Re: Device's Design Flaw Let Oil Spill Freely

Poor quality of design.

ISO 9001 is an international quality management standard. Section 7.3 of this standard requires that all designs be validated. In other words, you have to prove that your assumptions and design calculations really work.

FMEA (Failure Mode Effect Analysis) and FTA (Fault Tree Analysis) would most likely have detected the assumption that the drill pipe must be close to perfectly centered for the shear to cut the drill pipe successfully.

Since when are things "perfect" in a disaster?

When will we learn that prevention is the best medicine. I estimate that the ISO 9001, FMEA, and FTA would have been an investment of close to $300,000 for this complex blowout preventer.

The manufacturer of the blowout preventer saved $300,000 and everybody else loses $ billions. How's that for customer service?

When will we learn?

How good were the tsunami defenses? How much did Japan's nuclear plant save by similar follies in bad decisions, short-sighted goals, and short cuts (inspections skipped for a nice meal and hot springs at a resort. Now look what it cost.

Re: Device's Design Flaw Let Oil Spill Freely

LOL. They can criticise the "design flaws" all they want. We can apply all the ISO quality controls, FMEA's, FTA's and whatever else to the design, manufacturing, testing, usage and maintenance of the BOPs. I have no doubt all of this will lower the risk of the next blow out.

But offshore blow outs were already rare events compared to the number of wells drilled...as are nuclear plants inundated by earthquake induced tsunamis. I've said this before: The only way to ensure there is never another deep water blowout is to stop drilling in the deep water.

The risk of a blow out is not the main issue. It's the consequences of a blow out that matter. That's the choice our societies have...

Re: Device's Design Flaw Let Oil Spill Freely

I agree these are rare events. As you accurately present, when they occur, they are cataclysmic events. Humans tend to do a poor job of assessing and deciding upon extremely small odds with extremely high consequences. In comparison, we do well with high probability events (eg. finger on hot stove, slip on ice, etc.).

I agree there will always be some residual risk. If we do nothing but hide under our beds, there will be other significant risks from our inactions. However, errors in design, manufacturing, installation, and maintenance will make blowout much more likely. These are needless risks that we can avoid if we do as we know we should.

If we were to do everything the way we know and should, and the residual risks are still not acceptable, then we shouldn't start.

If you imply that the root cause of all this is our insatiable need for energy, then I agree.

As you know, there are best practices in the oil industry, API can improve these (eg. BP's refinery explosion from in-process vent drum which recently killed many and $ millions in damage). Government regulations need to be effective & enforced, and industry needs to comply.

Re: Device's Design Flaw Let Oil Spill Freely

I don't disagree with anything you have said Glenn. My concern is that leaving the perception that a "design flaw" was responsible for allowing the blowout, and that correcting it will prevent such an event in the future is irresponsible. But that's exactly what the false assurances to the public by our elected leaders and appointed regulators attempt to do with frightening frequency...and sometimes equally frightening consequences now. In the case of our banking system nobody died from our incompetent politicians and corrupt corporate executives. The same can't be said in many other instances.

Most engineering meets the standards to which it is designed. Most standards contain a trade off between cost and performance, or cost and "safety". The idea that increased "safety" has a price is neither politically correct nor willingly spoken of in polite company. Compound that by devices and structures that are occasionally not constructed in accordance with the engineering design, and we have a very volatile mixture looking for an ignition source.

Let's take a look at a timely example...the Diablo Canyon nuclear plant in San Luis Obispo County, California. I made my first trip to California as an engineering student in 1977, when the Nuclear Regulatory Commission was still debating, amid significant public protest [this was two years before TMI], whether to allow the start-up of the twin-reactor facility, which had been completed four years earlier.

