exceptional but serious threats would be substantial. Yet no constituency has raised the issue of resilience. The federal government and the Defence Department do not enter this facet of technology and economic policy, since it appears to be largely an issue for private companies and local government planning. In the case of the proposed Rooty Hill plant, citizen groups and trade unions are more concerned about the immediate issues of environment and jobs than the apparently remote issue of vulnerability. The net result of this policy neglect is that the vulnerabilities and resiliences of the steel industry are largely unplanned consequences of decisions made for other reasons.

RESPONSES

There is a range of ways to increase the resilience of technological systems to major potential threats. Here we list and briefly comment on some of these ways before turning to their policy implications.

• Direct planning. This is the most obvious and one of the most neglected ways to increase resilience. For example, the serious possibility of nuclear attack as well as major attack using conventional weapons has existed for decades. Yet only a few governments have instituted more than token programmes of civil defence. Although the cost of such programmes is substantial, a society-wide cost-benefit analysis, even with an extremely low estimated risk of attack, could well suggest that civil defence is a sensible insurance policy.
• Decentralisation. Centralised, large-scale facilities are vulnerable to a number of threats, especially military attack, sabotage and natural disaster. The Japanese electricity supply system during World War Two was largely based on small-scale hydro plants and therefore virtually impossible to destroy by bombing.[17]
• Diversification. Having a variety of ways to accomplish the same purpose is one of the most effective ways to increase resilience. An energy system having some fossil fuels, some hydro, some biofuels, and some solar and wind-generated heat and power is resilient to most threats that might put any single system out of action. A long drought could threaten hydro supplies or a Middle-East war might interrupt oil imports, but the diversity would provide a cushion against the worst effects that would result from dependence on a single source.
• Self-reliance. As distinct from self-sufficiency, self-reliance implies being able to get by with one's own resources if necessary.[18] It would mean using imports, outside experts and assistance to some degree, but not becoming entirely dependent on them. For example, rather than using imported goods whenever they are cheaper, an attempt would be made to rely on local production in areas where this would foster skills and facilities that otherwise would be lost or not exist.
• Flexible skills. Development of specialised skills to produce products for narrow market niches may fail to provide the general skills which would become essential in a crisis situation. For example, manufacture of specialised chips in Australia is a poor way to provide either the technological infrastructure or the skilled labour to produce a basic computer should imports be permanently interrupted.
• 'Simpler' systems. Technological systems which are easier to construct, easy to repair and available for nearly anyone to use are generally more resilient to a variety of threats. For example, bicycles as a form of transport are less susceptible to interruptions of oil or steel. A food supply that includes a sizable component of local organic gardening is less susceptible to disruption than large remote monocultures dependent on pesticides and fertilisers. The criteria for 'simple' technological systems are not fixed, but depend on the technological and social infrastructure, including skills and availability of basic tools.
• Participation in planning. If many members of the public are genuinely involved in the process of technological choice, it is more likely that the technologies which are introduced will be those which are generally accepted. Furthermore, involvement by a range of interest groups makes it less likely that particular threats will be overlooked. If the promoters of the Australian Animal Health Laboratory had involved farmers in the decision-making process from an early stage, the massive problems encountered later might well have been avoided, either by reaching a different decision or by the farmers deciding to accept the laboratory.

These possible responses to the problems of technological vulnerability do not have a single common theme. Direct planning can be a narrow and specific type of preparation, whereas most of the other responses aim at a more general resilience. Some responses can be based on increasing the capacity to build and maintain sophisticated technologies; for example, increasing the capacity to build advanced computing facilities is quite compatible with the responses of self-reliance and flexible skills. On the other hand, some of the responses, such as 'simpler' systems and decentralisation, are more in tune with the principles of 'appropriate' or 'alternative' technology. Many of the approaches can be considered to be alternatives to large-scale, capital-intensive and often potentially dangerous technologies which become 'entrenched' both as physical artefacts and organisational arrangements, and which are vulnerable to a variety of threats due to their extreme inflexibility.[19]

While in the literature of technological risk there is well warranted attention to technological design and the social factors associated with it, the category of technological vulnerability points towards responses of 'social design', namely different ways of organising society and the technological systems embedded in it.

POLICY IMPLICATIONS

The vulnerability of technologies to major but unlikely threats is not a popular topic of analysis and action for policy-makers. Those who are promoting new technologies have little to gain by pointing out vulnerabilities, since this may seem to encourage or aid opposition. For example, the proponents of nuclear power have seldom mentioned its vulnerability to military attack, though such attack would be quite likely in the event of war.[20]

In many ways, an explicit concern about vulnerability constitutes a challenge to prevailing trends in technological choice. As the world market becomes more integrated, the self-reliance of national and local economies is reduced. The proposed world car, for example, with different parts produced in different countries, lowers the local economic resilience of any one of the participants. Electrification and computerisation proceed unabated, making societies more vulnerable to disruption of central electricity supplies and key computer part suppliers.

The market does not promote resilience in any regular or efficient way. It does promote certain types of resilience, such as the shift towards flexible specialisation, which some see as a result of increasing 'turbulence' in the economic system. But there is no preparation for certain extraordinary threats, such as the electromagnetic pulse. The process of social disaffection is another 'problem' not dealt with by the market, since by its nature disaffection is expressed through political channels rather than, or as well as, economic ones.

