> home
> About
> Contact Us
> Editorial Info
> IEEE-USA
    feature

   06.11    

 

short circuits
Your Engineering Heritage: Titanic, Wireless Communications, and the Popular Delusions of Mass Media

World Bytes: Animal Wildlife Crossings

viewpoints

reader feedback

archives
career articles
policy articles
all articles
2012
Dec Nov Oct Sep
Aug Jul Jun May
Apr Mar Feb Jan
2011
Dec Nov Oct Sep
Aug Jul Jun May
Apr Mar Feb Jan
 
 

archive search

 
 

Comments on this story may be sent directly to Today's Engineer or submitted through our online form.
 
 
 


06.11

Taking Responsibility for Technology

By Don Shafer

 
This article is based on a keynote of the same title presented at the IEEE-USA Annual Meeting in Austin, Texas, 5 March 2011 [watch video].  Further information on the Macondo Incident background was first introduced in Computing Now. [i]
 

My focus on responsible technology development may differ slightly from that of most IEEE members. I’m the chief technology officer of a Texas company of around 60 engineers that work offshore on oil and gas exploration and production vessels ensuring that the control systems are functioning correctly. Offshore oil and gas exploration has driven technology in metallurgy, chemistry, manufacturing, electronics and computing.  It has also provided areas where the technology has rapidly gotten away from us. The Macondo Well incident [ii] of April 2010 is an excellent example of not taking responsibility for technology.

Safety is a critical component of the culture of oil and gas workers. To that end we need to begin with a safety minute.

A Safety Minute


Basic Offshore Technology
Source: http://www.seton.com/knife-safety-signs-safety-first-91822.html

For years, most people working in the oil and gas field — whether in an office, on a drilling rig or in the field — carried a pocket knife. As a leading cause of personal injuries, however, pocket knives were banned from all rigs operated by  Transocean, the offshore drilling contractor responsible for managing the Deepwater Horizon. Eleven crew members were killed in the explosion and fire that decimated the rig on 20 April 2010. Improbable as it may sound, the absence of pocketknives could have contributed to even more deaths aboard the Horizon. Here's a quote from Horizon survivor Mike Williams, the rig's chief electronics technician:

The life raft was at a 45-degree angle to the water. There's something called a painter line that these life rafts attach to the rigs. We had pulled all that tight. And no one had ever cut it. So we're tied to the rig and we're dumping people out of the life raft. Transocean has a no-knife policy. No pocketknives of any kind. No one had a knife to cut this line.

Mike Williams
Chief Electronics Technician, Deepwater Horizon
[extended 60 Minutes interview]


Deepwater Horizon Explosion and Sinking – April 2010
Source: http://blog.al.com/wire/2011/04/deepwater_horizon_owner_transo.html
http://www.nytimes.com/2010/07/20/science/20lesson.html

Luckily for Mike and the others on the raft, some fishermen who were helping with the rescue got close enough to the raft to throw a knife. The painter was cut and the raft got away.

IEEE Code of Ethics

As members of the IEEE, we ascribe to the Code of Ethics shown below. This is a good starting place to discuss our responsibilities as engineers to the technology we build, deliver and use.

We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world and in accepting a personal obligation to our profession, its members and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree:

  1. to accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;

  2. to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;

  3. to be honest and realistic in stating claims or estimates based on available data;

  4. to reject bribery in all its forms;

  5. to improve the understanding of technology, its appropriate application, and potential consequences;

  6. to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;

  7. to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;

  8. to treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;

  9. to avoid injuring others, their property, reputation, or employment by false or malicious action;

  10. to assist colleagues and co-workers in their professional development and to support them in following this code of ethics.

We will discuss the implications of these three highlighted aspects of the code.

Rule #1: To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment

Although Macondo was the stimulus for this article, it was not the first, nor will it be the last technology disaster. As engineers we need to always take responsibility for our decisions. Those decisions must be in concert with health, safety and the environment. We need to be the “truth tellers” in informing the public about any of the results, actual or possible, of the technology that can lead to diminished health, safety or environment.

Where are those areas where we can fail?

