Learning from disasters: the 22/7-terrorism in Norway and COVID-19 through a failure modelling lens

Disasters can have detrimental impacts on lives, reputations, trust, and resources^[1]. These events are perceived to have a low probability of occurring, but with severe consequences^[2,3]. They are the 'Black Swans' and 'Black Elephants'^[4] of the organisational world; Black Swans characterised by their rarity, unexpectedness, and unpredictability – albeit, oftentimes retrospective predictability^[4−6] On 22^nd July 2011, the Norwegian society was faced with the 'unimaginable'; two successive terrorist attacks were carried out by an ethnic-Norwegian lone perpetrator^[6]. In many countries this would not have been unexpected, but for Norway at that moment in time, it was a Black Swan event. Conversely, some events are more imaginable, and perhaps even predicted, making them Black Elephants^[5]. COVID-19 within the UK is an example of this as there were predictors of a pending pandemic. These two events are the case studies which will be further explored in this paper; one where the dust has already settled, and another that is still, at the time of writing this paper, very much alive.

The above cases are disasters; forcing society out of normalcy due to the sheer magnitude of the catastrophic event^[7−9]. Interestingly, had these failures been detected promptly, the chain reaction which caused them to escalate into disasters could, in theory, have been mitigated^[3]. From a learning perspective, disasters tend to inspire change of practice more easily than failures due to how they are perceived^[3,7]. Thus, this paper will examine whether there is potential for organisations to learn from the two cases presented in the form of i) feedback from the users to design, ii) the incorporation of advanced tools in innovative applications, and iii) the fostering of interdisciplinary approaches to generic lessons^[10]. Fault Tree Analysis (FTA) and Reliability Block Diagram (RBD) will be introduced, before being applied to the two cases, but first, the paper will provide a brief review of the literature on organisational learning from successes vs failure.

The word 'success' carries positive connotations, and is what most organisations desire. Thus, the emphasis in the literature has often been on learning from successes^[1,11,12]. However, success-oriented learning can present organisations with a challenge: the development of an overconfidence bias. As asserted by Labib & Read^[10], too much belief in previous successes may result in skewed risk perception. This false sense of security has seen unthinkable disasters unfold in the likes of Titanic and NASA's fatal shuttle missions^[10].

Emerging literature therefore challenges the traditionalist view of learning from successes by suggesting failures contain valuable information, setting the premise for effective organisational learning and resilience^[1,10,13]. Indeed, failure encourages change by challenging the status quo^[10]. It confronts decision-makers with the 'what', 'why' and 'how', in which experimental learning can prevail^[10,14]. Moreover, failures can aid organisations identify gaps in their knowledge and subsequently the root causes of these^[2].

Learning from failures can be challenging for organisations as it requires deep and mindful exploration of what went wrong, which can be a painful process^[2,3,15] . Furthermore, appropriate detection and analysis of the failure is necessary^[3,16]. Organisational culture is thus important in enabling effective learning, as culpability and reputational factors can cause reluctance to engage in the process^[3,15]. However, introspection is not the sole prerequisite for learning from failures. Whilst it must be acknowledged that hindsight is not a sufficient predictor for new risks, cross-organisational isomorphic learning can be a useful learning tool^[17,18]. In fact, it is proposed that any failure within a system (i.e. organisation A) can occur within a different system that shares similar characteristics (i.e. organisation B)^[18,19].

Problematically, organisational unlearning is not uncommon^[20]. This can happen when organisations have 'no' memory of previous incidents, due to e.g. high personnel turnover, and failures may therefore reoccur^[21]. Mahler^[22] has conceptualised this notion of unlearning, dividing it into three subtypes of lessons: i) those not learned, ii) those learned only superficially, and iii) those learned then subsequently unlearned. To combat this, models such as the FTA and RBD can be valuable in providing a visual representation of causal factors, effectively functioning as mental models for personnel and decision-makers alike^[3,20]. This is due to the models' ability to help map causal factors, their relationship, and identify the vulnerabilities within the whole system.