In Australia, the current encouragement of export industries aimed at market niches is a prescription for high vulnerability. Any highly specific industry is less able to respond to suddenly changed conditions and requirements. Specifically, aiming mainly at exports means that self-reliance is reduced. Essentially, the market niche approach is a high risk strategy aimed at reaping high profits. The other side of the coin, the chance of massive loss, is less often examined.

The process of 'rationalisation' in production also tends to eliminate the insurance value inherent in old systems. For example, as the steel industry scraps the less efficient technology of the open hearth, its capacity to respond to disruption in the newer facilities is reduced.

The issues of vulnerability and resilience in technological systems are not of overarching importance, but neither should they be totally overlooked; rather, they should become a consideration in policy-making. Specifically, approaches which enhance diversity, decentralisation and self-reliance deserve greater attention and perhaps some degree of subsidy. One way to promote this is by involving a wider range of groups in decision-making. This not only reduces the risk of 'social disaffection' but also means that vulnerability issues are less likely to be overlooked, since diverse groups are less likely to coalesce unquestioningly around a single analysis and policy.[21]

NOTES AND REFERENCES

1. Pam Scott, 'Dealing with dissent: on the treatment of opposition to the Australian Animal Health Laboratory and the importation of live foot-and-mouth disease virus', Search, 19, 1, January/February 1988, pp. 6-9.

2. Charles Perrow, Normal Accidents, Basic Books, New York, 1984.

3. Wilson Clark and Jake Page, Energy, Vulnerability, and War: Alternatives for America, Norton, New York, 1981; Amory B. Lovins and L. Hunter Lovins, Brittle Power: Energy Strategy for National Security, Brick House, Boston, 1982; and James L. Plummer (ed.), Energy Vulnerability, Ballinger, Cambridge, Massachusetts, 1982.

4. Alan Borning, 'Computer system reliability and nuclear war,' Communications of the ACM, 30, 2, February 1987, pp. 112-131; Lance J. Hoffman and Lucy M. Moran, 'Societal vulnerability to computer system failures,' Computers and Security, 5, 1986, pp. 211-217; and Perry R. Morrison, 'An absence of malice: computers and Armageddon', Prometheus, 2, 2, 1984, pp. 190-200.

5. Richard Charles Clark, Technological Terrorism, Devin-Adair, Old Greenwich, Connecticut, 1980.

6. A. Barrie Pittock, Beyond Darkness: Nuclear Winter in Australia and New Zealand, Sun, Melbourne, 1987.

7. W.S.G. Bateman, Australia's Overseas Trade: Strategic Considerations, Strategic and Defence Studies Centre, Australian National University, Canberra, 1984.

8. Manuel Wik et al., 'URSI factual statement on nuclear electromagnetic pulse (EMP) and associated effects', International Union of Radio Science Information Bulletin, 232, March 1985, pp. 4-12.

9. Paul Dibb, Review of Australia's Defence Capabilities: Report to the Minister of Defence, Australian Government Publishing Service, Canberra, 1986.

10. Paul Smoker and Morris Bradley (eds), Current Research on Peace and Violence, 11, 1-2, 1988, pp 1-79.

11. Wren Green, Tony Cairns and Judith Wright, New Zealand After Nuclear War, New Zealand Planning Council, Wellington, 1987.

12. Colin Kearton and Brian Martin, 'The vulnerability of steel production to military threats', Materials and Society, forthcoming [Vol. 14, No. 1, 1990, pp. 11-44].

13. Donald F. Barnett and Robert W. Crandell, Up from the Ashes: The Rise of the Steel Minimill in the United States, Brookings Institution, Washington DC, 1986; and R.D. Walker (ed.), Small Scale Steelmaking, Applied Science Publishers, London, 1983.

14. Walter H. Goldberg (ed.), Ailing Steel: The Transoceanic Quarrel, St. Martin's Press, New York, 1986, p. 464.

15. John Woodward, Chairman, Commissioners of Inquiry for Environment and Planning, BHP Steel International Group Rod and Bar Products Division Proposed Steel Mill, Rooty Hill, Report to the Honourable David Hay, Minister for Local Government and Minister for Planning, Sydney, May 1988.

16. M. Anjali Sastry, Joseph J. Romm and Kosta Tsipis, Nuclear Crash: The US Economy After Small Nuclear Attacks, Report #17, Program in Science and Technology for International Security, Massachusetts Institute of Technology, Cambridge, Massachusetts, June 1987.

17. Lovins and Lovins, op. cit.

18. Johan Galtung, Peter O'Brien and Roy Preiswerk (eds), Self-reliance: A Strategy for Development, Bogle-L'Ouverture, London, 1980.

19. David Collingridge, Technology in the Policy Process: Controlling Nuclear Power, Frances Pinter, London, 1983.

20. Bennett Ramberg, Destruction of Nuclear Energy Facilities in War: The Problem and its Implications, Lexington Books, Lexington, Massachusetts, 1980.

21. Irving L. Janis, Groupthink: Psychological Studies of Policy Decisions and Fiascos, Houghton Mifflin, Boston, 1983.

http://www.bmartin.cc/pubs/89prometheus.html

Technological vulnerability

Published in Technology in Society, Vol. 12, No. 4, 1996, pp. 511-523

Brian Martin

---

Go to

Brian Martin's publications on technological vulnerability

Brian Martin's publications

Brian Martin's website

---

Dr Brian Martin is the author of numerous books and articles on scientific controversies, politics of technology, nonviolent defense, information and society, suppression of dissent, and other topics. His most recent books are Social Defence, Social Change (1993) and Confronting the Experts (editor, 1996). He is senior lecturer in the Department of Science and Technology Studies, University of Wollongong, NSW 2522, Australia; email brian_martin@uow.edu.au.

