Search
Submit Manuscript
2.8CiteScore
Advanced Search
MAP  >  Emergency Management Science and Technology
2023 Volume 3
Article Contents
Abstract
Introduction
Learning from failures vs successes
Risk and failure modelling
Security case study: 22nd July 2011 ('22/7')
Background
Causes of failure
Consequences
Analysis
Recommendations and generic lessons
Safety case study: COVID-19 in the UK
Background
Causes of failure
Consequences
Analysis
Recommendations and generic lessons
Discussion
Conclusions
Acknowledgements
Conflict of interest
Rights and permissions
References
About this article
Next Previous
ARTICLE   Open Access    

Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens

  • 1.

    Institute of Criminal Justice Studies, University of Portsmouth, Portsmouth, PO1 3DE, United Kingdom

  • 2.

    Operations and Systems Management, Faculty of Business and Law, University of Portsmouth, Portsmouth, PO1 3DE, United Kingdom

More Information
  • Disasters can have detrimental impacts on lives, reputations, trust, and resources. The aim of this paper is to illustrate how root cause analysis methods can be used to learn from failures in both security and safety domains. Utilising two case studies within the security and safety domains, respectively the 22-7 terrorism and Norway and the COVID-19 pandemic within the UK, we investigate how using a hybrid model approach consisting of Fault Tree Analysis (FTA), Reliability Block Diagram (RBD) and Minimum Cut Set Analysis (MCSA), helps identify the causality between failures and the catastrophic events. Results illustrate the benefits of using a hybrid of root cause analysis techniques to extract learning lessons, in order to mitigate against future similar incidents. We applied techniques that can assist organisations to apply the concept of learning from failures in practice. More specifically, the Fault Tree Analysis - for analysing causality, Reliability Block Diagram - for analysing relationships between causal factors, and Minimum Cut Set Analysis - for analysing vulnerable scenarios, were applied to the two cases, demonstrating how these models can aid in their 'de-blackening'.

  • Introduction

    Disasters can have detrimental impacts on lives, reputations, trust, and resources[1]. These events are perceived to have a low probability of occurring, but with severe consequences[2,3]. They are the 'Black Swans' and 'Black Elephants'[4] of the organisational world; Black Swans characterised by their rarity, unexpectedness, and unpredictability – albeit, oftentimes retrospective predictability[46] On 22nd July 2011, the Norwegian society was faced with the 'unimaginable'; two successive terrorist attacks were carried out by an ethnic-Norwegian lone perpetrator[6]. In many countries this would not have been unexpected, but for Norway at that moment in time, it was a Black Swan event. Conversely, some events are more imaginable, and perhaps even predicted, making them Black Elephants[5]. COVID-19 within the UK is an example of this as there were predictors of a pending pandemic. These two events are the case studies which will be further explored in this paper; one where the dust has already settled, and another that is still, at the time of writing this paper, very much alive.

    The above cases are disasters; forcing society out of normalcy due to the sheer magnitude of the catastrophic event[79]. Interestingly, had these failures been detected promptly, the chain reaction which caused them to escalate into disasters could, in theory, have been mitigated[3]. From a learning perspective, disasters tend to inspire change of practice more easily than failures due to how they are perceived[3,7]. Thus, this paper will examine whether there is potential for organisations to learn from the two cases presented in the form of i) feedback from the users to design, ii) the incorporation of advanced tools in innovative applications, and iii) the fostering of interdisciplinary approaches to generic lessons[10]. Fault Tree Analysis (FTA) and Reliability Block Diagram (RBD) will be introduced, before being applied to the two cases, but first, the paper will provide a brief review of the literature on organisational learning from successes vs failure.

    Learning from failures vs successes

    The word 'success' carries positive connotations, and is what most organisations desire. Thus, the emphasis in the literature has often been on learning from successes[1,11,12]. However, success-oriented learning can present organisations with a challenge: the development of an overconfidence bias. As asserted by Labib & Read[10], too much belief in previous successes may result in skewed risk perception. This false sense of security has seen unthinkable disasters unfold in the likes of Titanic and NASA's fatal shuttle missions[10].

    Emerging literature therefore challenges the traditionalist view of learning from successes by suggesting failures contain valuable information, setting the premise for effective organisational learning and resilience[1,10,13]. Indeed, failure encourages change by challenging the status quo[10]. It confronts decision-makers with the 'what', 'why' and 'how', in which experimental learning can prevail[10,14]. Moreover, failures can aid organisations identify gaps in their knowledge and subsequently the root causes of these[2].

    Learning from failures can be challenging for organisations as it requires deep and mindful exploration of what went wrong, which can be a painful process[2,3,15] . Furthermore, appropriate detection and analysis of the failure is necessary[3,16]. Organisational culture is thus important in enabling effective learning, as culpability and reputational factors can cause reluctance to engage in the process[3,15]. However, introspection is not the sole prerequisite for learning from failures. Whilst it must be acknowledged that hindsight is not a sufficient predictor for new risks, cross-organisational isomorphic learning can be a useful learning tool[17,18]. In fact, it is proposed that any failure within a system (i.e. organisation A) can occur within a different system that shares similar characteristics (i.e. organisation B)[18,19].

    Problematically, organisational unlearning is not uncommon[20]. This can happen when organisations have 'no' memory of previous incidents, due to e.g. high personnel turnover, and failures may therefore reoccur[21]. Mahler[22] has conceptualised this notion of unlearning, dividing it into three subtypes of lessons: i) those not learned, ii) those learned only superficially, and iii) those learned then subsequently unlearned. To combat this, models such as the FTA and RBD can be valuable in providing a visual representation of causal factors, effectively functioning as mental models for personnel and decision-makers alike[3,20]. This is due to the models' ability to help map causal factors, their relationship, and identify the vulnerabilities within the whole system.

    Risk and failure modelling

    As set out by Baubion[23], 'risk knowledge is the foundation of crisis and emergency preparedness'. Thus, a proactive risk management process is desired to maintain high reliability within the organisation[7]. To achieve this, the organisation must be viewed as a complex sociotechnical system in which all components are considered when analysing threats, hazards, and vulnerabilities[7,23]. Reliability analysis tools, such as the FTA and RBD, are commonly used to account for these complexities[24]. Adopting a hybrid model approach, by combining these two methods, can be useful in identifying the causality between failures and the catastrophic event[3]. Moreover, it can aid in the optimisation of resource allocation to tackle identified safety gaps and 'weak links', mitigating against future disastrous events and costly consequences[1,3,24]. The analytical step is critical, as failing to discuss and analyse major failures hinders organisational learning[25].

    The FTA and RBD are complementary; the outcome of the FTA serves as the input for the RBD[1], and as such a Fault Tree is the natural first step of the analysis. It is a logic diagram, in which the relationship between a specified undesirable event (i.e. disaster) and failure components of said event are showcased in cascading fashion[1,3]. With the undesired event ('top event') at the top of the tree, it branches out to contributing events in a hierarchical manner, working its way down to basic events, or 'initiators'[1,3]. The events are connected through logic gates. AND-gates signifies that all input events must occur for the output event to happen, whereas with OR-gates only one event needs to occur to trigger the output event[1,3]. Whilst it must be acknowledged that other logic gates do exist, AND- and OR-gates can model most problems and are used to build the RBD[1,7]. Within a crisis management context, the basic events connected with an AND-gate are equivalent to a parallel structure in the RBD, whereas a series structure indicates that OR-gates have been used[1]. To further the analysis and inform decision-making, a 'minimum cut set' exercise can be conducted on the RBD. This will help conceptualise the minimum number of failures that must happen for the top event to occur. Such analysis of combination of causal factors provides 'scenario-based' or 'what-if' analysis, which can further enrich our understanding of the relationship between different factors. Such scenario planning can then be incorporated in the design of new drills and simulation exercises such as table-top exercises (TTX) or live exercises (LIVEX).

