Learning from ECS Failures:
What can go wrong?
Fall 2012
Lecture # XX
Learning From The Past
• To engineer is human!
• To err is human!
• To err as an engineer can be dangerous!
What Makes A Failure Into A Disaster?
• Public perception of risk
• e.g. In 2008 :
–
–
–
–
Total Auto-Related Deaths: 34,017
Total Train-Related Deaths: 800
Total Bicycle-Related Deaths: 716
Total Airline-Related deaths: 0
• Can be converted to accidents per miles traveled and auto is still highest
• Yet the public perception of the risk associated with air travel is often
much higher than that for trains and certainly for bicycles.
• Two reasons
– the large loss of life (and associated wide spread news reporting) resulting
from a single air crash
– air passenger's lack of control over their environment in the case of air or, to a
lesser degree, rail accidents.
• Both of these reasons results in increased fear, and hence a higher degree
of perceived risk
A Weird Disaster as a first example
•
Boston Molasses Disaster
– aka Boston Molassacre
•
•
•
•
•
•
•
•
•
Molasses was standard sweetener and fermented to produce rum and ethyl
alcohol
January 15, 1919 in Boston Massachusetts at Purity Distilling Company facility
Large (50 foot tall) molasses storage tank burst, and a wave of molasses rushed
through the streets at an estimated 35 mph
21 Killed and 150 injured
8 to 15 ft wave of molasses moving at 35 mph
Temperature had risen from 2 degrees to 40 degrees over 24 hours
87,000 hours to cleanup
Local residents brought class action lawsuit and company eventually paid out
$600,000 in out-of-court settlements (at least $10.7 million in 2012 dollars)
Contributing Factors
– The tank was constructed poorly
– Tank had only been filled to capacity 8 times since it was built and never in cold weather
•
Neither of these conditions had been design tested
– Basic safety tests were neglected
– Tank was painted brown because it leaked so badly (to disguise the leaking molasses) due to
poor construction
A video introduction:
•
•
•
•
Why Study Failures?
Early Engineering Disasters
Software Flaws
Haiti
Primary Causes of ECS Disasters
• human factors
– ethical
– accidents
•
•
•
•
design flaws
materials failures
extreme conditions or environments
combinations of these reasons
– perhaps the most important and overlooked
Challenger Space Shuttle
January 28, 1986
Cape Canaveral, Florida
73 seconds into flight, exploded killing all seven astronauts
• What went wrong?
– Two solid rocket boosters (SRB) contain the fuel that lifts the shuttle into space
– Each SRB has four sections and two large rubber rings (called O-rings) close any
gaps between sections
– One of the O-rings didn’t seal and fuel supply exploded
• Looking back
– O-rings had been used over and over
– Cold makes the O-rings brittle
– When engineers recommended postponing launch
• Management asked “are you sure the rings will fail?”
• Should have asked “are you sure the rings will NOT fail?”
• Looking forward
– 400 improvements to shuttle program
– In 2003, Space Shuttle Columbia broke apart on re-entry because of another
engineering failure and all seven astronauts died
Hyatt Regency Hotel
July 17, 1981 Kansas City, Missouri
Fourth floor walkway collapsed killing 114 people and injuring 200
• What happened?
•
•
Hanging Walkways on second, third, and fourth floor overlooked lobby
Metal Rod that held the fourth floor walkway to the ceiling had failed
• Looking Back
– Original engineering designs called for walkways to be attached to ceiling by long rods
– Due to construction challenges, builder suggested a change…attach fourth floor to ceiling
with shorter rods and then attach second floor walkway to fourth floor walkway
– Change approved via phone without detailed check of safety and load capacity of redesign
– If you and a friend are hanging on to a rope versus you are hanging on to the rope and your
friend is hanging onto you…eventually you get tired and both of you crash to the ground
• Looking Forward
– Engineer of Record & Engineer who approved the change lost their licenses
– Engineering profession changed its procedures
• Engineer of record is now totally responsible for the structural integrity of project
• Written approval required for all contractor modifications
Patriot Missile System
1991 Saudi Arabia
American Army Barracks destroyed
• What went wrong?
–
–
–
–
First Gulf War
Patriot Missile system failed to intercept an incoming Iraqi Scud missile
Missile hit an Army Barracks
28 soldiers died and 100 injured
• Looking back
– A software rounding error incorrectly calculated the time, causing the
Patriot system to ignore the incoming Scud missile
• Looking forward
– Reduction in assumptions to avoid anomalies
– Duplicated solutions by different algorithms
Tacoma Narrows Bridge
November 7, 1940 Tacoma, Washington
4 months after opening the bridge collapsed
• What went wrong?