As set out by Baubion^[23], 'risk knowledge is the foundation of crisis and emergency preparedness'. Thus, a proactive risk management process is desired to maintain high reliability within the organisation^[7]. To achieve this, the organisation must be viewed as a complex sociotechnical system in which all components are considered when analysing threats, hazards, and vulnerabilities^[7,23]. Reliability analysis tools, such as the FTA and RBD, are commonly used to account for these complexities^[24]. Adopting a hybrid model approach, by combining these two methods, can be useful in identifying the causality between failures and the catastrophic event^[3]. Moreover, it can aid in the optimisation of resource allocation to tackle identified safety gaps and 'weak links', mitigating against future disastrous events and costly consequences^[1,3,24]. The analytical step is critical, as failing to discuss and analyse major failures hinders organisational learning^[25].

The FTA and RBD are complementary; the outcome of the FTA serves as the input for the RBD^[1], and as such a Fault Tree is the natural first step of the analysis. It is a logic diagram, in which the relationship between a specified undesirable event (i.e. disaster) and failure components of said event are showcased in cascading fashion^[1,3]. With the undesired event ('top event') at the top of the tree, it branches out to contributing events in a hierarchical manner, working its way down to basic events, or 'initiators'^[1,3]. The events are connected through logic gates. AND-gates signifies that all input events must occur for the output event to happen, whereas with OR-gates only one event needs to occur to trigger the output event^[1,3]. Whilst it must be acknowledged that other logic gates do exist, AND- and OR-gates can model most problems and are used to build the RBD^[1,7]. Within a crisis management context, the basic events connected with an AND-gate are equivalent to a parallel structure in the RBD, whereas a series structure indicates that OR-gates have been used^[1]. To further the analysis and inform decision-making, a 'minimum cut set' exercise can be conducted on the RBD. This will help conceptualise the minimum number of failures that must happen for the top event to occur. Such analysis of combination of causal factors provides 'scenario-based' or 'what-if' analysis, which can further enrich our understanding of the relationship between different factors. Such scenario planning can then be incorporated in the design of new drills and simulation exercises such as table-top exercises (TTX) or live exercises (LIVEX).

Although the applied tools in this work are well-established in their characteristics as well as applications, their application for the chosen case studies in this paper is innovative and would add to the existing body of knowledge from an applications standpoint. Literature on learning from failures has been varied in terms of the different tools used and the cases considered. For example, a hybrid of tools such as FTA, RBD, and the analytic hierarchy process (AHP) were incorporated to support humanitarian operations and crisis management to analyse the two cases of Bhopal and Fukushima disasters^[26].The same tools were also used in the context of high reliability organisations (HRO), such as within the oil and gas industry^[27]. Hybrid techniques of FTA, RBD, failure mode and effect analysis (FMEA) and AHP have also been incorporated to analyse incidents within the aviation industry^[28]. Although such tools have strengths in terms of problem structuring, causal analysis, identification and prioritisation of root causes, and assessment of vulnerabilities in the system, they also suffer from limitations such as their limited capabilities to capture interdependence, and lack of guidance on degree of detail for the analysis. Nevertheless, their use, particularly as a hybrid, has the potential to increase our understanding of the case studies at hand and provide enrichment to the decision-making support process and policy – especially those related to optimised resource allocations.

On 22^nd July 2011 a bomb was detonated outside the Government Quarters in Oslo, Norway. At the time, the Norwegian Labour Party (Arbeiderpartiet) was in government. The perpetrator was not immediately identified. Roughly two hours later, police were alerted of a shooting on a small island, Utøya, 40 min from Oslo^[29–31]. Here the annual summer camp of the Labour Party's youth organisation (AUF) was hosted, and 530 of the 564 individuals on the island were children and young adults^[32]. The gunman, right-wing extremist Anders Behring Breivik, had conned himself onto the island dressed as a police officer, saying he was there to secure it following the Oslo bombing – a bomb he had made himself from fertilizer. Within minutes of stepping onto the island, he started shooting^[29,31]. By the time police made it to Utøya, Breivik had already been there for more than an hour, hunting down the camp participants^[30]. He was apprehended by police without a single shot being fired.