The plant was originally designed and approved for construction for a magnitude 6.75 earthquake. Before completion an additional fault was discovered by Shell Oil geologists 2.5 miles offshore the location, and since that fault [the Hosgri] was believed to be the source of an earlier earthquake that exceeded magnitude 6.75, Pacific Gas and Electric was required to reinforce the reactor design to withstand a maximum 7.5 magnitude quake. In 1981 PG&E discovered that there was a problem with the construction of the additional seismic reinforcements for the reactor cooling systems. From the NYT at the time:The NRC approved the commissioning of the reactors in 1984 - apparently without requiring PG&E to correct the construction flaws.

The plant is again a source of controversy because PG&E has applied to the NRC to renew the operating licences of both plants and extend them for an additional 20 years beyond the current 2024 and 2025 expiries.

In the meantime yet another new fault, the Shoreline strike-slip fault, has been discovered offshore within a mile of the plant site [the infamous San Andreas fault is 45 miles inland from the plant location].

Now it's quite possible that this plant could operate for another 35 years or more without incident. But given the outcomes being telecast into our living rooms every night from Fukushima, I think this brings home the issue of the trade offs that our societies have to make. And since it's impractical to negotiate and agree to a course of action with each and every potentially effected citizen, we have to depend our government institutions, including our elected officials and regulatory authorities, to represent the public interest. But do we still have sufficient confidence and trust in those institutions and the individuals that serve in them?

Shutting down Diablo Canyon has immediate known economic and other [curtailing "carbon-free" energy for example] consequences [PG&E claims the plant has a direct annual $740 million economic impact within the State of California]. Allowing it to continue operating has potential future consequences, not all of them necessarily pleasant.

The plant was allowed to be built in a known active tectonic zone, perhaps in a location that might not be approved today. What should the Nuclear Regulatory Commission and the California Public Utilities Commission decide?

Not an easy question to answer.

Re: Device's Design Flaw Let Oil Spill Freely

I see your point, and agree.

For example, there has been testimony and documents on BP's Gulf release that they were warned about sudden overpressure (as reported by others in the area), they used non-recommended well casing, they drilled far faster than usual, they chose not to use the recommended number of centering guides, they had a lower weight mud, they didn't perform their safety checks on deck nor with the BPD, etc.; all for the purpose of bringing the well to production faster, lower cost, and higher profits.

Where were the regulators who were supposed to be checking and ensuring? I understand that some of them were snorting coke, have office sex, running businesses on the side, and doing golf and BBQ's with the industry insiders in a very cozy relationship. Where were their bosses who were supposed to ensure the government workers were doing their job? Could this vacuum of regulatory oversight been prevented by doing a risk assessment that a field office might go off the tracks, and how will Sr. management prevent, or early detection of this risk. Should regular field audits be conducted and file reviews? Today, this seems like a good idea. Under ISO 9001 Quality Management Systems (or equivalent), this regulatory risk assessment and external third party auditing could and should have been the norm.

If only it had been done right from the beginning.

Dr. Edward W. Deming Profound Knowledge tells us about the unknown and the unknowable. No matter how smart we think we are, there are unknown and unknowable factors.

For your other example, assuming the San Andreas was the only significant fault line near the plant is quite an assumption. I have seen the fault line and earthquake epicentre location map for California. There isn't much territory that isn't on or near a fault line.

When I worked in petrochemicals, we had MPPD (Max. Probable Property Damage) and similar separation distances for various sites based on their hazard ratings. The nuclear industry has similar ones.

Is it fair to say that perhaps the NRC choked when they realized the cost to PG&E, perhaps bankrupting it, if they held to the letter of the law?

Again, as you say, we have a known "sure thing" (ie. bankrupt PG&E) weighed against the low probability, high consequence event of a nearby earthquake bigger & more violent than they hoped. Almost always, lone humans or small groups (ie. committee at NRC) will make the wrong choice in these cases. It is just too risky for the individuals and their careers.

If the case was laid out via education and referendum to the public, would they have been able to do any better? I'm not sure. Could this be done by a jury of lay citizens, presented the data by the 2 or more sides of experts who wish to influence the decision?

To me, the only way to do this is to do the analysis before you have millions and billions invested, so that you can afford to make the right decision. Otherwise, it's too late to do the right thing.