2.1 A Resilience Moment

The success of the notion of resilience is to be understood in the context of a shift of era. Climate change related events, economic turmoil of countries and companies in international competition, technological developments with uncertain consequences, identities struggling under macro globalised processes shaking the status of nation-states... these trends have created a favourable background for terrorist attacks, natural catastrophes, technological disasters and financial crisis which have in turn created a very favourable moment in history for a notion such as resilience.

Globalisation processes of increased flows of people, goods, information, images, money across the space and time beyond anything comparable in previous epochs have created entire new contexts for nation-states, businesses and populations... and safety. New kind of threats from and to critical infrastructures of our societies — energy, transport, medical, administrative, informational networks — now exist. These threats are both endogenous in terms of managing their sheer complexity and exogenous in terms of terrorists or natural catastrophes exposures for instance. They are global [1, 2].

In this situation, resilience, defined as the ability “to proactively adapt to and recover from disturbances that are perceived within the system to fall outside the range of normal and expected disturbances” [3], or as “the intrinsic ability of an organisation (system) to maintain or regain a dynamically stable state, which allows it to continue operations after a major mishap and/or in the presence of a continuous stress” [4], offers a very generic and programmatic statement in order to cope in a world of greater uncertainties and systemic threats to these critical infrastructures [5].

It is now common to read about the need and call for resilience in a very wide range of publications, in areas such as globalisation processes, ecology, business strategy, urban dynamics, financial markets and personal life. Globalisation should be resilient, economies should be resilient, companies should be resilient, banks should be resilient, societies should be resilient, cities should be resilient, individuals should be resilient, etc. In safety research, the topic of resilience has also gained momentum in the past decade in particular through the thrust of authors in cognitive and system safety engineering [4].

The central idea of resilience derives from first, a deconstruction of the notion of human error, second, a better appreciation of the expertise of front-line operators (their abilities to cope with complexity) and third, a systemic view of safety, aggregating individual trade-offs to infer behaviour of complex systems. Resilience engineering is therefore an approach and practice which looks positively into people’s expertise when facing daily trade-offs, and which aims to combine the aggregated effects of these behaviours at a system level to anticipate their consequences. It shares, with other research traditions, such as high reliability organisations, this methodological perspective which consists in studying the daily operations of high-risk systems and critical infrastructures (rather than focusing solely on disasters [6]). And, both these traditions face the problem of studying safety from a multi-level research.

2.2 Challenges of Multilevel Research

Why undertake multilevel research? Thirty years of research argues for the importance of this methodological problem, as for instance when conceptualising evolution of research topics from technical, human then organisational lenses [7]. If the topic is the prevention of major disruption in safety-critical systems, such as disaster caused by nuclear power plant, aircraft crash or toxic chemicals release, research strategies have to be based on interdisciplinary and multilevel principles.

Indeed, we know from reports (or experience of investigating major accidents [8]) that they are the products of strategic choices and leadership practices by top executives, organisational processes, structures and management, teams and operational actors, regulatory and inspectorate dynamics, material and sociocognitive properties as well as engineering/technological aspects [9, 10].

From these reports, we know that accidents can’t be reduced, for instance, to front-line operators’ activities. Focusing on their work in daily operations fails to provide the broad picture needed for understanding the construction of safety at the scale of what is revealed in retrospect in major events. Engineering design and maintenance of installations are as important, as well as the strategy of companies and its implications for daily operations but also the inspection practices of control authorities.

But each of these topics or areas of investigation (e.g., regulatory practices, company strategy, control rooms operations, technological design) is studied separately through different field of expertise, and it remains, to this date, that an in-depth investigation best illustrates, in hindsight, a multilevel research strategy and the need to consider industrial safety from a broad angle [11]. In fact, what we know of disasters with the help of these exceptional investigations is not, or rarely, matched by studies of daily operations from this multilevel perspective. There are at least three reasons for this, which turn into specific challenges.

