More accurately, “What happens when engineers make assumptions about the operating environment of whatever they are designing?” because the failures aren’t just about dams or bridges. Why do software engineers continue to build in back-doors to their systems in an era where hackers attack everything? Why do companies sell devices with an embedded computer, and there is no mechanism to upgrade the operating system, or the updates are not checked for authentication? Because they assumed it would be OK. “What could go wrong?” As a sentence in the English language, it ranks with “Hold my beer.”
While looking for an infrastructure failure this week, there were several candidates. Dams built in the early 1900s that failed due to lack of maintenance, or because of record rainfall, which caused a new mode of the structure to be stressed. (In at least one case, both issues were involved.) But I finally settled on an example where the fault lay in the geology, and the fact that the people designing the dam, didn’t take enough of that geology into account before designing the dam. Or in this case, dike, Quail Creek Dike to be specific. (Unclear on the difference between dam and dike, see this link.)
This structure was built in 1984, the associated main dam was completed in 1985 and that is when the reservoir was filled. The dike failed catastrophically on January 1, 1989, though the failure started before then. Quail Creek Dike (Utah, 1989).
The Quail Creek Dike was designed as a 1,980 foot long, 78 foot high zoned earthfill structure.
The lake impounded 40,000 acre-feet (4.934×10^7 cubic meters) of water for irrigation, and as a municipal water supply. As the reservoir filled in 1986, seepage was detected in the downstream toe. It reached 6 cubic feet per second (and then some) by the time grouting was contracted and begun. When grouting was complete, seepage was reduced to 0.3 cubic feet per second. That was 1986. In 1987, a sinkhole was detected downstream of the dike, and more grouting was performed. Seepage in April of 1988, when the grouting stopped was 1 cubic foot per second.
The summer of 1988 was when things started to go wrong, in a big way. More seepage. More grouting. When grout wasn’t helping they brought in 100 cubic yards of concrete and “large amounts” of filler. In September the seepage had been reduced to 0.8 cfs.
Then on December 31st, things went from bad to catastrophe.
“Cloudy” seepage was observed on the morning of December 31. People worked through the day to try and stop it.
By 10:30 PM, the seepage flow rate had reached 70 cfs [about 2 cubic meters per second] and the flow direction had changed from vertical to horizontal with a growing hole at the downstream toe. Unable to control the flow, personnel and equipment were moved to safe locations and a downstream evacuation was ordered. Between 11:00 and 11:30 PM, a wedge 50 feet wide and 25 feet high suddenly dropped several feet, blocking flow temporarily until flow resumed and began removing the collapsed material. Erosion continued toward the reservoir until at 12:30 AM on January 1, 1989, Quail Creek Dike failed, releasing an estimated 25,000 acre-feet [3.084×10^7 cubic meters] of water into the Virgin River and downstream flood plain; the result of a breach 300 feet wide and some 80 to 90 feet deep.
While no life was lost, the damage was about $12 million (in 1989 dollars). Homes, apartments, businesses, roads, bridges, farm animals and agricultural equipment were all lost.
So what caused a dam/dike to fail only 5 years from its construction? QUAIL CREEK INVESTIGATION OFFERS LESSONS FOR FUTURE.
The fault lay in the geology of the foundation, and the lack of study of the same. The engineers drilled 10 cores to sample the bedrock. And it looked good, but there were large vertical cracks in the rock running perpendicular to the dike.
The failure of the dike was caused by significant seepage beneath the dike because the bedrock was badly fractured in places. That weakness apparently was not discovered by engineers who originally planned the dam.The panel of outside experts who examined the dike failure refrained from pointing fingers, but several of them clearly felt that not enough was done in checking out the bedrock at the start of construction.
This is not to say that engineers and designers were careless. The bedrock fractures were a vertical type that are hard to detect, even when some drilling is done. Yet vertical cracks were visible in the bedrock both upstream and downstream from the dam site.
The task force investigating the dike disaster said that “foundation exploration was not designed or complete enough to fully detect seepage problems . . .”
What’s that old saying about “When you assume…?
It seems that once they scraped away overburden and reached bedrock, engineers assumed that it was safe enough to build a dam on. Many times, when things go wrong, the problem can be traced back to some kind of assumption.
This is of course not a new lesson. But it is one that bears repeating. What are you assuming to be true? “He who thinks he knows, doesn’t know. He who knows that he doesn’t know, knows.” That probably has some ancient origin, but I first heard it in a Joseph Campbell lecture many years ago.
There was a Mars lander that was lost because one of the subcontractors assumed that the data coming from the control module was in feet-per-second and not meters-per-second. I can’t begin to tell you how many software systems I have had to take apart and put back together because of assumptions programmers made about the underlying architecture.
How many people today make assumptions about what hackers can decode and what they can’t, or what constitutes decent security, or what F*c*book is doing with all their data?
Assumptions are fine, when the only thing that goes wrong is the new version of Candy Crush is delayed, and it is not so fine when dams collapse and destroy people’s homes and lives.