 |
| The Deepwater Horizon aflame 21 April 2010 |
How Could This Happen?
BP has provided its first analysis of what went wrong on the Deepwater Horizon that led to 11 deaths and the nation's biggest single maritime oil release. As expected, lots of things had to go wrong at once.Big disasters in complex systems usually require a cascade of errors and flaws. The Apollo 13 explosion, which had an unlikely chain of six design errors, operational failures and accidents that had to happen before the tank blew, was typical.
So what, specifically, happened on Deepwater Horizon?
BP's Analysis
BP's team of internal and outside experts has presented its 193-page report, and BP has made it available here. There is also an executive summary and a video summary.The presentation says this is not meant to be "the definitive or final word on what happened." The study team didn't have access to some witnesses or some physical evidence. The analysis was highly technical, and describes what they think happened in a complex and specialized system of hardware.
 |
| The Deepwater Horizon Rig |
- "We concluded that there was no single action or inaction that caused the accident."
- "The accident was the culmination of a complex and interlinked series of mechanical failures, human judgements, engineering design, operational implementation and team communication."
- The team found eight interrelated or contributing factors:
- Hydrocarbons got into the production casing through the shoe track because of failures of the cement and shoe track barriers. Probably the cement slurry that was used was not correct, contributing to this failure.
- The annulus cement barrier also failed, also possibly because the cement used was incorrect or incorrectly applied.
- The results of the negative pressure test that was supposed to show well integrity was inconclusive, but the well team incorrectly accepted these results as showing the well was intact.
- Instrument readings over a 40 minute period showed that hydrocarbons were entering the well, but the crew did not notice or properly interpret these signals until the hydrocarbons were already in the riser and rushing toward the surface.
- Once the crew realized that well integrity had failed, the actions they took failed to regain control of the well.
- After the flow of hydrocarbons reached the rig it was routed to a mud-gas separator, which is designed to safely manage only small amounts of hydrocarbons. It should have been vented overside away from the rig through the available 14-inch lines. Hydrocarbons emitted by the mud-gas separator were vented on the rig and were able to penetrate into its spaces.
- Gas was drawn into the engine rooms through their ventilation systems creating a potential for ignition, but the rig's fire and gas system failed to prevent such ignition.
- The resulting explosion and fire disabled crew-operated controls to the blow-out preventer. The blow-out preventer should still have been able to stop the flow with its automatic systems, but lax maintenance and inspection of the BOP, or other problems, meant these automatic systems did not work.
Implications--Can It Happen Again?
One would think that such chains of error and accident would be so unlikely that we don't have to worry about another rig failing. That is obviously not accurate.Another rig will not fail in exactly the same way, but we have already had an explosion/fire on another Gulf of Mexico rig in the brief time since the Macondo blowout. And remember the Piper Alpha disaster in 1988 (167 deaths) and the Ixtoc I blowout in 1979 (where the blow-out preventer also didn't do its job).
With more and more rigs of greater and greater complexity in tougher and tougher environments we should expect such disasters in the future. This is just a cost of using oil.
The image of the burning rig is in the public domain, available here.
The diagram is from the presentation slides accompanying BP's report, available in PDF here.
No comments:
Post a Comment