    Although the applied tools in this work are well-established in their characteristics as well as applications, their application for the chosen case studies in this paper is innovative and would add to the existing body of knowledge from an applications standpoint. Literature on learning from failures has been varied in terms of the different tools used and the cases considered. For example, a hybrid of tools such as FTA, RBD, and the analytic hierarchy process (AHP) were incorporated to support humanitarian operations and crisis management to analyse the two cases of Bhopal and Fukushima disasters[26].The same tools were also used in the context of high reliability organisations (HRO), such as within the oil and gas industry[27]. Hybrid techniques of FTA, RBD, failure mode and effect analysis (FMEA) and AHP have also been incorporated to analyse incidents within the aviation industry[28]. Although such tools have strengths in terms of problem structuring, causal analysis, identification and prioritisation of root causes, and assessment of vulnerabilities in the system, they also suffer from limitations such as their limited capabilities to capture interdependence, and lack of guidance on degree of detail for the analysis. Nevertheless, their use, particularly as a hybrid, has the potential to increase our understanding of the case studies at hand and provide enrichment to the decision-making support process and policy – especially those related to optimised resource allocations.

    Security case study: 22nd July 2011 ('22/7')

    Background

    On 22nd July 2011 a bomb was detonated outside the Government Quarters in Oslo, Norway. At the time, the Norwegian Labour Party (Arbeiderpartiet) was in government. The perpetrator was not immediately identified. Roughly two hours later, police were alerted of a shooting on a small island, Utøya, 40 min from Oslo[2931]. Here the annual summer camp of the Labour Party's youth organisation (AUF) was hosted, and 530 of the 564 individuals on the island were children and young adults[32]. The gunman, right-wing extremist Anders Behring Breivik, had conned himself onto the island dressed as a police officer, saying he was there to secure it following the Oslo bombing – a bomb he had made himself from fertilizer. Within minutes of stepping onto the island, he started shooting[29,31]. By the time police made it to Utøya, Breivik had already been there for more than an hour, hunting down the camp participants[30]. He was apprehended by police without a single shot being fired.

    Causes of failure

    An independent commission, the 22/7-Commision, was appointed to investigate how the massacre could happen[33]. Thus, this is where the main causes of failure have been obtained[33,34].

    i) The bombing of the Government Quarters could have been prevented if already adopted security measures had been effectively implemented.

    ii) Breivik could have been stopped earlier, as a quicker police response was realistic. It was concluded that the authorities failed to protect the individuals at Utøya.

    iii) More security and emergency preparedness measures should have been implemented, as the ability to effectively learn from exercises and use developed plans was poor.

    iv) With a broader focus and a different working methodology, the Police Security Service (PST) could have become aware of Breivik prior to 22/7.

    v) Ineffective inter-agency working and communication. The mantra following 22/7 became 'the resources that did not find each other'.

    vi) The ability to understand and acknowledge risk had not been sufficient.

    However, it is worth noting that the report does not come without criticism[35].

    Consequences

    The 22/7-attacks had fatal consequences, and remains one of the deadliest mass shootings by a lone perpetrator globally[36,37]. A total of 77 people died following the massacre: eight in the bombing and 69 at Utøya[29,31].

    Analysis

    To the best of our knowledge, FTA and RBD has not yet been applied to the 22/7-case and therefore provides an interesting opportunity.

    The FTA in Fig. 1 is divided into direct causes and contributing factors – connected by an AND-gate, as they both had an impact on the consequences. The direct causes are identified as 1) the bombing and 2) the shooting. The rhombus signifies an undeveloped event, and is used to acknowledge that whilst the events could be further developed (e.g. into sociological and psychological factors affecting Breivik), a choice has been made not to. They are connected by an AND-gate, as both events account for the terrorist attack, although an OR-gate would also suffice as the separate events would both constitute as singular acts of terrorism.

    Figure 1.  Fault Tree Analysis of the 22/7 terrorism.
    DownLoad: Full-Size Img PowerPoint

    The contributing factors are connected by an AND-gate, as they all contributed towards Breivik having every possibility to 'succeed' in his plans. The inadequate intelligence gathering particularly comes down to mistaken prioritisation due to a flawed national risk assessment, which read 'right- and left-wing extremism will also not in 2011 pose a serious threat to the Norwegian society'[38]. Additionally, there was a non-timely implementation of proposed security measures, such as closing off the street leading to the Government Quarters. This was already recommended in 2004 by the Police Directorate, as it was believed the risk of a car bomb being placed right next to the entrance was high[39]. Seven years later Breivik did just that. Much of this can be argued to stem from a naivety found within the Norwegian society, paired with the mindset of 'it does not happen here'. The risks were thus not adequately understood and acknowledged[39].

    Lastly is the inadequate emergency response. The unpreparedness, failed inter-agency working, and lack of appropriate equipment are connected by an OR-gate. This is because the emergency response was an overall weakness within the system, where all three events did not need to occur simultaneously for a system failure to unfold. This is particularly visible within the RBD and subsequent cut set, seen in Fig. 2, where only one of boxes 6-7-8 must be cut to 'short-circuit' the emergency response.

    Figure 2.  Reliability Block Diagram of 22/7 (left) and Cut Set Analysis of the RBD (right).
    DownLoad: Full-Size Img PowerPoint

    Recommendations and generic lessons

    Based on the above analysis, there are areas that must be addressed to mitigate against future threats, particularly within the emergency response. Improved preparedness and resilience should be sought through active learning in scenario-based and inter-agency work training. This can be achieved through simulation exercises in the form of either tabletop or live exercises. A key focus must be on communication so that the resources can indeed 'find each other' in times of crisis. It must be acknowledged that Norway presents a varied topography, and the resources should mirror this. At Utøya, the police faced challenges with both their boats and helicopter, delaying their response. Furthermore, the concept of risk must be thoroughly understood, and proposed security measures effectively acted upon. Additionally, Breivik 'slipped through the system' undetected, even though there were several warning signs. Improved detection and information-sharing processes (falling under intelligence) are thus important.

    Safety case study: COVID-19 in the UK

    Background

    In January 2020, the UK saw its first confirmed case of COVID-19[40,41]. Since then, the UK has suffered immensely from the damages caused by the virus[42].

    Causes of failure

    The UK's handling of the COVID-19 pandemic presents a particularly interesting case study, as the primary response of the Government adversely impacted the containment of the virus (e.g.[42]). A public inquiry is ongoing[43]. Thus, the below causes of failure have been identified through a combination of news reports and official publications at the time of writing.

    i) Failed and late primary strategy by the Government, in the hopes of reportedly obtaining herd immunity[42,44].

    ii) Unprepared to handle a virus pandemic – the preparedness strategy focused on influenza[45,46].

    iii) NHS in crisis: PPE shortages, austerity, staff shortages[42,47,48].

    iv) Non-compliance during the pandemic for a variety of reasons, e.g. COVID-deniers, pandemic fatigue, communication barriers and economic survival of low-income families[46,49,50].

    v) Lockdown and its impact on the economy[51].

