Inevitability and Oil, Pt. 1: the inherent risk for accidents in complex technology
When I read updates on blogs or the news about the BP oil spill, my expression is generally very serious: furrowed brow, pursed lips which I’m probably chewing in alternation with gnawing a nail. But last week I laughed out loud, a true LOL, a brash guffaw. (“What?!” my labmates inquired.)
I had read this New York Times article recounting the reactions of the executives of other oil companies during the Congressional hearing as they attempted to assert that this sort of accident would never occur at their own companies’ wells.
“We would not have drilled the well the way they did,” said Rex W. Tillerson, chief executive of Exxon Mobil.
“It certainly appears that not all the standards that we would recommend or that we would employ were in place,” said John S. Watson, chairman of Chevron.
“It’s not a well that we would have drilled in that mechanical setup,” said Marvin E. Odum, president of Shell.
The idea that this would never happen at another deep-sea well is preposterous to me. That the risks of drilling a mile into the ocean – to depths that require robots (yet another form of technology) for access, in order to draw back up pressurized matter from mostly unexplored pockets – can be calculated and prepared for seems absolutely ridiculous. And although the execs are using exact and technical language to ensure that they will never be made hypocrites, the message they are trying to send is: BP messed up. We act more responsibly and would never have made such mistakes. We should be allowed to continue drilling in the deep.
Many people seem ready to play the blame game, plug the whole thing on BP and call it a day. I, however, think that this accident presents an opportunity for us to reflect upon what it means to be a society reliant on complex technologies whose failures can cause disaster.
I. A little bit of theory…
When talking about risk theory and safety, two main ideas come up in the scholarship: Normal Accidents Theory (NAT) and High Reliability Organization Framework (HROF), which can you read about in quite thorough detail in this article from Organizational Studies.
The term “normal accidents” was coined by Charles Perrow in his 1984 book Normal Accidents: Living with High Risk Technologies (available on Google Books) to describe accidents that are not caused by a single, definite error – but are rather due to inherent problems in complex systems. The two qualities that lead towards “normal accidents” or “system accidents” are:
- A system complex enough that not all outcomes can be predicted, leading to a potential situation where 2 failures could interact in an unexpected way, hiding the true cause of the problem; and
- The system is “tightly coupled” – meaning that processes happen very quickly, and the parts are entwined so closely that individual parts cannot be separated from one another.
These two qualities combined create a system for which there is “insufficient time and understanding to control incidents and avoid accidents,” as the Organizational Studies article states.
Perrow himself compiled this theory after the incident at Three Mile Island. Three Mile Island was a nuclear reactor outside of Harrisburg, Pennsylvania which underwent a partial core meltdown in 1979. In this near-disaster, two seemingly contradictory “safety devices,” meant to alert the crew of problems in the reactor, went off simultaneously, distracting the staff from the real problem: a stuck steam valve. Luckily, an engineer put the pieces together with less than an hour to spare. This is an example of a “normal accident” – where the complexity of the reactor, that is, the system’s “normal” existence, nearly caused disaster itself.
In reaction to Normal Accident Theory, the more optimistic High Reliability Optimization Framework was born. It’s originators, Todd La Porte and Karlene Roberts, describe an alternate scenario, in which complex systems are able to run incredibly smoothly and without fail for long periods of time. Citing aircraft control operations as an example, they explain that the technology is not the issue, but rather the complexity of the organization. As long as all the people working on the ground are highly trained in both technical function of the system and safety, complex systems are not doomed to fail.
While both theories are flawed (as the article mentioned above outlines), I find the Normal Accidents Theory to be more useful. It seems obvious that if all employees are highly trained in all areas, things would flow smoothly. But, I’m sorry to report, that doesn’t seem to be the case for most systems and industries. Normal Accident Theory informs a different way of looking at technology and thinking about accidents – a view revealing that there is an inherent danger, and to be slightly wary. A useful view in terms of planning, training, and honesty.
II. Is the BP Oil Spill a “normal accident?”
The BP oil spill does not fit perfectly into the Normal Accident framework. There were a number of specific mistakes that were made that led to the spill – at least that’s what the reports are saying for now. (That is, it’s not “normal” unless cost-cutting and neglecting safety are considered “normal.” It does feel that way sometimes…) Upon hearing my initial lamenting at the onset of the spill, my father sent me this New Yorker article by Malcolm Gladwell in order to provide some “useful perspective.” (Thanks, Dad.) It was published in 1996 and is a reflection on a fatal (and comparable) accident that occurred 10 years prior: the Challenger explosion.
The Challenger was NASA’s second space shuttle, which underwent liftoff successfully 9 times. However, on its 10th liftoff in 1986, it exploded just 73 seconds off the ground, killing all seven crew members. The first 9 times, the rubber O-rings contained hot gas and kept it from ignition by rocket fire. But the 10th time they failed. Engineers had warned NASA that it was too cold for take-off, but the top men insisted that they stay on schedule. Thus it was a combination of mechanical failure and human hubris that caused the Challenger exposion.
The BP oil spill is a similar case. The hubris of man, the need to drill quickly and cheaply, led to cost-cutting and mechanical failure (as the media currently reports), resulting in a massive oil slick that will continue to grow in the months, if not the years, to come.