1. Always, give the King what he asks for.


Title: Vasa Sinking, August 1628
Source: Vasa Museum http://www.vasamuseet.se/en/The-Ship/The-sinking/
Further Information: http://en.wikipedia.org/wiki/Vasa_(ship)

What do you do when you have a powerful, overbearing — but technically ignorant — boss or customer? You say yes and do what they want, right? Wrong! Minutes after her grand launching, with all Stockholm watching, the Vasa heeled, listed and sank, killing about 50. King Gustavus Adolphus in his effort to make Sweden the world’s superpower ordered four new warships built fast. Remember, this is 1628. Von Leibnitz did not publish his differential calculus until 1784 [iii]. There were no modeling tools other than those rendered into wood.

Workmen were already laying the Vasa's keel when the king ordered its length extended. The master shipwright agreed and then died. His inexperienced assistant then took over. The king ordered a second gun deck. The result was the most heavily armed warship of its day, but too long and too tall too heavy for its beam and ballast. When the standard stability test of the day, 30 sailors running from side to side, perilously tilted the Vasa, the test was canceled and the ship readied for launch. They would test the ship “in production.”

2. Communication? What communication?


Hyatt Regency walkway collapse – July 1981
Source: http://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse

Communication among all the stakeholders in a project is critical to the project’s success. When the designers, builders and inspectors failed to communicate the changing requirements, design challenges and changing calculations, a recipe for disaster was in the making. On 17 July 1981, approximately 1,600 people gathered in the Hyatt Regency Kansas City atrium to participate in and watch a dance competition. The fourth floor walkway collapsed onto the second floor and both walkways then fell to the lobby floor below, resulting in 114 deaths and 216 injuries.

When three "floating walkways" crashed to the floor of Kansas City, MO's swank new Hyatt Regency on 17 July 1981, speculation first fixed on the patrons who'd been dancing on them: perhaps their high-stepping had set off a harmonic wave that made the sky bridges buckle and crumble. First, blame the victims! The basic problem was a lack of proper communication, failure to review the initial design thoroughly, and failure to perform basic calculations that would have revealed its serious intrinsic flaws — in particular, the doubling of the load on the fourth-floor beams. Miscommunication and lack of attention to detail by the engineers resulted in 114 people perishing in the deadliest structural failure in U.S. history.

3. Technology’s will solve our most pressing problems.


Iroquois Theater Blaze – December 1903
Source: http://www.listzblog.com/top_ten_deadly_fires_history_list.html

The burning of Chicago's Iroquois Theater — a supposedly indestructible, up-to-the-minute design-in this case, a theater advertised as "absolutely fireproof" — killed 602 people, more than twice the toll of "the Great Chicago Fire" 32 years earlier. The Iroquois' owners acted with as much haste and hubris as their Titanic counterparts would in the near future. They installed no firefighting equipment, eliminated fire drills and opened for business before the sprinkler system was ready. Instead, they relied on a single technological magic bullet: an asbestos curtain that would drop down and shield the audience in the (rather common) event of a backstage fire. As could be predicted, a fire started. The asbestos curtain started dropping on cue but caught on a stage light. Crew and cast opened the stage door to flee, admitting a powerful gust that sent fireballs shooting out over the unshielded audience. Fleeing patrons either found the doors barred or could not operate the new door latches.

4. Why, that could never happen!


Atlantic Empress/Aegean Captain Collision – July 1979
Source: http://planetgreen.discovery.com/feature/planet-100/worst-oil-catastrophes.html
         http://www.globalarchitectsguide.com/library/Atlantic-Empress.php

The ocean is an enormous expanse. Even when you take into account the size of super tankers, why the ocean is still big enough. Two could never collide. A super tanker can stretch over 400 meters, weigh more than 400,000 metric tons and require five kilometers to stop. By design, they have minimal crew, have no margin of error in their power plant and do not prepare for unexpected problems. Where many smaller ships use multiple propellers to steer and brake, most tankers have just a single massive propeller. The technology that helps compensate for these limitations can contribute to a false sense of security. Highly effective, navigation radar provides a false sense of security allowing tankers to travel too fast to break from a collision course. Remember, it takes 5 kilometers to stop. On 19 July 1979, what could never happen, happened! The Atlantic Empress and the Aegean Captain collided near Tobago in a light rainstorm. They lost 26 crewmembers and spilled more than 2,105,000 barrels of oil, more than four and a half times as much as the Exxon Valdez spilled in 1989.