    Consequences

    To date (9th May, 2023, more than twenty million individuals had tested positive for COVID-19 in the UK (see: https://coronavirus.data.gov.uk/details/cases), with a total of 182,753 COVID-related deaths[52]. The coronavirus (COVID-19) pandemic has led to record declines in gross domestic product (GDP) in advanced economies in 2020[62].

    Analysis

    Within this paper, a generalised approach has been taken towards COVID-19 in the UK. It is thus not comprehensive in terms of neither width, nor depth, but as asserted by Labib[42], it conceptualises aspects of the crisis within a Fault Tree. While Labib[42] provides a more narrowed focus on the exponential spread of the virus, this analysis adopts a broader viewpoint, accounting for contributing factors as to why it became a crisis.

    As opposed to the 22/7 FTA, this tree is categorised differently; accounting for virus spread, public health, and economic impact, as shown in Fig. 3. These three aspects all contributed towards the crisis escalation and are thus adjoined by an AND-gate. Factors affecting the uncontrollable spread are identified as a non-timely, unprepared, and failed initial government response, alongside non-compliance and virus mutations. The latter two are presented as undeveloped events, for the sake of simplicity within the analysis. They are linked with an OR-gate, as mutations can for instance appear despite an adequate government response.

    Figure 3.  Fault Tree Analysis of the COVID-19 crisis escalation within the UK.
    DownLoad: Full-Size Img PowerPoint

    The vast death toll in the UK has exacerbated the crisis, and there are now concerns for the long-term health impacts as a result of COVID-19[53,54], which may cause a future, secondary crisis. Moreover, death has been divided into being directly and indirectly linked to COVID-19. While statistics do not currently show an increase in deaths due to mental health during the pandemic, the Office for National Statistics warn that these numbers should be interpreted with caution due to inquest delays[54], and it is thus included in the Fault Tree. Additionally, there are concerns of a rise in undetected and untreated other serious illnesses, such as cancer, during the pandemic[55].

    Root causes directly linked to COVID-deaths have been identified as the wait for effective treatment, alongside strains on the health services. These are linked by an OR-gate, as the two events are not necessarily mutually exclusive. Waiting for vaccines has been a global phenomenon, yet some countries have managed to keep hospitals relatively unrestrained. Finally, the economic impact must be considered, where increased public welfare expenditures and a declined GPD have affected, and will continue to affect, the UK economy.

    Recommendations and generic lessons

    Based on the above Fault Tree, the uncontrollable spread presents as a weakness in the system due to its series structure, as depicted in the RBD and subsequent cut set in Fig. 4. The main lesson to be learned is the impact a failed initial government response can have on the outcome. Additionally, non-compliance with regulations, alongside mutations made the virus uncontrollable. Thus, timely measures in the early stages of the crisis would have been key to restrict future rapid transmissions[56]. This includes, but is not limited to, proactive lockdowns and effective test/trace/isolation systems[56]. Moreover, comparing the UK's response to that of other countries could have improved future procedures[42]. The public health line within the Fault Tree is also vulnerable, as Fig. 4 shows two series structures, where only one box in each series needs to be cut for system failure. Boxes 7 and 8 both deal with strains and reduced capacities within the health services, thus a focus should be on strengthening this, improving resilience for future crises.

    Figure 4.  Reliability Block Diagram of COVID-19 within the UK (left) and Cut Set Analysis of the RBD (right).
    DownLoad: Full-Size Img PowerPoint

    Discussion

    As shown in Fig. 5, the incorporation of the hybrid tools used, namely Fault Tree Analysis (FTA), Reliability Block Diagram (RBD), and Cut Set Analysis (CSA), contributes to both understanding of the situation, and decision-making for improvement and mitigation. Hence, through the FTA one is able to understand the situation (problem structuring), particularly in terms of causal factors that contributed to disaster. Whereas, through RBD, one is then able to visualise the relationship between these causal factors. Finally, through CSA, one is able to perform vulnerability analysis of possible failure scenarios, and determine ways of recommendations with regard to safety barriers for both prevention and mitigation.

    Figure 5.  Integration of tools used: FTA, RBD and CSA.
    DownLoad: Full-Size Img PowerPoint

    Applying the FTA and RBD to the above case studies have offered insight into the root causes, and subsequent vulnerability gaps, resulting in major failures[3]. While the cases came from two different domains, respectively security and safety, the models were highly applicable to both. In fact, unpreparedness and non-timely implementation of safety/security measures cut across both cases, despite being in different stages of the learning process.

    The 22/7 terrorist attacks have been investigated and already spurred organisational change, with an overhaul of the police service and updated policies[57]. Despite this, it appears that some lessons have only been learned superficially[22]. Indeed, the Police Reform has not been welcomed, and is viewed by many as a step in the wrong direction: a de-centralisation reform, centralising the police service[58]. Worth noting is another right-wing attack by a lone terrorist that was attempted in 2019. The attack was averted after one casualty, albeit not by the police, but by mosque-goers themselves[59]. Moreover, unpreparedness was central in the 22/7-case, and whilst efforts have been made to strengthen the overall emergency and preparedness response, COVID-19 showed that this was not done holistically[60]. When COVID-19 arrived, Norway was yet again unprepared. Even more so was the UK, which at the time of writing this paper has not yet officially completed the investigation and identified the learning outcome. However, some lessons can be derived from initial analyses, as mentioned above. The concept of isomorphic learning is interesting here, particularly the relevance of ongoing isomorphic learning from other countries to better inform UK practices.

    Conclusions

    While the FTA and subsequent RBD analyses are based on official documents and news reports, they are constructed within the narrative of the authors, in which the role of biases must be considered. To add robustness to the analyses, mathematical calculations of reliability would be beneficial. Though, this is beyond the scope of this paper, and the above analyses thus remain a qualitative construction.

    However, based on the evidence presented above, it can be concluded that the FTA and RBD are particularly suited for analysing events retrospectively, and consequently facilitate learning – turning lessons identified into lessons learned. Whilst solely relying on retrospective case-oriented analyses present as a weakness within the system of actively and accurately learning from failures[61], it can aid in the de-blackening of future events; placing these prospective Black Swans within the realm of 'regular' expectation[6].

    Moreover, the COVID-19 case study also highlights the models' applicability to ongoing crises, whereby identifying known root causes and areas of concern can aid in the application of protective layers to actively mitigate (secondary) crisis escalation. Though, to broaden the understanding of ongoing and future risks, further analytical tools such as Bowtie and Resilience Modelling are recommended.

    Acknowledgements

    The authors would like to thank the Editor, Reviewers, and Editorial Team for their constructive criticism and support.

  • The authors declare that they have no conflict of interest.

