DTK :: Rissler, P. - DIMENSIONING OF THE DESIGN FLOOD AS PART OF A RESERVOIR SAFETY CONCEPT (German Dam Research ...)

Deutsches TalsperrenKomitee (DTK)
MITGLIED DER
INTERNATIONALEN TALSPERRENKOMMISSION (ICOLD)

URL dieser Seite

Dimensioning of the design flood as part of a reservoir safety concept

P. Rissler, Ruhrverband, Germany

Some basic ideas on safety analysis for reservoir dams and the related analytical tools are discussed, with particular reference to selection of the design flood. The author draws attention to some advantages of the probabilistic approach to risk analysis.

Recently published as a yellow paper, the revised DIN 19700 includes, for the first time in Germany, elements of a probabilistic-based approach to the world of reservoirs and dams. A generally conclusive regulation for the dimensioning of the design flood for reservoir systems is set out.
The probabilistic approach has, as its long-term objective, assessment of the failure probability of a given structure, in this case a dam, or an attempt to quantify the risk that ensues as a result, so as to be able to:

compare the occurrence probabilities and/or the concomitant risk of different failure mechanisms with one another;
recognize unacceptably high risks and to avert them; and,
quantify the overall failure probability of the dam and the overall risk which results from that construction.

However, this assumes that procedures capable of ascertaining failure probability exist for all aspects of a dam construction, and for all the relevant mechanisms.

This article will therefore outline fundamental considerations, look at the required tools, indicate gaps in our present knowledge, and attempt to give the dimensioning of design flood its rightful place in the process.

1. Event sequences

Generally, and as seen from the deterministic approach which has been taken until now, the safety of a structure against failure is verified by comparing influences with resistances. Influences and resistances are thus accepted as deterministic variables.

If the resistances are sufficiently stronger than the influences, this is considered adequate. It is only indirectly, via the safety coefficient, that consideration is given to the fact that both are variable. Also not taken into consideration is the realization that overload at a particular point need not necessarily lead to a failure of the whole structure. On the one hand, the effects may only be local; on the other, overall function may be only partly restricted.
In the case of a rockfill dam, for example, a slope failure at the downstream face does not automatically lead to the spontaneous and uncontrollable escape of water because:

the landslip might leave the crest of the dam undamaged; or,
the water level might be naturally low anyway (or low as a result of precautionary measures already taken) so that the remaining portion of the dam after failure is not overtopped.

In other words, the failure of part of a dam cannot be equated with the loss of operational capability or, indeed, with a catastrophe waiting to happen. As a rule (or at least more often than not) the ‘dam system’ will reveal powers of resilience over and above partial failure.
Another example of system resilience lies in observation and measurement. Operators are required to inspect their dams regularly and to carry out safetyrelated measurements [DVWK, 19911]. This safety measure would not be stipulated if it did not promise an increase in safety levels.
In any safety analysis, then, we need more than mere proof that one component will not fail. We need to consider the event sequences which begin with the event triggered, and which can lead to different outcomes depending on the situation, on the reaction of additional components (the multiple barrage principle, for instance) and on the actions of personnel involved.

Event sequences can be systematically analysed by an event tree (or fault tree). The example given in Fig. 1 shows one possible event sequence for erosion in a zoned dam, and shows graphically that, in many cases, design, quality assurance and organizational measures are involved or could be involved in the prevention of an undesirable event.

2. Event and failure probabilities

An occurrence probability (pfi) can be allocated to a triggering event, just as probabilities (1-pfi) can be allocated to reactions, in such a way that they are successful (Fig. 2). The overall probability of failure (those that are the paths in Fig. 2 marked with an ‘F’), thus ensues, as shown in Fig. 3.

3. Hazard diagram

Figs. 1 to 3 indicate the formally conceivable ramifications of a single scenario, in this case, that of erosion. A dam, however, is endangered by all kinds of influences. ‘Hazard’ is the superordinate definition for anything that can cause the dam not to function as designed. Hazards can lead to:

malfunctions;
damage; and,
failure.

However, here we will only look at the hazards which can cause dam failure.

The total of all hazards at a specific structure is given if, in a rectangular scheme, the components of the dam (Where?) can be entered on the one axis and all conceivable influences (By what cause?) can be entered on the other.