Acknowledgment: Stewart Russell provided helpful comments.

ABSTRACT. Technological vulnerability refers to the chance that a technological system may fail due to outside impacts. The usual approaches to studying technological risk are not so useful for studying vulnerabilities of major systems such as energy, communication, or defense. Analyzing the relation of interest groups to vulnerabilities can be illuminating. In some cases groups have interests in maintaining practices that cause vulnerabilities, while in other cases groups have interests in maintaining vulnerabilities themselves. These latter cases are especially difficult to deal with since they challenge prevailing belief systems.

 

Introduction

Every new technology seems to bring with it some new vulnerability for its users, a vulnerability to accident, disease, environmental degradation, or social disruption. With the automobile came traffic accidents. With electric appliances came exposure to electromagnetic fields. With the burning of fossil fuels came the greenhouse effect. With nuclear weapons came the possibility of megadeath.

The usual approach to these issues is through the concept of risk, which deals with the chance that specified adverse effects may occur due to operation or breakdown of the technology.[1] Risk is a useful concept especially when events are well specified and can be quantified, as in the cases of the collapse of a bridge or loss of power in an electricity grid. But for other purposes, the concept of vulnerability can be more illuminating.

To take an example, industrialized societies are becoming ever more dependent on computers and hence highly vulnerable to disruption of computer-based services. Intentional sabotaging of vital computer programs in telephone systems, banks or factories could bring much commerce to a halt. More dramatically, a nuclear explosion high in the atmosphere would produce a continent-wide pulse of electromagnetic energy that could disrupt all sorts of microcircuits temporarily or even permanently.[2] New infectious diseases could arise and spread rapidly due to urbanization, poverty, new patterns of sexual activity and other changes creating an ecology favorable to certain microbes.[3] These sorts of contingencies, in which the possible consequences are enormous but the chance of an occurrence is difficult to determine because the cause is due primarily to social processes outside the system under threat, are usefully approached using the idea of vulnerability.

In the next section, I give a more precise definition of technological vulnerability. Then I turn to frameworks for classifying technological vulnerabilities, presenting a framework that distinguishes between vulnerable systems according to whether there are groups with an interest in perpetuating the vulnerabilities themselves. The focus is on large-scale vulnerabilities to which there has been relatively little attention.[4]

 

The nature of technological vulnerability

To define technological vulnerability it is helpful to draw on systems theory and distinguish between a technological system and its environment.[5] The technological system might be, for example, a clothing factory or water supply system. The system includes artefacts (e.g., cloth and sewing machines; dams and pipes), relevant humans (factory workers; civil engineers) and associated skills and routines.[6] The "environment" is everything outside the technological system, and can include things like financial markets and earthquakes.

To achieve its intended purposes, a technological system requires certain inputs (raw materials, replacement workers, education, etc.) and produces certain outputs (finished clothing; water for consumers). The system's vulnerability can be defined as the chance that a specified change in the environment leads to disruption of the usual purposes of the system. For example, the threat to the clothing factory might be competition from imports, a strike by workers or a flood. The threat to the water supply system might be sabotage or a drought.

A technological system can be said to be resilient in the face of a particular threat if it is capable of maintaining its purposes when the threat is realized.[7] For example, the clothing factory will be more resilient in the face of a strike if there are other workers available with the skills required to keep production going. The water supply system will be more resilient against destruction of a dam if no single dam provides a large percentage of water for the system.

To quantify vulnerability and resilience, it would be necessary to provide much more detailed specifications of various components in these definitions, including the distinction between the technological system and its environment, the nature of the threat and what is meant by the system "maintaining its purposes." Such precision is not necessary for the purposes here, which is to highlight significant features of technological vulnerability.

With the above definition, the distinction between technological risk and vulnerability becomes clearer. Technological risk usually refers to the danger to the public from technological systems, whether due to breakdowns or normal operations.[8] Examples are aircraft crashes and emissions from microwave ovens. Technological vulnerability, by contrast, refers to the chance of failure of an entire technological system due to outside events. Nevertheless, there is a close connection between the concepts of risk and vulnerability. Among other things, a system collapse resulting from exploitation of a vulnerability typically leads to the sorts of consequences analyzed in studies of risks.

 

Classification of technological vulnerabilities

There are quite a few ways to classify vulnerabilities, each of which is useful for some purposes but limited for others. Here I give a brief overview of a number of common frameworks before introducing yet another one.

It is commonplace to discuss risks and vulnerabilities according to the type of technology involved. For example, chemical plants are vulnerable to malfunction as in the cases of Seveso and Bhopal. Nuclear power plants are subject to core meltdowns, terrorist attack and military attack, among other things. In recent years there has been considerable attention to vulnerabilities of computer systems.[9] Focussing on a type of technology has the obvious advantage of grouping systems with certain similar features. The complexities of large computer programs mean that certain types of failures are common wherever such programs are used.[10] On the other hand, focusing on a type of technology artificially divides common areas, such as energy systems including hydro, fossil fuel and nuclear components, where different types of technology combine to serve a single purpose.