  • [1]

    Labib A. 2014. Learning from Failures: Decision analysis of major disasters. Oxford: Elsevier. 321 pp. https://doi.org/10.1016/C2013-0-00156-9
    [2]

    Grigoriou K, Labib A, Hadleigh-Dunn S. 2019. Learning from rare events: An analysis of ValuJet Flight 592 and Swissair Flight SR 111 crashes. Engineering Failure Analysis 96:311−19

    doi: 10.1016/j.engfailanal.2018.10.008

    CrossRef   Google Scholar

    [3]

    Schmidt B, Labib A, Hadleigh-Dunn S. 2020. Learning and unlearning from disasters: an analysis of the Virginia Tech, USA shooting and the Lion Air 610 Airline crash. Journal of Surveillance, Security and Safety 1:1−15

    doi: 10.20517/jsss.2019.02

    CrossRef   Google Scholar

    [4]

    Callahan G. 2008. Nassim Nicholas Taleb: The black swan: The impact of the highly improbable. The Review of Austrian Economics 21:361−64

    doi: 10.1007/s11138-008-0051-7

    CrossRef   Google Scholar

    [5]

    Iglesias-Mendoza M, Yunusa-Kaltungo A, Hadleigh-Dunn S, Labib A. 2021. Learning how to learn from disasters through a comparative dichotomy analysis: Grenfell Tower and Hurricane Katrina case studies. Sustainability 13(4):1−18

    doi: 10.3390/su13042030

    CrossRef   Google Scholar

    [6]

    Lindaas OA, Pettersen KA. 2016. Risk analysis and Black Swans: two strategies for de-blackening. Journal of Risk Research 19(10):1231−45

    doi: 10.1080/13669877.2016.1153499

    CrossRef   Google Scholar

    [7]

    Labib A, Hadleigh-Dunn S, Mahfouz A, Gentile M. 2019. Operationalizing learning from rare events: Framework for middle humanitarian operations managers. Production and Operations Management 28(9):2327−37

    doi: 10.1111/poms.13054

    CrossRef   Google Scholar

    [8]

    Smith D. 1990. Beyond contingency planning: Towards a model of crisis management. Industrial Crisis Quarterly 4(4):263−75

    doi: 10.1177/108602669000400402

    CrossRef   Google Scholar

    [9]

    Turner BA. 1994. Causes of disaster: sloppy management. British Journal of Management 5(3):215−19

    doi: 10.1111/j.1467-8551.1994.tb00172.x

    CrossRef   Google Scholar

    [10]

    Labib A, Read M. 2013. Not just rearranging the deckchairs on the Titanic: Learning from failures through Risk and Reliability Analysis. Safety Science 51(1):397−413

    doi: 10.1016/j.ssci.2012.08.014

    CrossRef   Google Scholar

    [11]

    Kim JYJ, Miner AS. 2000. Crash test without dummies: a longitudinal study of interorganizational learning from failure experience in the U.S. Commercial Banking Industry, 1984–1998. Academy of Management Proceedings 2000:G1−G6

    doi: 10.5465/apbpp.2000.5535812

    CrossRef   Google Scholar

    [12]

    McGrath RG. 1999. Falling forward: Real options reasoning and entrepreneurial failure. Academy of Management Review 24:13−30

    doi: 10.2307/259034

    CrossRef   Google Scholar

    [13]

    Madsen PM, Desai V. 2010. Failing to learn? The effects of failure and success on organizational learning in the global orbital launch vehicle industry Academy of Management Journal 53(3):451−76

    doi: 10.5465/amj.2010.51467631

    CrossRef   Google Scholar

    [14]

    Morris MW, Moore PC. 2000. The lessons we (don't) learn: Counterfactual thinking and organizational accountability after a close call. Administrative Science Quarterly 45(4):737−65

    doi: 10.2307/2667018

    CrossRef   Google Scholar

    [15]

    Weinzimmer LG, Esken CA. 2017. Learning from mistakes: How mistake tolerance positively affects organizational learning and performance. The Journal of Applied Behavioral Science 53:322−48

    doi: 10.1177/0021886316688658

    CrossRef   Google Scholar

    [16]

    Fortune J, Peters G. 1995. Learning from failure - The systems approach. London, UK: Wiley.
    [17]

    Button M. 2008. Doing Security: Critical Reflections and an Agenda for Change. London: Palgrave Macmillan. 264 pp. https://doi.org/10.1057/9780230583634
    [18]

    Elliott D. 1999. Learning from Disasters: A Management Approach (Second Edition). Risk Management 1:77−78

    doi: 10.1057/palgrave.rm.8240018

    CrossRef   Google Scholar

    [19]

    Rozakis M. 2007. The cultural context of emergencies: Seeking for a(n) holistic approach on disaster management. Disaster Prevention and Management 16(2):201−9

    doi: 10.1108/09653560710739522

    CrossRef   Google Scholar

    [20]

    Labib A. 2015. Learning (and unlearning) from failures: 30 years on from Bhopal to Fukushima an analysis through reliability engineering techniques. Process Safety and Environmental Protection 97:80−90

    doi: 10.1016/j.psep.2015.03.008

    CrossRef   Google Scholar

    [21]

    Kletz T. 1993. Lessons from disaster: how organizations have no memory and accidents recur. London, UK: Institution of Chemical Engineers (IChemE). 2(3):185
    [22]

    Mahler JG. 2009. Organizational learning at NASA: The challenger and Columbia accidents. Washington: Georgetown University Press. 256 pp. www.jstor.org/stable/j.ctt2tt559
    [23]

    Baubion C. 2013. OECD risk management: Strategic crisis management. Study Report. OECD Working Papers on Public Governance, No. 23. OECD Publishing, Paris. https://doi.org/10.1787/5k41rbd1lzr7-en.
    [24]

    Jakkula B, Mandela GR, Ch S N M. 2021. Reliability block diagram (RBD) and fault tree analysis (FTA) approaches for estimation of system reliability and availability – a case study. International Journal of Quality & Reliability Management 38(3):682−703

    doi: 10.1108/ijqrm-05-2019-0176

    CrossRef   Google Scholar

    [25]

    Cannon MD, Edmondson AC. 2005. Failing to learn and learning to fail (intelligently): How great organizations put failure to work to innovate and improve. Long Range Planning 38(3):299−319

    doi: 10.1016/j.lrp.2005.04.005

    CrossRef   Google Scholar

    [26]

    Labib A, Abdi MR, Hadleigh-Dunn S, Yazdani M. 2022. Evidence-based models to support humanitarian operations and crisis management. Decision Making: Applications in Management and Engineering 5(1):113−34

    doi: 10.31181/dmame030222100y

    CrossRef   Google Scholar

    [27]

    Rivera G, Yunusa-Kaltungo A, Labib A. 2021. Development of a framework for learning from failures for high reliability organisations: Case study of an oil and gas company. Safety and Reliability Society pp. 1−27. https://research.manchester.ac.uk/en/publications/development-of-a-framework-for-learning-from-failures-for-high-re
    [28]

    Stephen C, Labib A. 2018. A hybrid model for learning from failures. Expert Systems with Applications 93:212−22

    doi: 10.1016/j.eswa.2017.10.031

    CrossRef   Google Scholar

    [29]

    Borchgrevink AS. 2012. A Norwegian tragedy: Anders Behring Breivik and the roads to Utøya. Oslo: Gyldedal. Cambridge: Polity Press. www.research.ed.ac.uk/en/publications/a-norwegian-tragedy-anders-behring-breivik-and-the-massacre-on-ut
    [30]

    Foss AB. 2017. I nesten seks år har de vært tause. Nå forteller politifolkene for første gang om de avgjørende minuttene i den omstridte Utøya-aksjonen. Norge, Utøya. www.aftenposten.no/norge/i/KxxXo/i-nesten-seks-aar-har-de-vaert-tause-naa-forteller-politifolkene-for-foerste-gang-om-de-avgjoerende-minuttene-i-den-omstridte-utoeya-aksjonen
    [31]

    Stormark K. 2011. When terror struck Norway: 189 minutes that shook the world (In Norwegian Language) . Oslo: Kagge. 478 pp. https://openlibrary.org/books/OL30709359M/Da_terroren_rammet_Norge
    [32]

    Lepperød T. 2020. Han skulle vært på kontoret i Y-blokka 22. juli 2011 - dette er historien til mannen bak post-it-lappen. www.nettavisen.no/nyheter/han-skulle-vart-pa-kontoret-i-y-blokka-22-juli-2011-dette-er-historien-til-mannen-bak-post-it-lappen/s/12-95-3423996767
    [33]