Not every item in this scheme indicates a hazard, but it does permit all possible hazards to be traced. Different items will be occupied for different kinds of dam structures. A scheme which applies generally to dams is shown in Fig. 4; a more compact depiction, showing the hazards relevant to the Bigge reservoir, is shown in Fig. 5.
Each item in the compact hazard diagram is the start point for the development of one or other of the event trees.

4. Ascertaining event probability

4.1 Necessary differences

We have already seen from Fig. 1 that individual influences can originate in very different spheres.
Therefore, the probability of the events and the reactions can only be determined in a number of different ways. We usually refer to three ways:

calculations anywhere where the physical and numerically verifiable boundaries are present;
the (statistical) evaluation of experiences; and,
free assessment or engineering judgement.

Table 1 gives an overview of the hazards which might be enumerated from the vantage point of today.
It should be stressed that this will naturally lead to varying degrees of outcome.

4.2 Physically and numerically verifiable threshold conditions

We will show here how in principle it is possible to derive event probabilities from existing threshold conditions.
For materials such as soil and rock as well as concrete and steel, various relationships are governed by the Mohr-Coulomb law which states the dependency between compressive strength and the parameters of c and j (Fig. 6). Assuming that, for the purposes of ascertaining failure probability of a dam slope, there are enough adequate test results for c and j, then these may be depicted in an appropriate c-j diagram as points. Both c and j form a frequency distribution of their own, yet both together exhibit a bell-shaped distribution across the c- j level (Fig. 6). Each point on the c- j level, however, also corresponds to a specific safety value h. From this we can construct lines of h = const (Fig. 6), one of which, h = 1.0, touches a contour line of the bell-shaped distribution. The point of contact indicates the failure probability of the slope.

Over the past few years, and prompted by the goal of developing a reliability analysis, useful probabilistic models have even been developed for physical processes which previously avoided strict calculation.

Worth singling out as an example would be the methodology published by Witt and Brauns [19882] which describes the erosion and filtration behaviour of earth materials. It is based on an estimation of the probability that a fine grain in a mass of earth acting under the force of the gradient will find a consecutive row of pores that are so large that the fine grain can move through.

4.3 Via the evaluation of experience

By ‘experience’ we mean here our knowledge about the frequency and size of certain events, for example, that of flood, regional distribution and the magnitude of earthquake events. We can also include in the same category the statistical distribution of wind, waves, ice and rare temperature occurrences.
What is common to them all is that, from a restricted period of observation, one has to point to extreme influences that, statistically, only ever come about over very large time intervals. The whole problem of extrapolation from such a series of observations need not detain us here.

4.4 Free assessment engineering judgement

Table 1 shows a series of risks and events for which the probability of occurrence and/or failure can, at present, only be determined by engineering judgement.
This, at least in the field of reservoir management, means procedures such as observation, measurement and inspection. We have already mentioned that regular measurements and inspections along the dam do have a certain safety-promoting function.

Nevertheless, it is not yet possible to quantify the benefit, which is why it is not normally integrated into any safety analysis. This is unsatisfactory because, even from the point of view of the economic use of resources, it would seem reasonable to evaluate dam monitoring procedures and optimize them. A beginning was made in the reservoir sector more than 10 years ago; however, this work has not yet been built on [DGEG, 19883].
Measurements and inspections have short-term and long-term effects on the level of safety of a dam. Of short-term significance are those monitoring procedures which allow for the early recognition and/or prevention of failure scenarios which occur suddenly and without warning. Of long-term significance are those systems which permit the behaviour of the dam to be followed over time. In terms of reliability analysis, the former are particularly important and should be incorporated, with priority being given to:

seepage quantity measurement;
the observation of water pressure in the dam and in the abutment; and,
the observation of non-elastic movements on the slopes.

One (certainly formal) example of how this might happen for the event erosion is shown in Fig. 1.
In this context, relatively straightforward accounts [Rissler, 19984] together with documentation on collapses which have occurred (USBR, 19775; ICOLD, 19746] already show that monitoring procedures as a contribution to the prevention of undesirable incidents have to be very reliable in terms of time and space if they are to offer any kind of success.
This not only applies to observations, measurements and inspections as such, but also, to an equal extent, to the follow-up phases of ‘decision’ and ‘countermeasure’.
All of this suggests that human intervention can be especially beneficial in the case of retrograde erosion processes and landslips in the vicinity of the reservoir banks, whether this be aimed at prevention per se or at easing the effects. During any evaluation for a safety analysis, one would therefore have to weigh up whether the trio of observations, measurements and inspections can be carried out with any kind of precision, reliability and frequency. Since this, at the time of writing, is still most difficult to judge, we will leave the safety-promoting effect of human intervention outside our remit.

Table 1 shows a further finding. Any reliability analysis which is conducted before the start of construction and which includes uncertainties caused by construction errors and serious breakdowns in communication must, automatically, produce more unfavourable results than a similar analysis carried out at the end of trial operations, that is, at a time when the dam has already proven its functionality. We are dealing in both cases with the same structure, and the failure probability as such has not changed, but the knowledge about the behaviour of the structure has grown.

This in turn implies that any reliability analysis is timepoint related. As the above example shows, the analysis conducted in those circumstances will lead to more favourable results, the longer the dam has been in operation. Yet an opposite development must be taken into account as well. Structures age and, as a result, new hazards come into play. Dams which have been in operation for a long time are, perhaps, no longer as carefully monitored as at the beginning.

Dams can also change owners; the new management may see profit maximization as the highest good; timely repair work may thus be postponed.

5. The data situation

5.1 Basic considerations

Conducting a probability-oriented safety analysis assumes that data are available for all influences which are naturally variable, as well as data which describe the variations. This can apply to resistances and to influences, that is, to material parameters, to pressure, to the frequency with which certain events occur and to the success or lack of success of control measures.
Previous experience has shown that the data situation is generally problematic for the application of a probability- oriented reliability analysis. In particular, if the analysis is to take place in retrospect, that is, after the period of construction, and if, in the process, only data from laboratory trials and field trials are used (for the purposes of identifying design parameters) and/or from quality controls at the construction site which is usually generated for a deterministic evaluation, then large deficits will ensue [DGEG, 19883]. As a rule, the number of samples is simply not enough to be able to define even halfway plausible statistical parameters.

Having said that, one can permit a few simplifications without committing any serious error. Thus, as outlined in Table 2, we can accept many influencing factors as being of a deterministic nature, even though, strictly speaking, they are also probabilistic.
The data situation is fundamentally problematic as regards soil and/or the abutments. Only rarely is sufficient information available or obtainable for the demand for adequate statistical material to be met.

Even more difficult is the problem when one aims to carry out a reliability analysis on a structure already in existence since it, the dam, is likely to cover the bedrock, thus making all the more difficult the retrospective collection of data.

6. The influence of human reliability

In Section 4.4, the influence of observations, measurements and inspections was mentioned, and it was pointed out that, at present, it is still very difficult to build these into a reliability analysis.
Seen from the angle of such analyses, observations, measurements and inspections reveal two components:

technical reliability for the recognition of hazardthreatening indicators; and,
the reliability of the person carrying out the measuring, notifying, organizing and decision making functions.

It can be assumed that, in the field of reservoir management, a survey of the human reliability factor in connection with the requirements set out here has never been carried out. On the other hand, a study of human reliability in the field of nuclear power stations was published in the USA as early as the 1980s [Swain and Guttmann, 19807], and may be taken in analogy. The factor is also detailed in terms of qualification levels, fatigue and stress, and so on. In Reference 3 [19883] from which Table 3 is taken, this attempts to estimate HEP (Human Error Probability) in the case of activities involving monitoring instruments and noting things down.

7. Acceptable risk

7.1 Some considerations on residual risk

The fact that even the extreme values caused by natural forces cannot be given in any reliable way means that we come across ample use of unfavourable and extreme-value-similar conditions of assessment. Even if this, as a rule, is not made explicit, we should be aware that there always is a certain residual probability for excess which, in turn, implies a residual probability of failure. The logical consequence is residual risk.
At the most recent DIN 19700/10 Committee deliberations about dimensioning of the design flood, there was detailed discussion on how to do it full justice. In the first place, honesty demands that we admit that over and beyond the flood events which are assessable, even more extreme events could occur.

In the second place, there was some consensus that the dam itself should not be burdened with this residual risk. For that would imply a situation which does not exist in any other branch of engineering, please see Deutscher Bündestag [19998] and which would put the engineering product of dam or reservoir in a worse position than others. After all, the uncertainty that extreme high water represents for a dam could be, say, the uncertainty that the size of the most extreme gust of wind represents for an aeroplane or that which the most extreme kind of wave means for a ship. If we were to factor in an encounter with this residual risk for those engineering products too, then no plane would take off and no ship would leave its harbour.

Even atomic law and bioengineering legislation distinguishes between non-acceptable risk and acceptable residual risk.
There can be no doubt that the society which requires engineering structures and which is prepared to document this in the form of executive or administrative permits will accept residual risk to a certain extent. For this reason, the DIN Committee eventually decided that residual risks with floods should be shown and evaluated accordingly. That is the state of debate as of the July 2001 meeting. Further discussions are scheduled, although no additional loading case should accrue as a result. However, the author is of the opinion that this must happen if it is intended to come up with any useful statements, perhaps as set out in Table 4 by way of an example.

To calculate such risk, each line in Table 4 is allocated the occurrence probability of the event x × BHQ2 (1.0 < x < [ e + ?]) to evaluate the consequences realistically.
In addition, in relation to this example, one would have to establish sufficiently reliable models (with regard to width, stability, vegetation) as to the erosion behaviour of special dam crest structures with a view to estimating the effects. According to the case put forward by Kleeberg and Schumann [20019], the former might well take some time to come about. To estimate the consequences of overtopped dam crests, goal-oriented research would have to be initiated.

Independent of these considerations, line 8 in Table 4 indicates that the scale of possible consequences is always fairly open-ended. In other words, any reasonable scenario implies an even more horrendous outcome! One only has to make clear here what large variations in results the different methods for ascertaining the PMF (probable maximum flood) serve up or, equally, to demonstrate what huge surprises the DVWK Information Sheet 20 ‘Maximized Regional Rainfall Levels for Germany’ caused. It would be naïve to believe that this development has already found its natural end. This all leads inexorably to the realisation that, in everyday practice, faced with financial constraints, it is not always possible to eliminate all risks, a realization which undoubtedly forms the basis for society’s acceptance of risk as mentioned above.

7.2 Acceptance limits (‘acceptable risk’)

In Germany, acceptance limits for the loss of assets or even human life are not discussed, documented or socially defined (at least in public). It tends to be an area of debate left to insurance companies and, probably, military planning units.
In other countries, however, things are different (sometimes considerably so). In 1997, for instance, the author had occasion to attend an ICOLD Risk Assessment Workshop in Trondheim where representatives from various countries talked about their concepts and, in some cases, about the implementation of the concepts. The conclusions reached at the workshop are detailed in a previous paper by the author [Rissler, 199810]. It is sufficient to say that there is basic agreement that discussion should take place and include the issue of human life losses. To do so, what is now known as an F-N diagram was devised to allow these acceptance limits to be shown. Various F-N diagrams from different parts of the world were presented, clearly based on the risks that prevail there.

Fig. 7 shows a proposal submitted by the US Bureau of Reclamation (USBR). Via the ordinates in logarithmic scale, the diagram focuses on the annual failure probability of a dam and, via the abscissa, also in logarithmic scale, the humans live potentially threatened as a result. Each item within the diagram stands for a risk R in the form of:
R = p_f × L _f where p_f represents failure probability and L_f represents human lives.

In the diagram, the USBR defines different levels of risk as follows:

small risk, that is, fewer than two endangered persons with economic considerations dominating in the risk reduction scenario;
high risk, that is, more than 200 endangered persons with the requirement that this be proven by the best available methods and that it be reduced by unfavourable load assumptions and adherence to the multiple barrage principle;
acceptable risk, that is, a risk factor lower than R = 10^-4 according to Eq. (1) (Line A-A in Fig.8);
unacceptable risk, that is, a risk above the factor of R = 10^-3 (Line B-B in Fig. 8); and,
still tolerable risk, that is, 10^-3 > R > 10^-4 (Fig. 7).

If one enters the individual life risks set out in Table 5 on to this diagram, one sees that the general individual life risk for normal citizens (= normal jobs, normal risk of accident) is somewhat larger than R = 10^-4/year, whereas the risk for a person with a more dangerous occupation and/or with an unusual sport as a hobby is at somewhat higher than 10^-3/year.

If, however, one adds up the fatality risks in Table 5 for normal citizens (Case 1) and for those who go about a risky job and also have a passion for high risk sports (Case 2), then, based on the simplified notion of all life risks as set out in Table 5, one would arrive at an annual individual death risk of 3.45 × 10^-3/year (Case 1) or 9.15 ×10^-3/year (Case 2). In fact, because of the incompleteness of the Table, the real figures would be higher.

Assuming that the general individual life risk of a normal citizen may not be essentially affected by the existence of a nearby reservoir, an additional individual life risk of R < 10^-4/year would be acceptable and R < 10^-3/year just about tolerable. This reflects the value pairs compiled in Table 6. It is the view of this author that these estimates could, in principle, be applied to German society.
Therefore, according to this theory, the failure probability of a dam which would put many people’s lives at risk if it failed would have to be lower than with a dam the failure of which would only endanger a small number of people.

This is a theory, of course, which is in contradiction to the prevailing opinion in Germany which holds that all dams (irrespective of the immediate environment) must be so safe that probably, if not certainly, no failure will ever occur. By tacitly agreeing that the probability of failure is infinitely small, we in Germany have hitherto declined to conduct risk assessments.

7.3 Comparison of DIN 19700/10/11 E with the USBR recommendation

How, then, does the USBR recommendation compare with the intended guidelines of the new DIN 19700/10/11 E in the event of floods? For dams, the DIN 19700/10/11 E sets a design flood BHQ₂ with a recurrence interval of 10 000 years which corresponds to an occurrence probability of 10^-4/year. The dam, therefore, may not fail, and this has to be proven.

In the light of the above remarks, this requirement is independent of risk, and independent from the potential size of the damage, and thus deviates from USBR recommendations.
Assuming that the dam were to collapse as a result of slightly greater strain and only one person were endangered, then the DIN 19700/10/11 E requirement would just meet the acceptable risk criterion (Point X in Fig. 9). If, however, the dam, when exposed to these extreme conditions, were to pose a risk to ten or even 200 persons (Points Y and Z in Fig. 9), then this would considerably exceed the yardstick of ‘tolerable’.

Indeed, it would be unacceptable; and if the limit of an acceptable risk were reached (that is, 10^-4/year/person), even with assumed largest number of potentially endangered persons, then extra measures would be needed to reduce that risk.
It must be proven, for example, that a dam will withstand exceptional flood levels without collapsing. Since there are no reasonable extrapolation tools available, we could and should fall back on the PMF in these extreme areas.

Alternatively, though, it could be shown that engineering design measures will come into their own in the case of such an event. If the dam was built along strict multiple barrage lines, then these precautions should bring on the required risk reduction. Similarly, a dam crest able to withstand occasional overtopping could also contribute to the minimization of risk.

That being so, the new DIN 19700/10/11 should indeed address the call for a reduction of risk in addition to evaluating the residual risk, and formulate it in such a way that the whole ideal of acceptable risk is taken into account.

8. The Ruhrverband dams in this context

As yet, no reliability analyses based on the probabilistic approach have been conducted on the dams operated by the Ruhrverband as a result of experiences gained in the processing of the BMFT Study [DGEG, 19883].
Nevertheless, a few major conclusions about safety assessment can be derived from the earlier part of this article.

All the main dam structures at large reservoirs are able to withstand a PMF without the crest overtopping. Therefore, in the event of extreme flood levels, the conditions identified for the case of potential risk to large numbers of people have also been met.
There are no large dams where a sudden collapse could occur within the dam mass as a result of piping. This is the result of the structural design. Two of the dams (Bigge and Henne) exhibit two-layered surface sealing with an intermediate drainage layer, as well as an internal bituminous protective zone which is also supplemented by a massive protective structure within the crest. Fig. 10 shows a cross-section view of the Henne dam. The other two dams (Sorpe and Verse) were built at the centre with a continuous core wall made of concrete, as shown in Fig. 11. In the case of dams with surface sealing elements, any leakage in the sealing would manifest itself by seepage appearing in the drainage zone between the sealing layers. Even if this incident were to escape the attention of the operating personnel, piping could not occur as the protective zone would prevent it. In the case of dams with a concrete core, water could only ever seep out as a result of concrete cracking, and such problems have indeed arisen in the past. However, the quantitative progression of seepage water has always been so slow that we could respond without any difficulty [Rissler, 200011].
In the case of dams with a surface sealing element, the scenario of ‘rapid sinking of water level’ (which would lead to an upstream slope failure) is irrelevant. The concomitant failure probability is therefore precisely zero.
In the case of the two dams with central concrete cores, Sorpe and Verse, the lowering speed of the reservoir is comparatively low: at Sorpe approximately 1 m/day; at Verse about 0.5 m/day. The various upstream support masses are highly permeable (rock backfill). Until we have more precise evidence, we can assume that no unacceptably high porewater pressures can occur. In other words, the scenario of ‘rapid sinking of water level’ can be discounted here too.
Because of their crest protective structures, the Henne and Bigge dams comply fully with the multiple barrage principle.
The protective structures in the crest are, as far as is humanly assessible, able to withstand any deliberate attempt to damage the dam crests and thus to trigger a dam failure.
All of the slopes adjacent to the reservoirs are so flat that landslips which could cause floods need not be feared.