Another approach is to divide vulnerabilities according to scale, namely the "size" of the disaster that might occur. When a software glitch in a radiotherapy machine causes a lethal overdose of radiation to a patient, a single person or at most a sequence of patients is affected. In an aircraft crash, a large number of passengers and crew can die. Then there are global processes such as reduction in stratospheric ozone due to emissions of chlorofluorocarbons and other chemicals, leading to an increase in skin cancer in many parts of the world, among other effects. In some cases, the scale of a vulnerability is not clear-cut. Automobile accidents seldom kill more than a few people at a time, yet in total such accidents leave many tens of thousands of people dead each year, which can be attributed to the technological system of car-based travel. The scale of consequences is an obvious way to classify vulnerabilities but it is not so clear what insights this provides.

Another framework commonly used refers to the type of problem involved in causing a technological breakdown, such as human error, mechanical failure, shortcoming in system design or excessive complexity.[11] This sort of analysis can be very useful in focussing on areas where changes can be made to reduce the risks of a breakdown.

These different frameworks each have their advantages when dealing with technological risk, but they are of limited value for elucidating technological vulnerability. As noted above, vulnerability is defined in relation to a particular threat. In the classification schemes based on type of technology, scale or type of problem, the threat varies from case to case. Indeed, classifying vulnerabilities by type of problem is really, in a sense, classifying them according to different threats. None of these classification schemes really says much about the nature of system breakdown, especially when the system is large scale such as the food system or health system.

Because vulnerabilities are defined in relation to particular threats, it might seem that the only way forward is to look at particular cases. For example, in looking at the vulnerability of the entire system of road transport against breakdown, one might investigate threats due to a blockade of oil imports, terrorist attacks on petroleum refineries, or global economic collapse. In each of these examples, the basic problem is a shortage of reasonably priced fuel for vehicles.

A general method of analyzing technological vulnerabilities is as follows. First, write down every conceivable threat to the operation of the system in question. For each threat, write down the possible consequences. Next, write down possible responses to prevent or reduce the effect of each of the consequences. An example would be to look at the vulnerability of a country's computer networks to attack. Threats would include widespread sabotage, military takeover, and nuclear electromagnetic pulse. Consequences would include disabling of software, central political control, and physical destruction. Responses would include tighter security, unbreakable encryption and shielding against EMP. A much more detailed analysis has been made of the vulnerability of steel production to military threats.[12]

Although an analysis of vulnerabilities requires looking at specific threats, making generalizations would seem to be difficult. There are various ways around this obstacle. The approach adopted here is to look at interest groups and vulnerabilities to see whether there are interests in maintaining the vulnerabilities. This allows generalizations since the key question is whether there is a feedback loop between the vulnerability and its cause.

 

Interests and vulnerability

The concept of "interest" is used to indicate that an individual or group has something to gain from a course of action, policy or practice.[13] For example, a scientist has an interest in being an author of a paper reporting a discovery; a pharmaceutical company has an interest in a patented drug; a government has an interest in the perceived legitimacy of taxation. When interests are institutionalized through law or custom, they are commonly referred to as vested interests.

My concern here is with vulnerabilities that are perpetuated because of strong interests not just in practices causing the vulnerabilities but in the existence of vulnerabilities themselves. Some examples will help explain this phenomenon.

Consider the impact of chlorofluorocarbons on stratospheric ozone, setting aside other human processes that affect ozone.[14] Companies that produce aerosol sprays, refrigerants and the like have an interest in continuing production, sales and profits from these chemicals, but they certainly have no interest in the vulnerability of stratospheric ozone to chemical depletion. If this vulnerability did not exist, their corporate existence would be much more secure. The vulnerability of ozone to chlorofluorocarbons then is a case where there are no obvious interests in the vulnerability itself, though clearly there are corporate interests in activities that cause a hazard, "exploiting" the vulnerability.

Of course there might be some groups with an interest in the existence of this vulnerability of stratospheric ozone. Perhaps some environmental groups might be upset if the chlorofluorocarbon-ozone link were disproved, though it seems more likely that they would simply move on to other issues. Perhaps some manufacturers of sun-screens have an interest in worries about ozone depletion, which they can use to promote their products, though presumably other advertizing angles could easily be found. The upshot is that it may be possible to unearth some individuals or groups with an interest in this particular vulnerability, but that the main relevant group -- the chlorofluorocarbon industry -- has no interest in it.

Most examples are like this: there are interests whose activities cause hazards, but these interests do not benefit from the existence of the hazard. In other words, there are no institutionalized interests in vulnerability itself. Producers and users of fossil fuels have an interest in practices that contribute to the greenhouse effect, but they have no obvious interest in the vulnerability of the earth's climate to human inputs of carbon dioxide and other chemicals. Manufacturers of motor vehicles have an interest in continuing use of these vehicles that happens to lead to tens of thousands of deaths on the road each year, yet these manufacturers have no interest in the vulnerability of road transport to accidents. Indeed, they have made considerable investments in methods of reducing accidents and their consequences, though not as many efforts as critics would like.[15] The same sort of analysis applies to innumerable risks and vulnerabilities more local in scale. Producers of microwave ovens have an interest in maintaining sales of a technology that poses a certain risk to health, but have no interest in the vulnerability of the human body to exposure to microwave radiation.

There are, though, a few cases in which it can be argued that there are strong interests in maintaining certain types of vulnerabilities. These cases are inherently contentious, since few groups ever admit -- to themselves or anyone else -- that they foster vulnerabilities, especially when their rationale is to overcome these very vulnerabilities. Let me start then with an example -- terrorism -- that conforms to common viewpoints before turning to more significant ones that challenge conventional wisdom.