    Norges Offentlige Utredninger (NOU).2012. Report from 22 July Commission. Report. Oslo: Ministries Service Centre, Information Management. 481 pp. www.regjeringen.no/no/dokumenter/nou-2012-14/id697260/
    [34]

    Norges Offentlige Utredninger (NOU). 2012. Report of the July 22 Commission: Preliminary English Version of Selected. Report. Oslo: Ministries Service Centre, Information Management. 481 pp. www.regjeringen.no/contentassets/bb3dc76229c64735b4f6eb4dbfcdbfe8/en-gb/pdfs/nou2012_14_eng.pdf
    [35]

    Renå H. 2017. 22. juli-kommisjonens analyse, vurderinger og konklusjoner-en metaanalyse av politiaksjon Utøya. Norsk Statsvitenskapelig Tidsskrift 33(1):10−36

    doi: 10.18261/issn.1504-2936-2017-01-03

    CrossRef   Google Scholar

    [36]

    BBC. 2017. Norway massacre: 'We could hear the gunshots getting closer'. www.bbc.co.uk/news/uk-scotland-41678010
    [37]

    Cranley E, Yuan Y. 2019. The New Zealand shooting is now among the deadliest massacres in recent world history. www.businessinsider.in/The-New-Zealand-shooting-is-now-among-the-deadliest-massacres-in-recent-world-history/articleshow/68434075.cms
    [38]

    PST. 2011. Trusselvurdering 2011. 16 Pages. Oslo: PST.
    [39]

    Jenssen GK, Haram IV, Sund IB. 2012. -Bombeangrepet kunne vært unngått om gata var stengt. www.nrk.no/osloogviken/_-bombeangrepet-kunne-vaert-unngatt-1.8279159
    [40]

    Avery J, Bloom B. 2020. COVID-19, a UK perspective. European Journal of Emergency Medicine 27(3):156−57

    doi: 10.1097/MEJ.0000000000000700

    CrossRef   Google Scholar

    [41]

    Wright O. BBC. 2021. Coronavirus: How the UK dealt with its first Covid case. www.bbc.co.uk/news/uk-england-55622386
    [42]

    Labib A. 2021. Towards a new approach for managing pandemics: Hybrid resilience and bowtie modelling. Safety Science 139:105274

    doi: 10.1016/j.ssci.2021.105274

    CrossRef   Google Scholar

    [43]

    Harrison E. BBC. 2021. Covid: Lessons to be learned from spring 2022 public inquiry. www.bbc.co.uk/news/uk-57088314
    [44]

    Walker P. 2021. Dominic Cummings reiterates claim herd immunity was initial UK policy. www.theguardian.com/world/2021/may/23/priti-patel-denies-cummings-claim-herd-immunity-was-ever-uk-policy
    [45]

    DH Pandemic Influenza Preparedness Team. 2011. UK Influenza Pandemic Preparedness Strategy 2011. UK: Department of Health. 70 pp.
    [46]

    Quinn B. 2021. UK Covid inquiry: the key areas likely to be scrutinised. www.theguardian.com/politics/2021/may/12/uk-covid-inquiry-the-key-areas-likely-to-be-scrutinised?utm_term=Autofeed&CMP=twt_gu&utm_medium&utm_source=Twitter#Echobox=1620841598
    [47]

    Charlesworth A. 2021. Staff shortages left the NHS vulnerable to the COVID-19 storm. UK: The Health Foudation. www.health.org.uk/news-and-comment/blogs/staff-shortages-left-the-nhs-vulnerable-to-the-covid-19-storm
    [48]

    Kirk A, Duncan P, Scruton P. 2021. NHS crisis in charts: how Covid has increased strain on health service. www.theguardian.com/society/2021/jan/15/nhs-crisis-in-charts-how-covid-has-increased-strain-on-health-service
    [49]

    Public Health England. 2020. Beyond the data: Understanding the impact of COVID-19 on BAME groups. London: Public Health England.
    [50]

    Mavron N. 2021. Coronavirus and compliance with government guidance, UK: April 2021. Statistical Report. Office for National Statistics, UK.
    [51]

    Harari D, Keep M. 2021. Coronavirus: Economic impact . Study Report, number 8866. House of Commons Library, UK.
    [52]

    GovUK. 2021. Cases in United Kingdom. https://coronavirus.data.gov.uk/details/cases
    [53]

    The Health Foundation. 2021. What might long COVID mean for the nation’s health? www.health.org.uk/news-and-comment/blogs/what-might-long-covid-mean-for-the-nations-health
    [54]

    Nasir R, John E. 2021. Quarterly suicide death registrations in England: 2001 to 2019 registrations and Quarter 1 (Jan to Mar) to Quarter 4 (Oct to Dec) 2020 provisional data. Statistical Report. Office for National Statistics, UK.
    [55]

    Morris EJA, Goldacre R, Spata E, Mafham M, Finan PJ, et al. 2021. Impact of the COVID-19 pandemic on the detection and management of colorectal cancer in England: a population-based study. The Lancet Gastroenterology & Hepatology 6(3):199−208

    doi: 10.1016/S2468-1253(21)00005-4

    CrossRef   Google Scholar

    [56]

    Anderson RM, Hollingsworth TD, Baggaley RF, Maddren R, Vegvari C. 2020. COVID-19 spread in the UK: the end of the beginning? The Lancet 396(10251):587−90

    doi: 10.1016/S0140-6736(20)31689-5

    CrossRef   Google Scholar

    [57]

    Norwegian Police. 2020. Why the Police must change. www.politiet.no/globalassets/05-om-oss/03-strategier-og-planer/pbsi.pdf
    [58]

    Bakli O, Botheim I, Lassen V. 2019. Evaluation of the local police reform Status report 2018 (In Norwegian Language). Report. Difi (Agency for Public Management and eGovernment), Norway.
    [59]

    Myrvang SE, Høydal HF, NTB. 2020. Philip Manshaus (22) dømt til 21 års forvaring. www.vg.no/nyheter/i/EW6y7A/draps-og-terrortiltalte-philip-manshaus-22-doemmes-til-21-aars-forvaring
    [60]

    Stenhammer HC, Sandbakken LD, Sørkersen KV, Antonsen S. 2020. Vi som forsker på beredskap og sikkerhet kan melde at situasjonen ikke er stort bedre nå enn etter 22. juli. www.an.no/vi-som-forsker-pa-beredskap-og-sikkerhet-kan-melde-at-situasjonen-ikke-er-stort-bedre-na-enn-etter-22-juli/o/5-4-1190554
    [61]

    Sommer M, Njå O, Lussand K. 2017. Police officers' learning in relation to emergency management: A case study. International Journal of Disaster Risk Reduction 21:70−84

    doi: 10.1016/j.ijdrr.2016.11.003

    CrossRef   Google Scholar

    [62]

    Dey-Chowdhury S, McAuley N, Walton A. 2021. International comparisons of GDP during the coronavirus (COVID-19) pandemic. Report. Office for National Statistics (ONS), UK.

  • Cite this article

    Bendiksby HK, Labib A. 2023. Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens. Emergency Management Science and Technology 3:7 doi: 10.48130/EMST-2023-0007
    Bendiksby HK, Labib A. 2023. Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens. Emergency Management Science and Technology 3:7 doi: 10.48130/EMST-2023-0007
    shu

Figures(5)

Download PDF

Article Metrics

Article views(4983) PDF downloads(553)

Other Articles By Authors

ARTICLE   Open Access    

Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens

  • 1.