Thus the hazard diagrams, compared with that shown in Fig. 5, for example, become somewhat simpler. Therefore, a reliability analysis takes only relatively few scenarios into consideration.

9. Conclusions

This article has outlined a number of basic ideas about a comprehensive safety analysis for reservoir dams and related analytical tools. Some gaps in our knowledge were looked at and an appropriate place for the determination of the design flood was found in this safety concept.

This led almost automatically to the question of ‘acceptable risk’ and some pointers were given for answers, and also for certain developments worldwide.

It is hoped that this article will prompt renewed interest in the probabilistic approach. Finally, it is worth recalling that many different branches of engineering have already tackled this subject matter.

References

DVWK, (German Association of Water Management and Cultivation), Leaflet 222, 1991.

2. Witt, K.J. and Brauns, J., "Erosions- und Filtrationsverhalten von Erdstoffen. Sicherheitsuntersuchung auf probabilistischer Grundlage für Staudämme".

Study for the Bundesministerium für Forschung und Technologie; 1988.

3. Deutsche Gesellschaft für Erd- ünd Grundbau, "Sicherheitsuntersuchung auf probabilistischer Grundlage für Staudämme". Safety study for the Bundesministerium für Forschung und Technologie; 1988.

4. Rissler, P., "Talsperrenpraxis", Oldenbourg Verlag, Germany; 1998.

5. US Department of the Interior, Teton Dam Failure Review Group, "Failure of the Teton Dam, a Report of Findings"; April 1977.

6. ICOLD, "Lessons from Dam Incidents"; 1974.

7. Swain, A.D. and Guttmann, H.E., Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications. NUREG/CR-1278, Sandia; 1980.

8. Deutscher Bundestag, "Sondergutachten des Rates von Sachverständigen für Umweltfragen: Umwelt und Gesundheit – Risiken richtig einschätzen", Deutscher Bundestag, 14. Wahlperiode, No. 14/2300, December 1999.

9. Kleeberg, H.-B. and Schumann, A.H., "Ableitung von Bemessungsabflüssen kleiner Überschreitungswahrscheinlichkeiten".

In: Wasserwirtschaft, No. 2; 2001.

10 Rissler, P., "Risikoeinschätzung für Talsperren – Internationale Entwicklungen". In: Wasser & Boden, 50/9, 24-29; 1988.

11 Rissler, P., "Sanierung des Sorpe Haüptdammes nach dem Düsenstrahlverfahren"; 15. Christian Veder Kolloquiüm, TU Graz, Austria; 27-28 April 2000.

Prof Dr-Ing Peter Rissler obtained his Engineering Diploma at the Technical University of Munich, Germany in 1968. He became Assistant Lecturer at the Technical University of Karlsruhe, and then Senior Lecturer at the Technical University of Aachen. In 1977 he was awarded his Dr-Ing degree with distinction, and at the same time he was awarded the Borchers medal. His thesis was entitled "Definition of water permeability of fractured rock". He then joined the Ruhr River Association as Head of the Planning Department, where he is now Head of the Reservoir Division. In 1995 he was awarded the title of Honorary Professor at the Ruhr University, Bochum, Germany.
He was General Reporter for Q74, ‚‘Performance of Reservoirs‘, at the 19th ICOLD Congress in Florence, and is currently Vice-President of the German Dam Committee.

Ruhrverband, Kronprinzenstrasse 37, 45128 Essen, Germany.

P. Rissler