Causes of failure

An independent commission, the 22/7-Commision, was appointed to investigate how the massacre could happen^[33]. Thus, this is where the main causes of failure have been obtained^[33,34].

i) The bombing of the Government Quarters could have been prevented if already adopted security measures had been effectively implemented.

ii) Breivik could have been stopped earlier, as a quicker police response was realistic. It was concluded that the authorities failed to protect the individuals at Utøya.

iii) More security and emergency preparedness measures should have been implemented, as the ability to effectively learn from exercises and use developed plans was poor.

iv) With a broader focus and a different working methodology, the Police Security Service (PST) could have become aware of Breivik prior to 22/7.

v) Ineffective inter-agency working and communication. The mantra following 22/7 became 'the resources that did not find each other'.

vi) The ability to understand and acknowledge risk had not been sufficient.

However, it is worth noting that the report does not come without criticism^[35].

Consequences

The 22/7-attacks had fatal consequences, and remains one of the deadliest mass shootings by a lone perpetrator globally^[36,37]. A total of 77 people died following the massacre: eight in the bombing and 69 at Utøya^[29,31].

Analysis

To the best of our knowledge, FTA and RBD has not yet been applied to the 22/7-case and therefore provides an interesting opportunity.

The FTA in Fig. 1 is divided into direct causes and contributing factors – connected by an AND-gate, as they both had an impact on the consequences. The direct causes are identified as 1) the bombing and 2) the shooting. The rhombus signifies an undeveloped event, and is used to acknowledge that whilst the events could be further developed (e.g. into sociological and psychological factors affecting Breivik), a choice has been made not to. They are connected by an AND-gate, as both events account for the terrorist attack, although an OR-gate would also suffice as the separate events would both constitute as singular acts of terrorism.

Figure 1. 

Fault Tree Analysis of the 22/7 terrorism.

The contributing factors are connected by an AND-gate, as they all contributed towards Breivik having every possibility to 'succeed' in his plans. The inadequate intelligence gathering particularly comes down to mistaken prioritisation due to a flawed national risk assessment, which read 'right- and left-wing extremism will also not in 2011 pose a serious threat to the Norwegian society'^[38]. Additionally, there was a non-timely implementation of proposed security measures, such as closing off the street leading to the Government Quarters. This was already recommended in 2004 by the Police Directorate, as it was believed the risk of a car bomb being placed right next to the entrance was high^[39]. Seven years later Breivik did just that. Much of this can be argued to stem from a naivety found within the Norwegian society, paired with the mindset of 'it does not happen here'. The risks were thus not adequately understood and acknowledged^[39].

Lastly is the inadequate emergency response. The unpreparedness, failed inter-agency working, and lack of appropriate equipment are connected by an OR-gate. This is because the emergency response was an overall weakness within the system, where all three events did not need to occur simultaneously for a system failure to unfold. This is particularly visible within the RBD and subsequent cut set, seen in Fig. 2, where only one of boxes 6-7-8 must be cut to 'short-circuit' the emergency response.

Figure 2. 

Reliability Block Diagram of 22/7 (left) and Cut Set Analysis of the RBD (right).

Recommendations and generic lessons

Based on the above analysis, there are areas that must be addressed to mitigate against future threats, particularly within the emergency response. Improved preparedness and resilience should be sought through active learning in scenario-based and inter-agency work training. This can be achieved through simulation exercises in the form of either tabletop or live exercises. A key focus must be on communication so that the resources can indeed 'find each other' in times of crisis. It must be acknowledged that Norway presents a varied topography, and the resources should mirror this. At Utøya, the police faced challenges with both their boats and helicopter, delaying their response. Furthermore, the concept of risk must be thoroughly understood, and proposed security measures effectively acted upon. Additionally, Breivik 'slipped through the system' undetected, even though there were several warning signs. Improved detection and information-sharing processes (falling under intelligence) are thus important.