    Institute of Criminal Justice Studies, University of Portsmouth, Portsmouth, PO1 3DE, United Kingdom

  • 2.

    Operations and Systems Management, Faculty of Business and Law, University of Portsmouth, Portsmouth, PO1 3DE, United Kingdom

  • Received: 18 March 2023
  • Accepted: 19 June 2023
  • Published online: 04 August 2023
Emergency Management Science and Technology  3 Article number: 7  (2023)  |  Cite this article

Abstract: Disasters can have detrimental impacts on lives, reputations, trust, and resources. The aim of this paper is to illustrate how root cause analysis methods can be used to learn from failures in both security and safety domains. Utilising two case studies within the security and safety domains, respectively the 22-7 terrorism and Norway and the COVID-19 pandemic within the UK, we investigate how using a hybrid model approach consisting of Fault Tree Analysis (FTA), Reliability Block Diagram (RBD) and Minimum Cut Set Analysis (MCSA), helps identify the causality between failures and the catastrophic events. Results illustrate the benefits of using a hybrid of root cause analysis techniques to extract learning lessons, in order to mitigate against future similar incidents. We applied techniques that can assist organisations to apply the concept of learning from failures in practice. More specifically, the Fault Tree Analysis - for analysing causality, Reliability Block Diagram - for analysing relationships between causal factors, and Minimum Cut Set Analysis - for analysing vulnerable scenarios, were applied to the two cases, demonstrating how these models can aid in their 'de-blackening'.

    HTML

    Introduction

    • Disasters can have detrimental impacts on lives, reputations, trust, and resources[1]. These events are perceived to have a low probability of occurring, but with severe consequences[2,3]. They are the 'Black Swans' and 'Black Elephants'[4] of the organisational world; Black Swans characterised by their rarity, unexpectedness, and unpredictability – albeit, oftentimes retrospective predictability[46] On 22nd July 2011, the Norwegian society was faced with the 'unimaginable'; two successive terrorist attacks were carried out by an ethnic-Norwegian lone perpetrator[6]. In many countries this would not have been unexpected, but for Norway at that moment in time, it was a Black Swan event. Conversely, some events are more imaginable, and perhaps even predicted, making them Black Elephants[5]. COVID-19 within the UK is an example of this as there were predictors of a pending pandemic. These two events are the case studies which will be further explored in this paper; one where the dust has already settled, and another that is still, at the time of writing this paper, very much alive.

      The above cases are disasters; forcing society out of normalcy due to the sheer magnitude of the catastrophic event[79]. Interestingly, had these failures been detected promptly, the chain reaction which caused them to escalate into disasters could, in theory, have been mitigated[3]. From a learning perspective, disasters tend to inspire change of practice more easily than failures due to how they are perceived[3,7]. Thus, this paper will examine whether there is potential for organisations to learn from the two cases presented in the form of i) feedback from the users to design, ii) the incorporation of advanced tools in innovative applications, and iii) the fostering of interdisciplinary approaches to generic lessons[10]. Fault Tree Analysis (FTA) and Reliability Block Diagram (RBD) will be introduced, before being applied to the two cases, but first, the paper will provide a brief review of the literature on organisational learning from successes vs failure.

    Learning from failures vs successes

    • The word 'success' carries positive connotations, and is what most organisations desire. Thus, the emphasis in the literature has often been on learning from successes[1,11,12]. However, success-oriented learning can present organisations with a challenge: the development of an overconfidence bias. As asserted by Labib & Read[10], too much belief in previous successes may result in skewed risk perception. This false sense of security has seen unthinkable disasters unfold in the likes of Titanic and NASA's fatal shuttle missions[10].

      Emerging literature therefore challenges the traditionalist view of learning from successes by suggesting failures contain valuable information, setting the premise for effective organisational learning and resilience[1,10,13]. Indeed, failure encourages change by challenging the status quo[10]. It confronts decision-makers with the 'what', 'why' and 'how', in which experimental learning can prevail[10,14]. Moreover, failures can aid organisations identify gaps in their knowledge and subsequently the root causes of these[2].

      Learning from failures can be challenging for organisations as it requires deep and mindful exploration of what went wrong, which can be a painful process[2,3,15] . Furthermore, appropriate detection and analysis of the failure is necessary[3,16]. Organisational culture is thus important in enabling effective learning, as culpability and reputational factors can cause reluctance to engage in the process[3,15]. However, introspection is not the sole prerequisite for learning from failures. Whilst it must be acknowledged that hindsight is not a sufficient predictor for new risks, cross-organisational isomorphic learning can be a useful learning tool[17,18]. In fact, it is proposed that any failure within a system (i.e. organisation A) can occur within a different system that shares similar characteristics (i.e. organisation B)[18,19].

      Problematically, organisational unlearning is not uncommon[20]. This can happen when organisations have 'no' memory of previous incidents, due to e.g. high personnel turnover, and failures may therefore reoccur[21]. Mahler[22] has conceptualised this notion of unlearning, dividing it into three subtypes of lessons: i) those not learned, ii) those learned only superficially, and iii) those learned then subsequently unlearned. To combat this, models such as the FTA and RBD can be valuable in providing a visual representation of causal factors, effectively functioning as mental models for personnel and decision-makers alike[3,20]. This is due to the models' ability to help map causal factors, their relationship, and identify the vulnerabilities within the whole system.

    Risk and failure modelling

    • As set out by Baubion[23], 'risk knowledge is the foundation of crisis and emergency preparedness'. Thus, a proactive risk management process is desired to maintain high reliability within the organisation[7]. To achieve this, the organisation must be viewed as a complex sociotechnical system in which all components are considered when analysing threats, hazards, and vulnerabilities[7,23]. Reliability analysis tools, such as the FTA and RBD, are commonly used to account for these complexities[24]. Adopting a hybrid model approach, by combining these two methods, can be useful in identifying the causality between failures and the catastrophic event[3]. Moreover, it can aid in the optimisation of resource allocation to tackle identified safety gaps and 'weak links', mitigating against future disastrous events and costly consequences[1,3,24]. The analytical step is critical, as failing to discuss and analyse major failures hinders organisational learning[25].

      The FTA and RBD are complementary; the outcome of the FTA serves as the input for the RBD[1], and as such a Fault Tree is the natural first step of the analysis. It is a logic diagram, in which the relationship between a specified undesirable event (i.e. disaster) and failure components of said event are showcased in cascading fashion[1,3]. With the undesired event ('top event') at the top of the tree, it branches out to contributing events in a hierarchical manner, working its way down to basic events, or 'initiators'[1,3]. The events are connected through logic gates. AND-gates signifies that all input events must occur for the output event to happen, whereas with OR-gates only one event needs to occur to trigger the output event[1,3]. Whilst it must be acknowledged that other logic gates do exist, AND- and OR-gates can model most problems and are used to build the RBD[1,7]. Within a crisis management context, the basic events connected with an AND-gate are equivalent to a parallel structure in the RBD, whereas a series structure indicates that OR-gates have been used[1]. To further the analysis and inform decision-making, a 'minimum cut set' exercise can be conducted on the RBD. This will help conceptualise the minimum number of failures that must happen for the top event to occur. Such analysis of combination of causal factors provides 'scenario-based' or 'what-if' analysis, which can further enrich our understanding of the relationship between different factors. Such scenario planning can then be incorporated in the design of new drills and simulation exercises such as table-top exercises (TTX) or live exercises (LIVEX).