– 42 mph winds caused the bridge to sway
– Cables on the west side snapped
– Only casualty was Tubby the dog who was trapped in a car
• Looking back
– Design used a solid steel girder instead of stiffening trusses to achieve
a slender, flexible bridge – pushing the limits of engineering
– Nicknamed Galloping Gertie due to swaying and rolling
– Drivers would lose sight of cars ahead of them
– Engineer neglected aerodynamics
• Looking forward
– Wind tunnels used to test bridge design before construction starts
South Fork Dam
May 31, 1889
Johnstown, Pennsylvania
Dam broke killing more than 2000
• What went wrong?
– Embankment dam made of mounded up earth, boulders, & clay
– Ruptured at 3:10pm and water hit town at 4:07pm with 40-foot waves
and a speed of 40mph
– Water coated with oil from the waste caught fire
• Looking back
– Culverts valves were shut off so water was not being discharged
– South Fork Hunting & Fishing Club bought the dam and built a trap
across the dam’s spillway to keep fish in the lake. The trap became
clogged with debris.
– Dam had an unrepaired sag that weakened the structure
• Looking forward
Chernobyl
April 26, 1986 Ukraine
Reactor No. 4 exploded killing 31 people outright
• What happened?
•
•
Plant managers were running an experiment to see if a winding-down turbine
could generate enough electricity to last for the forty to fifty seconds it would
take for back-up diesel generators to take over
They cut the power and ignored warning lights in hope of completing the
experiment. Reactor went out of control within seconds and two explosions
ripped the roof off the reactor, spewing radioactive material
• Looking Back
– It took firefighters in helicopters two weeks to douse the reactor failure
– It took six months to entomb the reactor in lead and concrete
– Computer controlled disaster avoidance measures were overridden
• Looking Forward
– Culture of safety
– Specific guidelines for all operations including testing
Hartford Coliseum Collapse
January 18, 1978 Hartford, Connecticut
Roof collapsed-0
• What happened?
– 5 years after opening, roof collapsed due to heaviest snowstorm in 5 years
– Happened in early hours of the morning so venue was unoccupied (but hours earlier
held 500 spectators)
• Looking Back
– Design of the innovative roof space truss was done using CAD software
– Dead loads were underestimated by more than 20% by the CAD software.
– The computer model assumed all of the top chords were laterally braced, but in fact
only the interior frame met the criteria because of the diagonal bracing.
– Multiple assumptions built into the CAD software were not valid
• Looking Forward
– Designers may be hired to preform traditional services, but courts may still find them
responsible because they are licensed professionals who are liable for public safety
– Checks and Balances for human and computer generated designs
Bhopal
December 2, 1984 Bhopal, India
44 tons of MIC escaped from Union Carbide plant killing 7000 people
• What happened?
•
•
Water leaked into storage tank for methyl isocyanate (MIC) which reacts with water
MIC reacted violently with water causing the tanks to crack
• Looking Back
– Refrigeration unit used to keep MIC cool (and less likely to overheat and expand if
contaminated) had been turned off five months earlier
– A storage tank for excess MIC was already full
– A gas scrubber, designed to neutralize escaping gas, didn’t work
– The flare tower, which burned off escaping MIC from the gas scrubber, wasn’t working
– Spray from fire truck hoses couldn’t reach the escaping gas fumes
• Looking Forward
– Changes worldwide to regulation of chemicals
– In US, Community Right To Know requires disclosure of all chemical storage and transport
Apollo 13
December 2, 1984
Cape Canaveral, Florida
liquid oxygen tank exploded causing loss of fuel cells
• What happened?
•
•
•
•
•
•
56 hours into flight liquid oxygen tank exploded
Without fuel cells, supply of electricity, light & water plummeted
To save power, crew moved from Command Module into smaller Lunar Module
90 hours needed to get back to earth but LM not designed to sustain 3 astronauts
Carbon Dioxide levels climbed due to cramped quarters causing dirty filter
CM & LM filters not same but duct tape, cardboard, plastic bags used to retrofit
• Looking Back
–
–
–
–
Tank originally designed for Apollo 10 mission but deemed safe for Apollo 13
Apollo 13 rewired and old tank ran on lower voltage than the newly rewired spacecraft
Pre-launch testing damaged wiring insulation & fans used during mission caused spark
Insulation caught fire & BANG
• Looking Forward
– Oxygen tanks modified
– Third liquid oxygen tank added
– Backup battery installed
Homework #XX
• Research ECS Disasters
– Create a single page report (double spaced) that
lists and describes three engineering disasters
from three different engineering disciplines
– Cannot use any of the examples used in class
lecture
– At least one must be from your specific area of
study
– Submit via eLearning
• Due one week from today
Further Reading
• http://www.nytimes.com/2010/07/20/science
/20lesson.html?pagewanted=all
• http://engineeringfailures.org/
Credits
• Fantastic Feats & Failures
• Modern Marvels, History Channel
• Embedded videos and websites