Firstly, the resources spent to find out what happened in the aftermath of a disaster allow the collection of a vast amount of data which is not very often available otherwise in daily contexts. In these exceptional circumstances, states are often empowered to proceed with in-depth investigations, to access a diversity of findings and actors, including top actors of multinationals and agencies. Secondly, through the hiring of many consultants, practitioners and academics, such investigations can rely on expertise in a range of scientific disciplines (e.g. engineering, social sciences) in order to make sense, from a diversity of angles, of the engineering and social dimensions of the event. A true interdisciplinary strategy is often applied in this context [12].

But there is a third reason. It is much easier in retrospect to link a diversity of decisions and practices of operators, engineers, managers and regulators and to consider how they occur in relation to organisational structures, cultures and power issues which combine into specific circumstances of technological and artefacts for the accident to happen the way it happened. This problem has been defined as the hindsight bias by psychologists or retrospective fallacy by sociologists or historians.

So a multilevel safety research strategy faces at least three difficulties:

  1. 1.

    Time, resources and broad access to data and actors;

  2. 2.

    Ability to use and associate a wide range of scientific expertise;

  3. 3.

    A clear link between technological potential failures and multiple decisions, including top management and regulators.

These difficulties can be turned into several challenges: cognitive, institutional, methodological, theoretical and empirical.

Cognitive and institutional challenges. Rasmussen, a researcher who shaped the background for the development of resilience engineering, the conceptualisation of a multilevel safety research was precisely the intention of this researcher during the 1990s, something captured graphically by his famous sociotechnical view along with the idea of an envelope of safety [13]. But, although he was at the origin of the intellectual agenda of resilience engineering which developed subsequently, this most demanding research strategy has only been little pursued theoretically or empirically, in relation to difficulty (2) above. Rasmussen anticipated it. “Complex, cross-disciplinary issues, by nature, require an extended time horizon. It takes considerable time to be familiar with the paradigms of other disciplines and often time consuming field studies are required” [13]. I have described this as Rasmussen’s strong program for a hard problem [14].

Studying safety across levels of a sociotechnological system was at the heart of this program and requires interdisciplinarity [14]. It is a cognitive challenge as indicated in the quote first because researchers tempted by multilevel research must become familiar with a range of domains and research traditions. It is an institutional challenge because universities favour disciplinary perspectives. “Such studies, quite naturally, are less tempting for young professors who have to present a significant volume of publications within few years to ensure tenure” [13].

Methodological, theoretical and empirical challenges. But there are other methodological, theoretical and empirical challenges associated that Rasmussen did not discuss in his time, especially difficulties (1) and (3). A first challenge when studying daily operations is what, who, how, when and for how long to observe, meet and connect a very wide range of category of natural events, artefacts and actors creating these complex and highly dynamic networks [10]. There is a diversity of them which contribute to the safe performance of a sociotechnological system.

Based on my experience of the chemical industry, this can potentially concern, depending on the location and size of the plant and organisation, a rather high number of differentiated natural phenomena, objects and individuals ranging from heat, cold, wind, fog, valves, pipes, chemical products to procedures, screens but also software coupled with the activities of front-line operators, site managers, corporate actors and control authorities as well as subcontracting companies including consulting ones (e.g., engineering, management). And it is the nature and quality of their interactions which produces a certain level of safety.

It is precisely through these interactions that safety is constructed on a daily basis, what is crucial is therefore to understand the results of their interactions, which represent therefore a tremendous number of them. For instance, when concentrating on human actors, all of them have a contribution at different levels, whether when participating as a safety engineer to the design phase of a project (e.g., anticipating hazardous scenario), when deactivating as an operator an alarm in a control room or when managing a team as the head of a safety department. The vast amount of interactions between these actors in their natural/atmospheric, software and material environment represents the basis of the daily construction of safety. The aggregated results of these interactions are daunting to anyone interested in the study of safety from a multilevel perspective.

It is clear that only prolonged periods of time can allow an external observer to get to appreciate these complexities, but also to make sense of them... Rain, cold weather, heat, storms, valves, chemicals, texts, diagrams, screens, formulas, tools, procedures, logs, reports, symbols, practices, operators, safety or maintenance engineers, production or site managers, actors of unions, CEO, control authority inspectors, etc. It is this mix of material and social networks which ensures reliability, resilience or safety.