      Although the applied tools in this work are well-established in their characteristics as well as applications, their application for the chosen case studies in this paper is innovative and would add to the existing body of knowledge from an applications standpoint. Literature on learning from failures has been varied in terms of the different tools used and the cases considered. For example, a hybrid of tools such as FTA, RBD, and the analytic hierarchy process (AHP) were incorporated to support humanitarian operations and crisis management to analyse the two cases of Bhopal and Fukushima disasters[26].The same tools were also used in the context of high reliability organisations (HRO), such as within the oil and gas industry[27]. Hybrid techniques of FTA, RBD, failure mode and effect analysis (FMEA) and AHP have also been incorporated to analyse incidents within the aviation industry[28]. Although such tools have strengths in terms of problem structuring, causal analysis, identification and prioritisation of root causes, and assessment of vulnerabilities in the system, they also suffer from limitations such as their limited capabilities to capture interdependence, and lack of guidance on degree of detail for the analysis. Nevertheless, their use, particularly as a hybrid, has the potential to increase our understanding of the case studies at hand and provide enrichment to the decision-making support process and policy – especially those related to optimised resource allocations.

    Security case study: 22nd July 2011 ('22/7')

      Background

    • On 22nd July 2011 a bomb was detonated outside the Government Quarters in Oslo, Norway. At the time, the Norwegian Labour Party (Arbeiderpartiet) was in government. The perpetrator was not immediately identified. Roughly two hours later, police were alerted of a shooting on a small island, Utøya, 40 min from Oslo[2931]. Here the annual summer camp of the Labour Party's youth organisation (AUF) was hosted, and 530 of the 564 individuals on the island were children and young adults[32]. The gunman, right-wing extremist Anders Behring Breivik, had conned himself onto the island dressed as a police officer, saying he was there to secure it following the Oslo bombing – a bomb he had made himself from fertilizer. Within minutes of stepping onto the island, he started shooting[29,31]. By the time police made it to Utøya, Breivik had already been there for more than an hour, hunting down the camp participants[30]. He was apprehended by police without a single shot being fired.

      Causes of failure

    • An independent commission, the 22/7-Commision, was appointed to investigate how the massacre could happen[33]. Thus, this is where the main causes of failure have been obtained[33,34].

      i) The bombing of the Government Quarters could have been prevented if already adopted security measures had been effectively implemented.

      ii) Breivik could have been stopped earlier, as a quicker police response was realistic. It was concluded that the authorities failed to protect the individuals at Utøya.

      iii) More security and emergency preparedness measures should have been implemented, as the ability to effectively learn from exercises and use developed plans was poor.

      iv) With a broader focus and a different working methodology, the Police Security Service (PST) could have become aware of Breivik prior to 22/7.

      v) Ineffective inter-agency working and communication. The mantra following 22/7 became 'the resources that did not find each other'.

      vi) The ability to understand and acknowledge risk had not been sufficient.

      However, it is worth noting that the report does not come without criticism[35].

      Consequences

    • The 22/7-attacks had fatal consequences, and remains one of the deadliest mass shootings by a lone perpetrator globally[36,37]. A total of 77 people died following the massacre: eight in the bombing and 69 at Utøya[29,31].

      Analysis

    • To the best of our knowledge, FTA and RBD has not yet been applied to the 22/7-case and therefore provides an interesting opportunity.

      The FTA in Fig. 1 is divided into direct causes and contributing factors – connected by an AND-gate, as they both had an impact on the consequences. The direct causes are identified as 1) the bombing and 2) the shooting. The rhombus signifies an undeveloped event, and is used to acknowledge that whilst the events could be further developed (e.g. into sociological and psychological factors affecting Breivik), a choice has been made not to. They are connected by an AND-gate, as both events account for the terrorist attack, although an OR-gate would also suffice as the separate events would both constitute as singular acts of terrorism.

      Figure 1. 

      Fault Tree Analysis of the 22/7 terrorism.

      The contributing factors are connected by an AND-gate, as they all contributed towards Breivik having every possibility to 'succeed' in his plans. The inadequate intelligence gathering particularly comes down to mistaken prioritisation due to a flawed national risk assessment, which read 'right- and left-wing extremism will also not in 2011 pose a serious threat to the Norwegian society'[38]. Additionally, there was a non-timely implementation of proposed security measures, such as closing off the street leading to the Government Quarters. This was already recommended in 2004 by the Police Directorate, as it was believed the risk of a car bomb being placed right next to the entrance was high[39]. Seven years later Breivik did just that. Much of this can be argued to stem from a naivety found within the Norwegian society, paired with the mindset of 'it does not happen here'. The risks were thus not adequately understood and acknowledged[39].

      Lastly is the inadequate emergency response. The unpreparedness, failed inter-agency working, and lack of appropriate equipment are connected by an OR-gate. This is because the emergency response was an overall weakness within the system, where all three events did not need to occur simultaneously for a system failure to unfold. This is particularly visible within the RBD and subsequent cut set, seen in Fig. 2, where only one of boxes 6-7-8 must be cut to 'short-circuit' the emergency response.

      Figure 2. 

      Reliability Block Diagram of 22/7 (left) and Cut Set Analysis of the RBD (right).

      Recommendations and generic lessons

    • Based on the above analysis, there are areas that must be addressed to mitigate against future threats, particularly within the emergency response. Improved preparedness and resilience should be sought through active learning in scenario-based and inter-agency work training. This can be achieved through simulation exercises in the form of either tabletop or live exercises. A key focus must be on communication so that the resources can indeed 'find each other' in times of crisis. It must be acknowledged that Norway presents a varied topography, and the resources should mirror this. At Utøya, the police faced challenges with both their boats and helicopter, delaying their response. Furthermore, the concept of risk must be thoroughly understood, and proposed security measures effectively acted upon. Additionally, Breivik 'slipped through the system' undetected, even though there were several warning signs. Improved detection and information-sharing processes (falling under intelligence) are thus important.

    Safety case study: COVID-19 in the UK

      Background

    • In January 2020, the UK saw its first confirmed case of COVID-19[40,41]. Since then, the UK has suffered immensely from the damages caused by the virus[42].

      Causes of failure

    • The UK's handling of the COVID-19 pandemic presents a particularly interesting case study, as the primary response of the Government adversely impacted the containment of the virus (e.g.[42]). A public inquiry is ongoing[43]. Thus, the below causes of failure have been identified through a combination of news reports and official publications at the time of writing.

      i) Failed and late primary strategy by the Government, in the hopes of reportedly obtaining herd immunity[42,44].

      ii) Unprepared to handle a virus pandemic – the preparedness strategy focused on influenza[45,46].

      iii) NHS in crisis: PPE shortages, austerity, staff shortages[42,47,48].

      iv) Non-compliance during the pandemic for a variety of reasons, e.g. COVID-deniers, pandemic fatigue, communication barriers and economic survival of low-income families[46,49,50].

      v) Lockdown and its impact on the economy[51].

      Consequences

    • To date (9th May, 2023, more than twenty million individuals had tested positive for COVID-19 in the UK (see: https://coronavirus.data.gov.uk/details/cases), with a total of 182,753 COVID-related deaths[52]. The coronavirus (COVID-19) pandemic has led to record declines in gross domestic product (GDP) in advanced economies in 2020[62].

      Analysis

    • Within this paper, a generalised approach has been taken towards COVID-19 in the UK. It is thus not comprehensive in terms of neither width, nor depth, but as asserted by Labib[42], it conceptualises aspects of the crisis within a Fault Tree. While Labib[42] provides a more narrowed focus on the exponential spread of the virus, this analysis adopts a broader viewpoint, accounting for contributing factors as to why it became a crisis.