5. Future changes can only enhance the quality of the product.


Minneapolis I-35W Bridge Collapse – August 2007
Source: http://designcrave.com/2010-06-11/5-design-flaws-that-led-to-disaster-2/

The I-35W Mississippi River bridge was an eight-lane, steel truss arch bridge that carried Interstate 35W across the Mississippi River in Minneapolis. During the evening rush hour on 1 August 2007, it suddenly collapsed, killing 13 people and injuring 145. NTSB found the primary cause was the under-sized gusset plates. Contributing to that error was the fact that 2 inches of concrete were added to the road surface over the years, increasing the dead load by 20%. Also contributing was the extraordinary weight of construction equipment and material resting on the bridge just above its weakest point at the time of the collapse.

6. We need reliable workers. Training is secondary.


Chernobyl – April 1986
Source: http://designcrave.com/2010-06-11/5-design-flaws-that-led-to-disaster-2/

The catastrophic meltdown at the Chernobyl nuclear power station occurred on 26 April 1986, when one of the reactors overheated rapidly, leading to a meltdown. The accident was rated 7 on the International Nuclear Event Scale (INES), which runs from 0 (an abnormal situation with no safety consequences) to 7 (an accident causing widespread contamination with serious health and environmental effects). Until the March 2011 nuclear accidents in Fukushima, Japan, Chernobyl was the only level-7 incident. Chernobyl released an enormous cloud of radioactive fallout, simultaneously endangering the lives of hundreds of thousands of people in surrounding areas. It is estimated that 4,000 people may die due to cancer from the radiation released during the Chernobyl meltdown. As it stands today, Chernobyl has a 17-mile radius “Exclusion Zone” which is considered too hazardous to live in. Based on the half-life of Plutonium 239, the exclusion zone will not be safe to inhabit for 24,100 years.

The immediate cause of the Chernobyl accident has been linked to an ill-advised electrical power generation experiment conducted by engineers with no experience in reactor physics. Instead of powering down reactor 4, which was running dangerously low on coolant, the engineers increased the reactor's power, causing it to rapidly overheat. Additional factors which helped precipitate the event were the unstable design of the reactor itself and the absence of a strong safety culture at the plant.

7. Well, it’s only Excel!


Maersk Line – 18 Containers lost overboard – October 2009
Source: www.maib.gov.uk/publications/completed_preliminary_examinations/husky_racer.cfm

The preliminary examination of the accident found that the inaccurate container weights were on the loading plan because of a system shortcoming that did not update the operations department when the shipper provided more accurate contents details to the carrier. Further investigations showed that the Microsoft Excel worksheet that calculated the loading order sorted the containers from lightest to heaviest. Then it started at the top of the list, the lightest, and placed them first in the ship. The lightest containers were placed on the bottom. Eventually, the bottom containers, collapsed under the weight causing the stacks to fall over.

8. We’ll test it later, in production.


Control System Failure - December 2009
Source: http://stepchangeinsafety.net/stepchange/SingleItem_Incident.aspx?ID=5824

A control system failure occurred on a large, construction vessel. Two control units were restarted twice, unsuccessfully. A blinking red lamp on the PLC indicated that a memory reset was required, even though a memory reset had NEVER been requested by control system diagnostics during equipment operations.  As soon as the hydraulic power packs started, a loud bang was heard. A quadruple joint of pipe dropped approximately one meter to the welding deck below. A second quadruple joint of pipe in the pipe elevator was released (all clamps opened and the hydraulic safety stop swung away) and fell the full length of the tower, smashing through a crowded access platform to the deck below.

The initialization instruction was pre-loaded in PLC EPROM memory and the initialization included instructions to OPEN ALL CLAMPS.

Eight personnel were injured — four fatally. All were located on the access platform and several were thrown overboard by the impact.

Rule #3: To be honest and realistic in stating claims or estimates based on available data

How many of us when asked for the status of a project has said, “It’s 90% complete”? Especially in software, that’s a common response. What about when health, safety and the environment are closely impacted? As our view of our responsibility to changing technology evolves after the Macondo incident, we may need to address what happens when, as engineers, we are honest in our answers but our managers bury the information. Below are ten opportunities that were lost in preventing the Deepwater Horizon oil spill. These are just a handful of opportunities lost. This list and the following graphic emphasize that not only were these known, but the solutions were industry standard practices that were not followed. Referring back to point number one in our Code of Ethics, as engineers they voiced their concerns but did not inform the affected parties.

Macondo Opportunities Lost [iv]

  1. 22 June 2009 - Mark E. Hafle, a senior drilling engineer at BP, warns that the metal casing for the blowout preventer might collapse under high pressure.