As I mentioned previously, I am not confident in deep-sea drilling technology. Granted, I don’t know much about it, and the current inundation of the interwebs in oil spill opinions makes finding reliable information nearly impossible. Maybe I’m the one being irrational here, but I just cannot see how this technology is not risky in and of itself. I am not confident in the other oil company executives, claiming that their systems are not flawed. While BP’s spill was not a “normal accident,” it does not preclude other rigs from having them.
This is why all the finger-pointing at BP irks me. They made some serious mistakes and will pay the consequences – I’m not letting them off the hook. But by having an easy scapegoat, we, the public, can easily ignore the greater issues at hand such as the inherent risk for disaster in these complex systems, or the fact that we’re drilling a mile deep into the ocean floor for fuel in the first place. It’s too easy to make this accident out to be a huge mistake made by greedy corporate white men instead of contemplating that fact that this could have happened just through the nature of the system.
In his book Inviting Disaster: Lessons from the Edge of Technology, James Chiles writes:
A lot of us are offering our lives these days to machines and their operators, about which we know very little except that occasionally things go shockingly wrong… Later study shows that machine disasters nearly always require multiple failures and mistakes to reach fruition. One mishap, a single cause, is hardly ever enough to constitute a disaster. A disaster occurs through a combination of poor maintenance, bad communication, and shortcuts. Slowly the strain builds.
We are all human. We all know what it’s like to procrastinate, to forget to leave a message, to have our minds wander. In his book, Chiles argues, citing over 50 examples in immense detail, that most disasters are caused by “ordinary mistakes” – and that to live in this modern world, we have to “acknowledge the extraordinary damage that ordinary mistakes can now cause.” Most of the time, things run smoothly. But when they don’t, our culture requires us to find someone to blame instead of recognizing that our own lifestyles cause these disasters. Instead of reconsidering the way we live our lives, we simply dump our frustration off so that we can continue living our lives in comfort.
It is too easy to ignore the fact that the risk of disaster comes with technology, especially ones that incorporate a form of energy such as nuclear power, rocket fuel, or, here, the potential energy of pressurized crude oil.
III. Prospective: incorporating Normal Accident Theory into our culture
At the beginning of his New Yorker article, Gladwell outlines the “ritual to disaster:” the careful exposition of the problems that went wrong, the governmental panel, the pointed fingers. Rereading it a month after I first received it, I can see this ritual unfolding before me. It occurs on the premise that we can learn from our mistakes – that the pinpointing of the precise events that led to disaster can help us avoid repeating ourselves. But Gladwell asks: “What if these public post mortems don’t help us avoid future accidents? … [Perhaps they] are as much exercises in self-deception as they are genuine opportunities for reassurance.”
If Chiles and Perrow are right – if risk and thus potential accident are built into the nature of complex machinery run by humans – we should not be reassured. We can certainly learn from our mistakes and try to keep replicate disasters from occurring. But, as Chiles points out, if all concern is thrown into the one part of the system that has been harmed before, it will only leave other parts to corrode and rust without our notice.
What would it mean for us to “accept” that our technology is flawed, that “normal accidents” will occur? It would not lessen the impact of disasters. But if an acceptable discourse could be developed to address inherent risk in machines without striking fear into the masses, if the topic were no longer untouchable or taboo, we could better prepare for “normal accidents.” For while industries mostly employ specialists these days, in these accidents (or near-accidents), the answer comes instead from large-scale thinking. Chiles describes it as a game of chess in which “a chess master spends more time thinking about the board from his opponent’s perspective than from his own.”
We have to combine our risk assessment theories – we have to aim for the optimistic High Reliability Optimization Framework, trying to turn as many people on the team into “chess masters” as possible, without getting overconfident. Although “normal accidents” cannot be predicted, the HROF should include training in what a “normal accident” is. Even the mere knowledge that the machinery may not always act the way its supposed to is better than nothing.
But for now, the disaster ritual will continue, just as it did with the Challenger and other disasters. BP will take the blame and foot the bill. In several months or years, there will be a public apology and ceremony to remember the 11 rig workers who died. And the President will announce: We have learned our lesson from the BP spill. We will not make this mistake again. Deep-sea drilling is reopened, we are reborn. “Your loss has meant that we could confidently begin anew,” as Captain Frederick Hauck said of the Challenger in 1988.
There are other fundamental differences between the BP oil spill and the other man-made disasters: its expanse in both space and time. The Challenger explosion, while a great tragedy, was swift. There were no long-term effects felt by the general public (excepting the families of the astronauts). But this spill is far from over. By ignoring the inherent risks in deep-sea drilling, we are potentially setting ourselves up for another long-term disaster, affecting millions of people, wildlife, ecosystems. I don’t think we can afford a repeat.
Gephart, R. (2004). Normal Risk: Technology, Sense Making, and Environmental Disasters Organization & Environment, 17 (1), 20-26 DOI: 10.1177/1086026603262030
Gladwell, Malcolm. 1996. “Blowup.” The New Yorker. Jan 22, 36.
Leveson, N., Dulac, N., Marais, K., & Carroll, J. (2009). Moving Beyond Normal Accidents and High Reliability Organizations: A Systems Approach to Safety in Complex Systems Organization Studies, 30 (2-3), 227-249 DOI: 10.1177/0170840608101478
Perrow, Charles. Normal Accidents: Living with high-risk technologies. Princeton, NJ: Princeton University Press, 1984.
Weick, K. (2004). Normal Accident Theory As Frame, Link, and Provocation Organization & Environment, 17 (1), 27-31 DOI: 10.1177/1086026603262031