This creates methodological challenges which are financial (funds available for prolonged fieldwork) and access to data combined with legal issues (especially when it comes to top decision makers). Another one is whether such an approach should be implemented by one or several researchers, one problem being to coordinate points of views when multiplying expertise and researchers.

When one can pay attention to this diversity of interconnected and distributed artefacts, objects, individuals and contexts whether climatic or institutional, one is baffled by the ability of these “ecosociotechnical” networks to remain within the boundary of safety performance given the infinite number of adaptations produced in real time and the associated flows of decisions taken. This is precisely why the solution from a research point of view is often to focus on one aspect of the problem, say, the study of process operators’ interactions in a control room, the study of a maintenance team and service interactions, the study of leadership of the management of a department or the study of a chemical reaction. And, it is particularly convenient because it is precisely how some disciplines have established themselves, namely by specialising in certain themes corresponding to a degree of description of phenomena. The problem becomes one of relationship between parts and whole when involved in a multilevel study.

How to grasp the whole when one has only tools and concept for looking into parts? If one can look into the interactions of a team at the shop floor level, the conditions under which they produce their expert tradeoffs on a daily basis are products of organisational features, engineering design and strategic orientations of companies. There is therefore a need to look into the interactions of a lot of actors in the way they combine to shape these interactions. Because it is impossible to look at everything, choices must be made of who, when, where and how to look and to probe, then access to observations and interviews must be granted (which is much easier when it comes to process operators than to executives!), so the methodological challenge is also tightly connected to a theoretical one.

When one is potentially granted access to a very wide range of situations as described above, how to organise the material collected to interpret findings in relation to the topic of safety? The problem is that the amount of data produced is potentially huge and an intellectual background for organising these data is needed, which leads to the question of the availability of a model (or several) to do this. Because there are many different angles of observations related to different domains of knowledge, the model supporting the links between them is one crucial aspect which is a theoretical challenge. Graphical models have been key to help frame this complex issue [6, 9], but they can only help structure our mindset, and analytical developments are also needed. Moreover, sometimes, areas of great interest for safety are also not investigated. One example is the field of strategy decision making, for which one needs to produce specific research to better approach this important dimension from an empirical point of view.

Finally, another challenge is to deal with trends of our contemporary world of globalised activities with intense and uncertain market competitions (Sect. 2.1 above). The current operating conditions as introduced in the first section create difficulties for any research, first because organisations are not stabilised and are likely to evolve quickly (which can restrict the validity of interpretations to a limited period of time), second, because many organisations are now part of worldwide networks and information infrastructures which connect actors from multiple locations over the world, and in multiple entities. This last point also indicates the problem of understanding local realities with a view of the macro trends affecting the constraints of safety critical systems, such as standardisation, outsourcing or financialisation, to select a few of the trends of the past decades associated with globalised processes [15]. This in an area where research is needed too.

Multiple challenges of multilevel safety research. The table summarises the challenges of a multilevel safety research as briefly (more can be found in [16]) addressed in this chapter and which derives from three difficulties: time and data access (1), interdisciplinarity (2) and link between potential failures and decisions (3). These difficulties are decomposed in cognitive, institutional, methodological, empirical and theoretical challenges summarized in Fig. 2.1.

Fig. 2.1
figure 1

Short description of challenges of multilevel safety research

2.3 Conclusion

Resilience is a notion resonating with the current moment of history where surprises of different kinds have become part of our expectations, requiring the ability to both anticipate and react in a timely manner for a diversity of situations, including, among other, extreme natural events, terrorism, technology breakdown or financial disturbances. This contemporary situation requires from safety-critical systems an ability to adapt to uncertain and potentially fast changing environments. Resilience engineering addresses this topic, as other research traditions, such as high reliability organisations, both facing the problem of multilevel research of the complex, networked, globalised and constructed nature of safety. When following such a multilevel strategy, researchers meet cognitive, institutional, methodological, theoretical and empirical challenges.