  2. March 2010 - An accident damages a gasket on the blowout preventer on the rig.

  3. 1 April 2010 - Halliburton employee Marvin Volek warns that BP's use of cement "was against our best practices.“

  4. 6 April 2010 - MMS issues permit to BP for the well with the notation, "Exercise caution while drilling due to indications of shallow gas and possible water flow."

  5. 9 April 2010 - BP drills last section with the wellbore 18,360 feet below sea level but the last 1,192 feet need casing. Halliburton recommends liner/tieback casing that will provide 4 redundant barriers to flow. BP chooses to do a single liner with fewer barriers that is faster to install and cheaper ($7 to $10 million).

  6. 15 April 2010 - Morel informs Halliburton executive Jesse Gagliano that they plan to use 6 centralizers. Gagliano says they should use 21.

  7. 15 April 2010 - Gagliano also recommends to circulate the drilling mud from the bottom of the well all the way up to the surface to remove air pockets and debris which can contaminate the cement, saying in an email, at "least circulate one bottoms up on the well before doing a cement job." Despite this recommendation, BP cycles only 261 barrels (41.5 m3) of mud, a fraction of the total mud used in the well.

  8. 17 April 2010 - Gagliano now reports that using only 6 centralizers "would likely produce channeling and a failure of the cement job."

  9. 18 April 2010 - Gagliano's report says, "well is considered to have a severe gas flow problem."

  10. 20 April 2010 at 7 am - BP cancels a recommended cement bond log test.


Warning Signs Ignored
Source: http://www.saveusenergyjobs.com/2010/06/bp-step-by-step-to-disaster/#section3

Conclusion

It is our responsibility as engineers and members of IEEE to remember the fifth rule of our code of ethics:

Rule #5: to improve the understanding of technology, its appropriate application, and potential consequences

To that end you, the reader, need to search your experiences and decide how to pass along your hard earned experiences. Teach a course within your company, at your alma mater or a local community college. Write a paper for a professional society’s magazine or journal. Give a talk. Do something to get your colleagues and new engineers to take responsibility for this wonderful technology all of us are developing.

[i] "The BP Oil Spill: Could Software be a Culprit?," by Don Shafer and Phillip A. Laplante, http://www.computer.org/portal/web/computingnow/bp-spill

[ii] As a point of irony, the name Macondo is the same name as the fictitious cursed town in the novel "One Hundred Years of Solitude" by Colombian Nobel Prize-winning writer Gabriel Garcia Marquez. http://en.wikipedia.org/wiki/Macondo_Prospect

[iii] Leibniz is credited, along with Sir Isaac Newton, with the inventing of infinitesimal calculus (that comprises differential and integral calculus). This cleverly suggestive notation for the calculus is probably his most enduring mathematical legacy. Leibniz did not publish anything about his calculus until 1684. http://en.wikipedia.org/wiki/Gottfried_Leibniz#cite_note-29

[iv] Timeline of the Deepwater Horizon Oil Spill, http://en.wikipedia.org/wiki/Timeline_of_the_Deepwater_Horizon_oil_spill

Back

 

As cofounder and chief technology officer, Don Shafer developed Athens Group’s oil and gas practice and leads engineers in delivering software services for exploration, production, and pipeline monitoring systems for clients such as BP, Chevron, ExxonMobil, ConocoPhillips, and Shell. He led groups developing and marketing hardware and software products for Motorola, AMD, and Crystal Semiconductor. Shafer managed a large PC product group producing award-winning audio components for Apple. From the development of low-level software drivers to the selection and monitoring of semiconductor facilities, he has led key product and process efforts.

He received a BS from the United States Air Force Academy and an MBA from the University of Denver. Twice treasurer of the IEEE Computer Society Board of Governors, past editor in chief and chair of the IEEE Computer Society Press, an IEEE senior member, and a Golden Core member, he is an adjunct professor of engineering at the University of Texas at Austin. Shafer has contributed to three books, written more than 20 published articles, and is coauthor of Quality Software Project Management, published by Prentice-Hall. He is a contributor to the 2010 edition of the Encyclopedia of Software Engineering and is a Certified Software Development Professional. His current projects include the development of a multi-volume set of Software Engineering Proven Practices for the oil and gas industry based on more than a decade of extensive engineering work done at Athens Group.

For more on Shafer's background, please reference: http://www.computer.org/portal/web/buildyourcareer/mypath/shafer

Comments may be submitted to todaysengineer@ieee.org.

Copyright © 2011 IEEE