Terrorism can be defined as the use of threats or attacks on a population to cause fear and obtain compliance with demands. Non-state terrorists[16] often exploit technological vulnerabilities, such as the vulnerability of an aircraft, passengers and crew to a bomb or a few armed individuals. These terrorists have an interest in maintaining this vulnerability. But they have little say in the perpetuation of the vulnerability, since they do not control aircraft manufacture, choice of transport mode, etc. Thus while terrorists have an interest in technological vulnerability, they have little control over the existence of the vulnerability itself.

For a more comprehensive and challenging example, consider the system of liquid-fuel-based road transport, including cars, trucks, roads, oil companies, automobile manufacturers, and government transport departments, among others. This technological system is highly vulnerable to a shortage or cut-off of oil, which might be caused by sabotage of petroleum refineries, strikes by oil company workers, a blockade of oil imports or war in oil-producing regions.[17]

There are various ways to reduce this vulnerability or, in other words, to increase the resilience of the transport system in the face of a cut-off of oil supplies. Possibilities include stockpiling fuel, developing diversified sources of supply, preparing rationing systems, and promoting fuel efficiency. These provide some cushion against emergencies but do not remove the underlying vulnerability.

Another approach is to move towards a transport system that relies far less on liquid fuel. This could include dramatically improved public transport, telecommuting, and redesign of cities so that most trips can conveniently be made by walking or cycling. Such an alternative has often been advocated and a number of cities have made moves in this direction,[18] but the vulnerability remains a significant one. Why?

The interests behind a transport system based on oil are enormous: oil companies, car manufacturers, road-building industries and government roads departments, among many others. This is one of the most powerful industrial-bureaucratic complexes in the world.[19] Parts of this complex have an interest in selling oil products, selling cars, building roads, and so forth. Can it also be said that they have an interest in the vulnerability of a transport system to shortages of liquid fuel?

The case for this is especially strong in the United States, which has massive oil reserves of its own. Nevertheless, U.S. production is not enough to serve the country's huge consumption of cheap oil and there is massive importation of oil, especially from Gulf states. Even very moderate conservation measures, such as switching to smaller and more efficient vehicles like those commonly in use in Europe and Japan, would eliminate the need for oil imports to the United States, eliminating its dependence and hence one vulnerability. But this path has not been adopted. Instead, national policy has centered on maintaining access to cheap overseas oil. This has meant putting pressure on foreign governments, occasionally conspiring to overthrow them and going to war.[20] A very risky and interventionist foreign policy has been adopted which would be quite unnecessary if some simple conservation measures were adopted.[21]

There are various ways to understand this promotion of energy vulnerability. One is to argue that U.S.-based oil companies seek to maximise their share of the world market by controlling foreign oil fields, and have directly or indirectly shaped the U.S. policy-making agenda to serve their interests in this respect.[22] It is also possible to delve more deeply and to argue that both corporations and states prefer energy options that make consumers dependent on their services. Reserves of liquid fuels are very unevenly distributed over the globe and this means that small groups can easily take control over them; they have an interest in making others dependent on these fuels. By contrast, solar energy is relatively evenly distributed and much harder to monopolize, hence the much lower interest by corporations.[23] A similar set of arguments applies to governments. Raising revenue is much more straightforward when the population is dependent for survival on commodities that are controlled by government or large corporations.[24] The liquid-fuel-based transport system is ideal for collecting taxes on fuel, vehicles, etc. The prospects for taxation on travel when town planning allows people to walk to work are much less.

A little reflection reveals that these arguments apply to centralized energy sources of all kinds. For example, in the production of electricity, large hydroelectric plants, nuclear power, and large fossil-fuel plants are all vulnerable to terrorism, sabotage and military attack in a way that microhydro, passive solar design and local solar and wind electricity systems are not. Arguably, there is more involved here than simply efficiency considerations. In early 1950s, the U.S. Paley Commission recommended increased use of solar energy, but instead major investments were poured into nuclear power.[25] This sort of choice can be analyzed at several levels. For organizations administering technological systems for large populations -- energy or water boards, for example -- it is "easier" to deploy experts, raise funds and mobilize political support for large-scale projects than to foster a process of small-scale change. A new dam is built rather than fix leaky faucets throughout the city; a new power plant is built rather than install energy-efficient heaters and air conditioners.[26] To say that building new centralized capacity is an "easier" option hides a key factor: this approach makes necessary the central administering organization itself. Associated with this, it requires the attention of experts, including financial managers, engineers, and police (the latter to protect against attacks on vulnerable systems). More generally, centralized energy production is congruent with the centralized administrative apparatuses associated with the state.[27]

I have devoted considerable attention to features of centralized energy systems, presenting the argument that certain groups have an interest in vulnerabilities of these systems, namely those vulnerabilities that are linked to the population's dependence on centralized provision of energy. Much more could be said about this issue without necessarily resolving it. My point is that there is a case that some powerful groups may have an interest in maintaining technological vulnerabilities. The following examples are outlined even more briefly.

Among the salient vulnerabilities of every society today is vulnerability to military attack. This includes attacks by a country's own military on indigenous populations, civil war, invasion, and the consequences of global nuclear war. Many of these threats are created or perpetuated at least in part by the very institutions designed to oppose them. The most familiar is nuclear deterrence: nuclear weapons pose a threat to other countries, justifying acquisition of nuclear forces by other governments, thereby justifying the need for nuclear weapons in the first place. But the phenomenon of military races applies much more widely, of course.

Looking more deeply, the very possession of armed forces has been described as a "protection racket."[28] The military must be funded, typically requiring a sizable slice of the government budget. Those who refuse to pay their taxes are compelled to by the police power of the state, ultimately backed up by the military. In many countries, militaries are irrelevant or inadequate for defense against outside attack. Their main purpose is to prop up the ruling regime, sometimes with murderous consequences.

This view of the military is of course completely at variance with the usual idea of "defense." Interest groups linked to the military naturally foster a belief system -- in which they themselves believe implicitly -- that sees military forces as essential to protect against both enemy troops and internal subversives. It is well known that militaries are prone to exaggerate the threat from potential enemies. From their point of view it is best to be prepared for the worst contingencies; others perceive a self-serving element. Whatever the motivation, militaries by their existence serve to create vulnerabilities to military attack.

Military-induced vulnerabilities are increasingly technological. Vast investments are made in research, development and production of ever more sophisticated weapons systems.[29] Many of these weapons, especially the potentially offensive ones such as bombers and missiles, create greater vulnerability, since the ability to attack is seen as a deterrent.[30] The nuclear arms race is the ultimate in self-justifying technological vulnerability.

Alternatives to militaries have received little attention, certainly far less than alternatives to centralized energy supplies. One possibility is nonviolent defense based on civilian action using techniques such as strikes, boycotts, sit-ins and noncooperation.[31] The case for such an alternative cannot be canvassed here; suffice it to say that on the basis of many studies and actual uses of nonviolent action it seems worthy of attention but has received very little, least of all in terms of developing technology for nonviolent struggle. One plausible reason for this is the strong interests behind maintaining military systems and their associated vulnerabilities.

Another example where there seem to be significant interests in maintaining vulnerabilities involves the complex issue of cash crops in the Third World. When farmers grow food that they can eat themselves or sell locally, this provides communities some degree of resilience against the vagaries of international markets. To increase export income, many Third World governments have promoted production of crops for export, such as coffee, tea or bananas. This can increase incomes, at least of some farmers, but at the expense of increased vulnerabilities. A political factor becomes prominent here. Many Third World countries are run by repressive rulers, either military dictatorships or figurehead democracies. These regimes are maintained by force, not least against any challenge to prevailing economic inequalities. It is easier to maintain repressive rule when the population is not self-reliant.[32] Producing cash crops makes it harder for popular opposition movements to build support. This process is fostered by the so-called structural adjustment programs commonly imposed by the World Bank and International Monetary Fund as a condition for providing finance. Technology enters this complex process through the dependence of cash crops on pesticides, artificial fertilizers and genetically engineered seeds.

The Third World agriculture package fosters vulnerability of farmers to both repression and interruption of technological inputs through the interlinked interests of international financial systems and repressive rulers. Without exports of cash crops, rulers cannot pay for imports of goods from the first world, including military and police technology used to maintain their rule.

Illegal drugs provide another case where it can be argued that there are interests in maintaining vulnerabilities. The issue of whether specific drugs should be legal or illegal -- with various shades of grey in terms of types and degrees of regulation -- is highly contentious on its own, not to mention the argument here that certain groups have interests in maintaining vulnerability to drug-related hazards. Nevertheless, let me present the argument. A number of researchers have argued that society would be better off if certain drugs, now illegal, were decriminalized or legalized.[33] The paradigm case is marijuana.[34] A complex of interests maintains the current legal regime, including politicians who campaign on drug scares and some enforcement agencies. More diffuse is the interest of a broad cross-section of the population in the stigmatizing of users of currently illegal drugs. Because of highly selective enforcement of drug laws, it is primarily the poor, unemployed and minority groups that are arrested and jailed for drug use or sales. The enormous and continually growing prison population in the United States is partly attributable to a prison-industrial complex that owes much to drug policies.[35]

Many of the health hazards of illegal drugs are due to their illegality. Legal drugs are obtainable in reliable and unadulterated doses; quality control of illegal drugs is difficult. Many middle-class doctors maintain opioid habits for years with no physical or legal problems; street users are likely to suffer overdoses and arrests. Crime associated with illegal drugs is aggravated by enforcement policies: police seizures of drugs drive up prices, leading to greater involvement by criminals willing to take greater risks.

To be sure, there is a counterargument to be made about the greater hazards from legalization of currently illegal drugs. The point here is that it can be argued that certain drug-related vulnerabilities -- the vulnerability of individual drug users to impure drugs and to arrest and the vulnerability of society to drug-related criminal activity -- persist because it is in the interest of certain groups to maintain these vulnerabilities.

As mentioned at the outset, it is difficult to provide convincing examples of vulnerabilities that are perpetuated by vested interests, because of entrenched belief systems that these very interests are necessary to protect against the vulnerabilities. Centralized energy sources seem to be required to provide the reliability in energy supplies that people have come to expect; military forces seem to be required to protect against military attack; cash cropping seems to be necessary to provide income for survival and prosperity; laws against drugs seem to be necessary to prevent even greater hazards from uncontrolled drug use. At one level, these beliefs are correct. The vulnerabilities associated with these systems have grown along with the systems themselves and cannot be banished by any quick fix. It is tempting to call these vulnerabilities "self-reproducing" in that sociotechnical systems help create the demand for their own existence. Since this terminology might suggest that this process is autonomous, perhaps a better description is the clumsy "interest-reproducing vulnerabilities."

 

Conclusion

There is far more attention given to technological risk, namely the consequences of the failure of technological systems, especially hazards to the public, than to technological vulnerability, which focuses more on how a technological system may fail due to outside impacts. The most interesting, important, and challenging vulnerabilities are ones associated with large-scale systems such as energy, agriculture, and economics. How should such vulnerabilities be studied? Typical approaches divide risks and vulnerabilities according to the type of technology, the scale of the hazard or the modes of failure. Each of these approaches has advantages, but none provides much insight into the persistence of significant vulnerabilities of large-scale systems.

Analysis of interests provides a useful method of analysis. In a first category of cases, no major group is linked to the vulnerability. In such cases, a rational examination of the issues and responses faces fewest obstacles, though action may be stymied by disputes over what, if any, preventive measures should be taken and who will pay for them.

In a second category of cases, vulnerabilities are associated with the activities of powerful interests but the dangers do not serve these interests. In such cases, such as factory hazards and the greenhouse effect, agreement on the value of reducing the vulnerability is relatively easy; disagreement occurs over the trade-off between the costs and benefits of hazard reduction, whether this is installation of safety equipment in factories or reducing use of fossil fuels. The path for hazard reduction is clear: the debate is over how far down it to travel.

In a third category of cases it can be argued that powerful groups have an interest not just in maintaining practices that lead to a danger but in maintaining vulnerability itself. For example, militaries justify their existence by the need to protect against threats that are partly provoked by their existence in the first place. This sort of analysis is inherently contentious since no interest group is likely to welcome a conclusion that it is responsible for maintaining a vulnerability that it is supposedly there to overcome or limit.

Analyzing the role of interests in vulnerabilities carries with it the implicit suggestion that overcoming these vulnerabilities requires a challenge to the interests; rational persuasion is unlikely to be successful on its own. Even when there is no interest in a vulnerability, the interests involved can be incredibly powerful, as in the case of fossil fuel producers and users in the case of the greenhouse effect. Yet there is an extra dimension to the task facing those who wish to tackle vulnerabilities in which interests have a stake, such as military vulnerabilities. This extra dimension is the deep-seated beliefs in systems that create the need for their services.[36] This extra dimension also makes the task in this paper of presenting a case that such vulnerabilities exist a challenging one.

Notes

1. See, for example, Susan L. Cutter, Living with Risk: The Geography of Technological Hazards (London: Edward Arnold, 1993); Theodore S. Glickman and Michael Gough (eds.), Readings in Risk (Washington, D.C.: Resources for the Future, 1990); William W. Lowrance, Of Acceptable Risk: Science and the Determination of Safety (Los Altos, CA: William Kaufmann, 1976).

2. Manuel Wik et al., "URSI Factual Statement on Nuclear Electromagnetic Pulse (EMP) and Associated Effects," International Union of Radio Science Information Bulletin, Vol. 232 (March 1985), pp. 4-12.

3. Laurie Garrett, The Coming Plague: Newly Emerging Diseases in a World Out of Balance (New York: Farrar, Straus and Giroux, 1994). It is conceivable that new diseases may arise due to medical procedures. See, for example, B. F. Elswood and R. B. Stricker, "Polio Vaccines and the Origin of AIDS," Medical Hypotheses, Vol. 42 (1994), pp. 347-354.

4. Colin Kearton and Brian Martin, "Technological Vulnerability: A Neglected Area in Policy-Making," Prometheus, Vol. 7 (June 1989), pp. 49-60.

5. F. E. Emery (ed.), Systems Thinking (Harmondsworth: Penguin, 1981).

6. I take it as a given that "technology" includes both technical and social aspects. A "technological system" could also be called a "sociotechnical ensemble."

7. Depending on the threat, flexible systems -- see David Collingridge, The Social Control of Technology (London: Frances Pinter, 1980) -- are more likely to be resilient.

8. Accidents can be considered to be a normal part of the operation of any system, as argued by Charles Perrow, Normal Accidents (New York: Basic Books, 1984).

9. Jacques Berleur, Colin Beardon and Romain Laufer (eds.), Facing the Challenge of Risk and Vulnerability in an Information Society (Amsterdam: North-Holland, 1993); Peter G. Neumann, Computer-Related Risks (New York: ACM Press, 1995).

10. Bev Littlewood and Lorenzo Stringini, "The Risks of Software," Scientific American, Vol. 267 (November 1992), pp. 38-43.

11. See Perrow, op. cit.

12. Colin Kearton and Brian Martin, "The Vulnerability of Steel Production to Military Threats," Materials and Society, Vol. 14, no. 1 (1990), pp. 11-44.

13. See, for example, Barry Barnes, Interests and the Growth of Knowledge (London: Routledge and Kegan Paul, 1977).

14. A nice treatment of the interaction of interests and knowledge in the ozone debate is given by Lydia Dotto and Harold Schiff, The Ozone War (Garden City, NY: Doubleday, 1978).

15. See, for example, Alan Irwin, Risk and the Control of Technology: Public Policies for Road Safety in Britain and the United States (Manchester: Manchester University Press, 1985).

16. Contrary to popular opinion, most terrorism is carried out or sponsored by major governments, not the small groups or renegade regimes that are the focus of most attention. See Edward S. Herman, The Real Terror Network: Terrorism in Fact and Fiction (Boston: South End Press, 1982).

17. Walter Carsnaes, Energy Vulnerability and National Security: The Energy Crises, Domestic Policy Responses and the Logic of Swedish Neutrality (London: Pinter, 1988); Wilson Clark and Jake Page, Energy, Vulnerability, and War: Alternatives for America (New York: Norton, 1981); Amory B. Lovins and L. Hunter Lovins, Brittle Power: Energy Strategy for National Security (Boston: Brick House, 1982); James L. Plummer (ed.), Energy Vulnerability (Cambridge, MA: Ballinger, 1982).

18. Terrence Bendixson, Instead of Cars (London: Maurice Temple Smith, 1974); Colin Ward, Freedom to Go: After the Motor Age (London: Freedom Press, 1991).

19. James J. Flink, The Car Culture (Cambridge, MA: MIT Press, 1975); Delbert A. Taebel and James V. Cornehls, The Political Economy of Urban Transportation (Port Washington, NY: Kennikat Press, 1977).

20. The most well known examples are the CIA-assisted overthrow of the Iranian government in 1953 and the 1991 Gulf war.

21. This argument has been made best by Lovins and Lovins, op. cit. See also Amory B. Lovins, Soft Energy Paths: Toward a Durable Peace (Harmondsworth: Penguin, 1977).

22. It may not be necessary for powerful groups to make active efforts in order for others to serve their interests. See Matthew A. Crenson, The Un-Politics of Air Pollution: A Study of Nondecisionmaking in the Cities (Baltimore: Johns Hopkins University Press, 1971).

23. Godfrey Boyle, Living on the Sun: Harnessing Renewable Energy for an Equitable Society (London: Calder and Boyars, 1975), pp. 14, 16, 58.

24. On the link between the rise and survival of the state and the power to extract resources from the economy, see for example Henry Jacoby, The Bureaucratization of the World (Berkeley: University of California Press, 1973); Margaret Levi, Of Rule and Revenue (Berkeley: University of California Press, 1988).

25. Ralph Nader and John Abbotts, The Menace of Atomic Energy (Collingwood, Victoria: Outback Press, 1977), pp. 29-31.

26. Mans Lönnroth, Peter Steen and Thomas B. Johansson, Energy in Transition: A Report on Energy Policy and Future Options (Uddeval‎la, Sweden: Secretariat for Future Studies, 1977), pp. 13-14, make this point in relation to Swedish energy policy in the 1950s, namely that from the point of view of central administration it is more complicated to administer a policy of energy conservation than one of increasing energy supply.

27. See, for example, André Gorz, Ecology as Politics (Boston: South End Press, 1980); Robert Jungk, The New Tyranny: How Nuclear Power Enslaves Us (New York: Grosset & Dunlap, 1979); Lawrence Solomon, Energy Shock: After the Oil Runs Out (Toronto: Doubleday, 1980).

28. Charles Tilly, "War Making and State Making as Organized Crime," in Peter B. Evans, Dietrich Rueschemeyer, and Theda Skocpol (eds.), Bringing the State Back In (Cambridge: Cambridge University Press, 1985), pp. 169-191. See also Ekkehart Krippendorff, Staat und Krieg: Die Historische Logik Politischer Unvernunft (Frankfurt: Suhrkamp, 1985), as reviewed by Johan Galtung, "The State, the Military and War," Journal of Peace Research, Vol. 26 (1989), pp. 101-105; Bruce D. Porter, War and the Rise of the State: The Military Foundations of Modern Politics (New York: Free Press, 1994); Charles Tilly, Coercion, Capital, and European States, AD 990-1992 (Cambridge MA: Blackwell, 1992).

29. See, for example, Everett H. Mendelsohn, Merritt Roe Smith and Peter Weingart (eds.), Science, Technology and the Military (Dordrecht: Kluwer, 1988).

30. An exception to this is so-called "non-offensive defense" which relies on weapons that are not easy to use for attack, such as short-range fighter aircraft. Only a few governments have seriously investigated this sort of defense system.

31. See, for example, Anders Boserup and Andrew Mack, War Without Weapons: Non-violence in National Defence (London: Frances Pinter, 1974); Michael Randle, Civil Resistance (London: Fontana, 1994); Adam Roberts (editor), The Strategy of Civilian Defence: Non-violent Resistance to Aggression (London: Faber and Faber, 1967); Gene Sharp with the assistance of Bruce Jenkins, Civilian-Based Defense: A Post-Military Weapons System (Princeton: Princeton University Press, 1990).

32. Douglas V. Porpora, How Holocausts Happen: The United States in Central America (Philadelphia: Temple University Press, 1990), Chapter 4, points out how the social structures of dependence and inequality - including cash cropping - lead to mass hunger. On the state as a hazard, specifically the link between government repression, technological vulnerability and famine in the Third World, see Ben Wisner, "Disaster Vulnerability: Scale, Power and Daily Life," GeoJournal, Vol. 30 (1993), pp. 127-140.

33. James B. Bakalar and Lester Grinspoon, Drug Control in a Free Society (Cambridge: Cambridge University Press, 1984); Steven B. Duke and Albert C. Gross, America's Longest War: Rethinking Our Tragic Crusade against Drugs (New York: G. P. Putnam's Sons, 1993).

34. Lester Grinspoon, Marijuana Reconsidered (Cambridge, MA: Harvard University Press, 1971).

35. Nils Christie, Crime Control as Industry: Towards Gulags, Western Style (London: Routledge, 1994, second edition).

36. This is a theme running through the incisive critiques of education, energy, health and other systems by Ivan Illich. See Deschooling Society (London: Calder & Boyars, 1971); Energy and Equity (London: Calder & Boyars, 1974); Medical Nemesis: The Appropriation of Health (London: Calder & Boyars, 1975); The Right to Useful Unemployment and its Professional Enemies (London: Marion Boyars, 1978).

http://www.bmartin.cc/pubs/96tis.html