Skip to content

Resilience, Reliability, and Oil Spills


What did you think when you heard of the massive oil spill now seeping out from an underwater oil rig in the Gulf of Mexico?  Perhaps you thought of major environmental damage, or of the impact on birds, fish, and other wildlife, or of the damage to be done to the fishing industry in the Gulf region. I thought of how this could potentially have been prevented, or the magnitude of damage reduced, if principles from the emerging field of resilience engineering was used by British Petroleum, the US government, and regulatory agencies.

In a news report on the incident (from The Boston Globe, May 1, 2010), we learn that:

“BP Downplayed Possibility of Major Oil Spill”; Said Accident was ‘Unlikely’; May be Worse than Feared

“BP downplayed the possibility to a catastrophic accident at an offshore rig that exploded, causing the worst US oil spill in decades and endangering Gulf shoreline habitat.

BP’s plan, filed with federal oversight agencies in February 2009, said it was “unlikely that an accidental surface or subsurface oil spill would occur from the proposed activities.”  Further, while the company conceded that a spill would impact beaches, wildlife refuges, and wilderness areas, it argued that due to the distance to shore (48 miles) and the response capabilities that would be implemented, no significant adverse impacts are expected.

Robert Wiygul, an environmental lawyer based in Mississippi and a board member of the Gulf Restoration Network, said he didn’t see anything in the document that suggests BP addressed the kind of technology needed to control a spill at that depth of water.  “The point is, if you’re going to be drilling in 5,000 feet of water, you should have the ability to control what you’re doing,” said Wiygul.

Many of the more than two dozen lawsuits filed in the wake of the explosion assert it was caused when workers for oil services contractor Halliburton Inc. improperly capped the well- a process known as ‘cementing.’  Halliburton denied it.

According to a 2007 study by the federal Minerals Management Service, which examined the 39 rig blowouts in the Gulf of Mexico between 1992 and 2006, cementing was a factor in 18 of the incidents.  In all of the cases, gas seepage occurred during or after cementing of the well casing, the agency said.”

So- there will be a lengthy investigation and, in all likelihood, policies and practices on cementing will be strengthened.  But the damage will be done and the larger point will be missed.  BP’s plan apparently did not take into account the possibility of an accident or include scenarios for responding if an accident did occur.  This, coupled with a US government looking to find new sources of oil, created conditions where an accident was more likely.  The emerging field of “resilience engineering,” used by mature safety-conscious organizations in nuclear, chemical, aviation, and other industries, assumes that things WILL go wrong.  A resilience engineering approach builds in rigorous scenario planning and testing to keep bad things from happening, and/or to contain the damage when they do.  For instance, Boeing assumes that bad things will happen to airplanes in flight.  They follow principles of “failsafe engineering,” which begin from the premise that 10, 12, or 15 things may go wrong at the same time in an aircraft flying at 35,000 feet.  Their engineers are challenged to ask, “What mechanisms can we build in to the airplane which will prevent an accident from happening, even if many things go wrong at once?” Another resilience engineering practice used across a variety of industries is to carry out rehearsals of rare, unexpected events that may cause safety issues.  The idea is that practicing for the unexpected will help maintain vigilance and prepare teams to respond more effectively in action, even under normal conditions.

“Reliability” (as in safety performance you can count on) is  not the same thing as “Resilience”.  Resilience Engineering presumes that rare disasters will happen, including those that “have never happened before.”  Though rare, these disasters (like the Gulf Coast oil spill) can be so serious that they are well worth preparing for.  But if the organizational culture and climate prevents this kind of inquiry, the odds go up substantially of a disaster.  In this way, a lack of resilience contributes to problems with reliability.  Many organizations in safety-conscious industries implement systems, structures, and processes to improve reliability.  But for the most part, these processes focus on events within the normal range of predictability.  They tend not to highlight disturbance, the unexpected, or decision-making under uncertainty.  One disaster can cause so much damage that it disrupts years, or even decades, of work on reliability.  But if an organization expects the unexpected, its members will respond more effectively even under more normal conditions.

By apparently promoting the view that nothing could go wrong with this kind of oil drilling in its efforts to persuade the federal government, BP may also have created an environment that discouraged its employees from imagining that things could go wrong.  This orientation to possible error can contribute to a lack of preparedness, both from an engineering perspective and a responsiveness perspective.  If cementing was also a known cause of prior blowups, this could have been anticipated as a possibility.  Emergency response scenarios could have been developed and rehearsed to limit the damage, not only by BP, but also by the US government and regulatory agencies.

The world of politics, lobbying, and regulation often does not admit of uncertainty and the possibility of error.  But in the world of oceans, seabirds, fish, and other food supplies, one error can be catastrophic.  This is why, among other remedies to recent the Gulf Oil spill, organizations like BP, as well as the relevant regulatory agencies, need to look at resilience engineering as a methodology for acknowledging uncertainty and remaining vigilant in the face of it.

One Comment leave one →
  1. 2010/05/05 8:19 am

    Wow. Very impressive post, Tom, and very enlightening. Posts such as this demonstrate expertise I didn’t know we (the CAS) had.
    Good job.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: