Last spring and summer, while oil gushed into the Gulf of Mexico, much of the news coverage following the fatal explosion on the drilling rig Deepwater Horizon focused on the blowout preventer located a mile below the surface. As its name denotes, the device's function was to prevent exactly the kind of blowout that did occur. It did not work properly because some pipe from the runaway well was forced upwards into the preventer and jammed the mechanism.
Over a 25-year period, a pre-accident survey had found blowout preventers on about 15,000 other wells had to be activated in an emergency only 11 times. Unfortunately, in five of those cases, the preventer failed, as it did in the Gulf. This 45 percent historical failure rate did not jibe with the 0.07 failure rate claimed during the government-mandated testing of blowout preventers.
Even as lax oversight and testing procedures were being called into question, the oil industry was using this low failure rate to argue for less frequent testing of the complex system of valves and rams that were the last line of defense against a blowout. It was estimated that reducing testing requirements could save oil companies almost $200 million per year.
A blowout preventer is also an expensive piece of equipment to maintain, with an estimated cost of $700 per minute incurred during the time that drilling had to be stopped while the device was disconnected, hauled to the surface, repaired, lowered back down, and reattached to the wellhead. The economics of the situation clearly argued against a conservative maintenance regimen and promoted a culture of risk-taking.
In the case of the oil company BP, whose Gulf operations were directed out of Houston, the culture that developed around deepwater drilling operations was not unlike that of another Houston-based technology. At the outset of the space shuttle program, the total-failure rate of shuttles was estimated by engineers to be 1 percent and by managers to be 0.001 percent. The Challenger accident proved the actual failure rate then to date to be 4 percent, and after the Columbia accident, it still stood at close to 2 percent. Repeated negative experiences with eroding O-rings and shedding insulation were not heeded as warnings. They were taken as signs of the robustness of the space vehicle and promoted a fault-tolerant culture that allowed for what has been called a "normalization of deviance."
Normalized deviance has also plagued the oil drilling industry, where at least some companies have allegedly let the financial bottom line dominate decision-making. Just as NASA managers were emboldened by two dozen successful shuttle flights before the accident with Challenger and, after the hiatus, another 87 successful missions before the disintegration of Columbia, so the low incidence of needing to call upon the blowout preventer in an emergency promoted a sense of bravado in the operation of offshore oil rigs.
It is interesting to draw parallels between the Space Shuttle and oil drilling. While deep water drilling is much more complex than most other drilling, the Shuttle is something altogether different and more complex. In the early days of rocket development, there were many failures. Then, expendables became very reliable, although there are still occasional failures. The thing that differentiates the Shuttle Program is that it invoives manned flight and that it was an attempt to present space flight as a routine, repeatable activity like airline travel. It most decidely is not. Between the high cost and high visibility of the program, failures are magnified. We accept far more danger when we drvie a car.
More people died in the Deep Horizon accident than in the Challenger accident. In addition, there was significant environmental damage in the oil rig disaster than in the Shuttle accident.
Excellent analysis, and the Challenger example spotlights the psychological aspect of the "normalization of deviance" culture which works its way into the engineering mindset in situations where the failure rate has previously been so low that it's easy(easier) to coerce the engineers responsible for ensuring safety that things have been OK for so long, why should this time be any different. In any life situation, there's pressure to conform to the group, and that's exploited in situations such as those described here. That's why when the disastrous consequences come, they seem to be outliers, but in reality they're not and are to be expected.
Just reading Professor Petroski's post reminded me of watching those heart-wrenching images of oil gushing into the gulf and I'm glad it did. Truth is, once disasters like the BP oil spill or Japan's Fukushima are behind us (or at least out of sight in the media), the general public tends to forget and move on, which lets the corporate conglomerates get away with the human failure that Petroski's describes--the finger pointing and internal jockeying for where to place blame. Seems to me that dollars could have been well spent solving the mechanical problem--that is, redesigning or reengineering the blow-out preventor to operate more effectively no matter that it was a complex piece of machinery. Probably would have been far less painful to the bottom line then the PR and environmental recovery effort that befell them after the disaster.
On April 21, NASA launched a novel project, putting into orbit three satellites that employ an off-the-shelf commercial smartphone as the control system.
The legacy endpoint devices that control our critical infrastructure (utility systems, water treatment plants, military networks, industrial control systems, etc.) are some of the most vulnerable devices on the Internet.
In a switched-capacitor filter, capacitors and switches take the place of resistors and accurately reproduce the characteristics of continuous-time Bessel, Butterworth, and elliptical filters.
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 5
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This radio show will show what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
2 
