One of the canonical design principles of the nuclear weapons safety community is to base the behaviour of safety devices upon fundamental physical principles.
For example a nuclear weapon firing circuit might include capacitors in the firing circuit that, in the event of a fire, will always fail to open circuit thereby safing the weapon. The safety of the weapon in this instance is assured by devices whose performance is based on well understood and predictable material properties.
While the above may seem very domain specific it actually serves as an introduction to the more general problem of how do we ‘prove’ that any system will be safe at some arbitrary point in the future.
Underlying all such proofs is an implicit assumption of what Hume called, ‘The Principle of Uniformity’. Or to put it another way, when we argue from specific to general we are assuming that what we see working locally also applies more generally.
In this case we’re assuming that (for example) current safe behaviour will continue to occur in the future. Unfortunately an argument of this form is an inductive one and we run straight into Hume’s problem of inductive reasoning.
Even more unfortunately for us the more assumptions we need to make about future political, economic, technological or cultural conditions to support our argument the worse our epistemic position and the greater the risk.
One response to such epistemic risk is to try and rest the fundamental premises of the argument not upon such imponderables but instead upon things which we have the most confidence will persist in the future.
Which drives us (as it did the nuclear weapons safety community) to try and base safety upon the laws of physics rather than those of design, procedure or custom as these physical laws have the greatest likelihood of persistence (uniformity) over time.
As an example were we to design a nuclear power plant to be safe in the event of a loss of cooling event then the safety of the plant should be ensured not by a complex ‘add on’ applique of safety systems, but by the plants fundamental physical properties and behaviour.
Similarly if we were designing a long term nuclear waste repository we should rely not upon the design of engineered technologies of encapsulation, as we have no experience in design such systems to survive geological epochs, but again upon the fundamental geology to sequester the waste body.
Given that high consequences demand a very low frequency of occurrence, for such systems we must eschew safety based upon functional and procedural barriers and instead rely upon physical laws and properties.