      As opposed to the 22/7 FTA, this tree is categorised differently; accounting for virus spread, public health, and economic impact, as shown in Fig. 3. These three aspects all contributed towards the crisis escalation and are thus adjoined by an AND-gate. Factors affecting the uncontrollable spread are identified as a non-timely, unprepared, and failed initial government response, alongside non-compliance and virus mutations. The latter two are presented as undeveloped events, for the sake of simplicity within the analysis. They are linked with an OR-gate, as mutations can for instance appear despite an adequate government response.

      Figure 3. 

      Fault Tree Analysis of the COVID-19 crisis escalation within the UK.

      The vast death toll in the UK has exacerbated the crisis, and there are now concerns for the long-term health impacts as a result of COVID-19[53,54], which may cause a future, secondary crisis. Moreover, death has been divided into being directly and indirectly linked to COVID-19. While statistics do not currently show an increase in deaths due to mental health during the pandemic, the Office for National Statistics warn that these numbers should be interpreted with caution due to inquest delays[54], and it is thus included in the Fault Tree. Additionally, there are concerns of a rise in undetected and untreated other serious illnesses, such as cancer, during the pandemic[55].

      Root causes directly linked to COVID-deaths have been identified as the wait for effective treatment, alongside strains on the health services. These are linked by an OR-gate, as the two events are not necessarily mutually exclusive. Waiting for vaccines has been a global phenomenon, yet some countries have managed to keep hospitals relatively unrestrained. Finally, the economic impact must be considered, where increased public welfare expenditures and a declined GPD have affected, and will continue to affect, the UK economy.

      Recommendations and generic lessons

    • Based on the above Fault Tree, the uncontrollable spread presents as a weakness in the system due to its series structure, as depicted in the RBD and subsequent cut set in Fig. 4. The main lesson to be learned is the impact a failed initial government response can have on the outcome. Additionally, non-compliance with regulations, alongside mutations made the virus uncontrollable. Thus, timely measures in the early stages of the crisis would have been key to restrict future rapid transmissions[56]. This includes, but is not limited to, proactive lockdowns and effective test/trace/isolation systems[56]. Moreover, comparing the UK's response to that of other countries could have improved future procedures[42]. The public health line within the Fault Tree is also vulnerable, as Fig. 4 shows two series structures, where only one box in each series needs to be cut for system failure. Boxes 7 and 8 both deal with strains and reduced capacities within the health services, thus a focus should be on strengthening this, improving resilience for future crises.

      Figure 4. 

      Reliability Block Diagram of COVID-19 within the UK (left) and Cut Set Analysis of the RBD (right).

    Discussion

    • As shown in Fig. 5, the incorporation of the hybrid tools used, namely Fault Tree Analysis (FTA), Reliability Block Diagram (RBD), and Cut Set Analysis (CSA), contributes to both understanding of the situation, and decision-making for improvement and mitigation. Hence, through the FTA one is able to understand the situation (problem structuring), particularly in terms of causal factors that contributed to disaster. Whereas, through RBD, one is then able to visualise the relationship between these causal factors. Finally, through CSA, one is able to perform vulnerability analysis of possible failure scenarios, and determine ways of recommendations with regard to safety barriers for both prevention and mitigation.

      Figure 5. 

      Integration of tools used: FTA, RBD and CSA.

      Applying the FTA and RBD to the above case studies have offered insight into the root causes, and subsequent vulnerability gaps, resulting in major failures[3]. While the cases came from two different domains, respectively security and safety, the models were highly applicable to both. In fact, unpreparedness and non-timely implementation of safety/security measures cut across both cases, despite being in different stages of the learning process.

      The 22/7 terrorist attacks have been investigated and already spurred organisational change, with an overhaul of the police service and updated policies[57]. Despite this, it appears that some lessons have only been learned superficially[22]. Indeed, the Police Reform has not been welcomed, and is viewed by many as a step in the wrong direction: a de-centralisation reform, centralising the police service[58]. Worth noting is another right-wing attack by a lone terrorist that was attempted in 2019. The attack was averted after one casualty, albeit not by the police, but by mosque-goers themselves[59]. Moreover, unpreparedness was central in the 22/7-case, and whilst efforts have been made to strengthen the overall emergency and preparedness response, COVID-19 showed that this was not done holistically[60]. When COVID-19 arrived, Norway was yet again unprepared. Even more so was the UK, which at the time of writing this paper has not yet officially completed the investigation and identified the learning outcome. However, some lessons can be derived from initial analyses, as mentioned above. The concept of isomorphic learning is interesting here, particularly the relevance of ongoing isomorphic learning from other countries to better inform UK practices.

    Conclusions

    • While the FTA and subsequent RBD analyses are based on official documents and news reports, they are constructed within the narrative of the authors, in which the role of biases must be considered. To add robustness to the analyses, mathematical calculations of reliability would be beneficial. Though, this is beyond the scope of this paper, and the above analyses thus remain a qualitative construction.

      However, based on the evidence presented above, it can be concluded that the FTA and RBD are particularly suited for analysing events retrospectively, and consequently facilitate learning – turning lessons identified into lessons learned. Whilst solely relying on retrospective case-oriented analyses present as a weakness within the system of actively and accurately learning from failures[61], it can aid in the de-blackening of future events; placing these prospective Black Swans within the realm of 'regular' expectation[6].

      Moreover, the COVID-19 case study also highlights the models' applicability to ongoing crises, whereby identifying known root causes and areas of concern can aid in the application of protective layers to actively mitigate (secondary) crisis escalation. Though, to broaden the understanding of ongoing and future risks, further analytical tools such as Bowtie and Resilience Modelling are recommended.

    Acknowledgements

    • The authors would like to thank the Editor, Reviewers, and Editorial Team for their constructive criticism and support.

      Conflict of interest

      • The authors declare that they have no conflict of interest.

      Rights and permissions
      • Copyright: © 2023 by the author(s). Published by Maximum Academic Press on behalf of Nanjing Tech University. This article is an open access article distributed under Creative Commons Attribution License (CC BY 4.0), visit https://creativecommons.org/licenses/by/4.0/.
    Figure (5)  References (62)
  • About this article
    Cite this article
    Bendiksby HK, Labib A. 2023. Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens. Emergency Management Science and Technology 3:7 doi: 10.48130/EMST-2023-0007
    Bendiksby HK, Labib A. 2023. Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens. Emergency Management Science and Technology 3:7 doi: 10.48130/EMST-2023-0007
    shu

Catalog

  • HTML

  • Introduction
  • Learning from failures vs successes
  • Risk and failure modelling
  • Security case study: 22nd July 2011 ('22/7')

  • Background

  • Causes of failure

  • Consequences

  • Analysis

  • Recommendations and generic lessons

  • Safety case study: COVID-19 in the UK

  • Background

  • Causes of failure

  • Consequences

  • Analysis

  • Recommendations and generic lessons

  • Discussion
  • Conclusions
  • Acknowledgements
  • Conflict of interest
  • Rights and permissions
  • About this article
logo

Contents

Policies

Services

Partnerships

© 2025 Maximum Academic Press, except Open Access articles. MAP is a member of ALPSP, COPE, CrossRef, cOAlition S, OASPA and STM.

Privacy Policy  |  Site Map  |  Terms and Conditions

/

DownLoad:  Full-Size Img  PowerPoint
Return
Return