In January 2020, the UK saw its first confirmed case of COVID-19^[40,41]. Since then, the UK has suffered immensely from the damages caused by the virus^[42].

Causes of failure

The UK's handling of the COVID-19 pandemic presents a particularly interesting case study, as the primary response of the Government adversely impacted the containment of the virus (e.g.^[42]). A public inquiry is ongoing^[43]. Thus, the below causes of failure have been identified through a combination of news reports and official publications at the time of writing.

i) Failed and late primary strategy by the Government, in the hopes of reportedly obtaining herd immunity^[42,44].

ii) Unprepared to handle a virus pandemic – the preparedness strategy focused on influenza^[45,46].

iii) NHS in crisis: PPE shortages, austerity, staff shortages^[42,47,48].

iv) Non-compliance during the pandemic for a variety of reasons, e.g. COVID-deniers, pandemic fatigue, communication barriers and economic survival of low-income families^[46,49,50].

v) Lockdown and its impact on the economy^[51].

Consequences

To date (9^th May, 2023, more than twenty million individuals had tested positive for COVID-19 in the UK (see: https://coronavirus.data.gov.uk/details/cases), with a total of 182,753 COVID-related deaths^[52]. The coronavirus (COVID-19) pandemic has led to record declines in gross domestic product (GDP) in advanced economies in 2020^[62].

Analysis

Within this paper, a generalised approach has been taken towards COVID-19 in the UK. It is thus not comprehensive in terms of neither width, nor depth, but as asserted by Labib^[42], it conceptualises aspects of the crisis within a Fault Tree. While Labib^[42] provides a more narrowed focus on the exponential spread of the virus, this analysis adopts a broader viewpoint, accounting for contributing factors as to why it became a crisis.

As opposed to the 22/7 FTA, this tree is categorised differently; accounting for virus spread, public health, and economic impact, as shown in Fig. 3. These three aspects all contributed towards the crisis escalation and are thus adjoined by an AND-gate. Factors affecting the uncontrollable spread are identified as a non-timely, unprepared, and failed initial government response, alongside non-compliance and virus mutations. The latter two are presented as undeveloped events, for the sake of simplicity within the analysis. They are linked with an OR-gate, as mutations can for instance appear despite an adequate government response.

Figure 3. 

Fault Tree Analysis of the COVID-19 crisis escalation within the UK.

The vast death toll in the UK has exacerbated the crisis, and there are now concerns for the long-term health impacts as a result of COVID-19^[53,54], which may cause a future, secondary crisis. Moreover, death has been divided into being directly and indirectly linked to COVID-19. While statistics do not currently show an increase in deaths due to mental health during the pandemic, the Office for National Statistics warn that these numbers should be interpreted with caution due to inquest delays^[54], and it is thus included in the Fault Tree. Additionally, there are concerns of a rise in undetected and untreated other serious illnesses, such as cancer, during the pandemic^[55].

Root causes directly linked to COVID-deaths have been identified as the wait for effective treatment, alongside strains on the health services. These are linked by an OR-gate, as the two events are not necessarily mutually exclusive. Waiting for vaccines has been a global phenomenon, yet some countries have managed to keep hospitals relatively unrestrained. Finally, the economic impact must be considered, where increased public welfare expenditures and a declined GPD have affected, and will continue to affect, the UK economy.

