Freak accident or frontier enterprise? Deep-water drilling is still a big unknown.
Thursday, September 30, 2010
BP's internal report on the causes of the Deepwater Horizon blowout, released earlier this month, summarized the calamity as the result of eight separate breaches of physical and operational barriers, any one of which could have, and should have, stopped the unfolding disaster. The blowout, in the BP scenario, was very much a freak event. A long shot.
A graphic in the report showed the barriers arrayed like eight slices of Swiss cheese. All the holes, the report states, "lined up" to enable the blowout:
"[A] complex and interlinked series of mechanical failures, human judgments, engineering design, operational implementation and team interfaces came together to allow the initiation and escalation of the accident."
There is a different, and simpler, way to describe what happened: They weren't careful enough.
For the can-do culture of petroleum engineers, this catastrophe should heighten respect for the way bad things can happen to what looks like proven technology. Oil drilling is a risky business, and deep-water drilling is riskier still. Depth matters. And as the industry went deeper, it didn't commensurately increase its safety margin -- or prepare for the worst-case scenario.
On land, on sea, in the air, in space, in our laboratories, on our farms, we are surrounded by technologies of increasing complexity, all of them vulnerable, at some level, to catastrophes of human origin. Engineers do amazing things, but they aren't always as smart as they think, nor their systems as robust as they seem on paper.
The more complex the job, the more potential infiltration points for gremlins.
"We believed that the blowout preventer was the ultimate fail-safe mechanism," BP CEO Tony Hayward testified before Congress in June, bringing to mind the captain of the Titanic, believing that his ship was unsinkable.
Charles Perrow, in his seminal book on technological disasters, "Normal Accidents," writes, "We have produced designs so complicated that we cannot anticipate all the possible interactions of the inevitable failures; we add safety devices" -- think blowout preventers -- "that are deceived or avoided or defeated by hidden paths in the system."
His argument is that such accidents, though rare, are integral characteristics of the system, with its interlinked components. That's what happened here.
The pivotal moment came late on the afternoon and into the early evening of April 20. The Horizon crew conducted two pressure tests to look for any signs of hydrocarbons flowing in the well, which had already been cemented. For reasons that remain somewhat murky -- most of the key figures either have refused to testify or died in the explosion -- the BP "company man" and the Transocean crew decided that the results of the pressure tests were benign.
As in many industrial accidents involving complex technology, they were trying to interpret something they couldn't see directly -- what was happening below the bottom of the sea. The critical hardware, the blowout preventer, was a mile deep.