Recommendations and generic lessons

Based on the above Fault Tree, the uncontrollable spread presents as a weakness in the system due to its series structure, as depicted in the RBD and subsequent cut set in Fig. 4. The main lesson to be learned is the impact a failed initial government response can have on the outcome. Additionally, non-compliance with regulations, alongside mutations made the virus uncontrollable. Thus, timely measures in the early stages of the crisis would have been key to restrict future rapid transmissions^[56]. This includes, but is not limited to, proactive lockdowns and effective test/trace/isolation systems^[56]. Moreover, comparing the UK's response to that of other countries could have improved future procedures^[42]. The public health line within the Fault Tree is also vulnerable, as Fig. 4 shows two series structures, where only one box in each series needs to be cut for system failure. Boxes 7 and 8 both deal with strains and reduced capacities within the health services, thus a focus should be on strengthening this, improving resilience for future crises.

Figure 4. 

Reliability Block Diagram of COVID-19 within the UK (left) and Cut Set Analysis of the RBD (right).

As shown in Fig. 5, the incorporation of the hybrid tools used, namely Fault Tree Analysis (FTA), Reliability Block Diagram (RBD), and Cut Set Analysis (CSA), contributes to both understanding of the situation, and decision-making for improvement and mitigation. Hence, through the FTA one is able to understand the situation (problem structuring), particularly in terms of causal factors that contributed to disaster. Whereas, through RBD, one is then able to visualise the relationship between these causal factors. Finally, through CSA, one is able to perform vulnerability analysis of possible failure scenarios, and determine ways of recommendations with regard to safety barriers for both prevention and mitigation.

Figure 5. 

Integration of tools used: FTA, RBD and CSA.

Applying the FTA and RBD to the above case studies have offered insight into the root causes, and subsequent vulnerability gaps, resulting in major failures^[3]. While the cases came from two different domains, respectively security and safety, the models were highly applicable to both. In fact, unpreparedness and non-timely implementation of safety/security measures cut across both cases, despite being in different stages of the learning process.

The 22/7 terrorist attacks have been investigated and already spurred organisational change, with an overhaul of the police service and updated policies^[57]. Despite this, it appears that some lessons have only been learned superficially^[22]. Indeed, the Police Reform has not been welcomed, and is viewed by many as a step in the wrong direction: a de-centralisation reform, centralising the police service^[58]. Worth noting is another right-wing attack by a lone terrorist that was attempted in 2019. The attack was averted after one casualty, albeit not by the police, but by mosque-goers themselves^[59]. Moreover, unpreparedness was central in the 22/7-case, and whilst efforts have been made to strengthen the overall emergency and preparedness response, COVID-19 showed that this was not done holistically^[60]. When COVID-19 arrived, Norway was yet again unprepared. Even more so was the UK, which at the time of writing this paper has not yet officially completed the investigation and identified the learning outcome. However, some lessons can be derived from initial analyses, as mentioned above. The concept of isomorphic learning is interesting here, particularly the relevance of ongoing isomorphic learning from other countries to better inform UK practices.

While the FTA and subsequent RBD analyses are based on official documents and news reports, they are constructed within the narrative of the authors, in which the role of biases must be considered. To add robustness to the analyses, mathematical calculations of reliability would be beneficial. Though, this is beyond the scope of this paper, and the above analyses thus remain a qualitative construction.

However, based on the evidence presented above, it can be concluded that the FTA and RBD are particularly suited for analysing events retrospectively, and consequently facilitate learning – turning lessons identified into lessons learned. Whilst solely relying on retrospective case-oriented analyses present as a weakness within the system of actively and accurately learning from failures^[61], it can aid in the de-blackening of future events; placing these prospective Black Swans within the realm of 'regular' expectation^[6].

Moreover, the COVID-19 case study also highlights the models' applicability to ongoing crises, whereby identifying known root causes and areas of concern can aid in the application of protective layers to actively mitigate (secondary) crisis escalation. Though, to broaden the understanding of ongoing and future risks, further analytical tools such as Bowtie and Resilience Modelling are recommended.

The authors would like to thank the Editor, Reviewers, and Editorial Team for their constructive criticism and support.