EG 2401 - K. G. Neoh 1

EG 2401 Engineering Professionalism

Topic 7: Commitment to Safety

Topic 8: International Engineering Professionalism

Topic 9: Engineers and the Environment

K. G. NeohDept. of Chemical & Biomolecular Eng

EG 2401 - K. G. Neoh 2

Topic 7: Commitment to Safety1. Introduction2. Safety and Risk3. Difficulty in Estimating Risk4. Defining Acceptable Risk5. Liability for Risk6. Designing for Safety7. Causes of Technological Disasters8. Case Study

Reference Reading: Fleddermann 3rd or 4th Ed Chp 5 & Harris 4th Ed Sections 5.7 to 5.10 + Chp 7

EG 2401 - K. G. Neoh 3

1. IntroductionNo duty of the engineer is more important than his/her duty to protect the safety and well-being of the public - Fleddermann

EG 2401 - K. G. Neoh 4

With great power comes great responsibility

Responsibility in Engineering

Engineering is an important and learned profession

Engineers work has great impact on society & peoples lives

Impact is the result of engineers expertise (or lack of)

But engineering work involves risk (social experimentation)

Expertise carries with it professional responsibility!

EG 2401 - K. G. Neoh 5

Examples of Technological Disasters

Aerospace Challenger (86); TWA Flight 800 (96); Columbia (03)

Chemical Love Canal (78); Bhopal (84); Industrial Accidents in China (05/06)

Civil Mississippi River Bridge (07); Dam Failure in Spain (98); WTC Collapse (01)

Electrical US NE Blackout (65, 03); Three Mile Island (79)

Mechanical Ford Pinto (60s); Hyatt Regency Walkway Collapse (81)

EG 2401 - K. G. Neoh 6

2. Safety and Risk

Risk: possibility of suffering harm or loss Safety: value judgment, related to risk Safety and risk depend on many factors:

- voluntary vs involuntary risk- short-term vs long-term consequences- expected probability- reversible effects- threshold levels- delayed vs immediate risk

EG 2401 - K. G. Neoh 7

Class Discussion: Perception of Risk

In 1992, roughly the same number of fatalities occurred in USA involving different forms of transportation:

Airplanes 775Trains 755Bicycles 722

Is the public perception of risk involved in each transportation mode the same?

Why?

EG 2401 - K. G. Neoh 8

3. Difficulty in Estimating Risk Risk assessment is the uncertain prediction of

the probability of harm

(i) Not possible to anticipate all of the technical problems which can result in a failure(ii) Not possible to anticipate all human errors which can result in a failure(iii) Possibilities assigned to failure modes are highly conjectural and cannot be corroborated by experimental testing(iv) Cannot be sure of the sequence of the initiating events

EG 2401 - K. G. Neoh 9

4. Defining Acceptable Risk In the face of uncertainties inherent in the prediction of

risk, how do we define acceptable risk?

Balance between utilitarian and respect-for-persons (RP) considerations

Principle of acceptable risk: People should be protected from the harmful effects of technology, especially when the harms are not consented to or when they are unjustly distributed, except that this protection must sometimes be balanced against (a) the need to preserve great and irreplaceable benefits and (b) the limitations on our ability to obtain informed consent (Harris)

Approaches of laypeople vs experts

EG 2401 - K. G. Neoh 10

Laypeoples perception of risk often includes value judgment: a risk imposed involuntarily is more risky than one that is voluntarily assumed, eg exposure to toxic waste vs smoking voluntarily assumed risks are more acceptable than risks not voluntarily assumed willing to accept higher risk if compensated

To give free and informed consent to risks imposed by technology, a person must (i) not be coerced, (ii) have the relevant info, and (iii) be rational and competent enough to evaluate the info

acceptable risk is one which is freely assumed by free and informed consent, or properly compensated, and which is justly distributed

EG 2401 - K. G. Neoh 11

Experts definition: Risk = Probability x Magnitude of harm acceptable risk is define in utilitarian terms (cost-benefit analysis)

Government regulators face a dilemma (i) regulate only when there is a provable connection or (ii) eliminate any possible risk?

Option (i) may expose public to unacceptable risks since there are difficulties in establishing effects and limitsOption (ii) would result in cost-ineffectiveness since large amounts of money would have to be spent to eliminate even minute risks

acceptable risk is one in which protecting the public from harm has been weighted more heavily than benefiting the public

EG 2401 - K. G. Neoh 12

5. Liability for Risk Risks impose liabilities on engineers, which often result

in litigation Litigation seeking redress from harm commonly appeals

to Tort Law which deals with injuries to one person caused by another, usually as a result of negligence of the injuring party

Standard of proof in tort law that a given substance caused a harm is usually less stringent compared to scientific studies as well as in criminal proceedings

Ethical question: should we be more concerned with protecting the rights of plaintiffs who may have been unjustly harmed or with promoting economic efficiency and protecting defendants against unjust charges of harm?

EG 2401 - K. G. Neoh 13

Protecting engineers from liability: sometimes the threat of legal liability prevents engineers from assuming the responsibility to protect public safety

Example: use of trench boxes in excavating for foundations and pipelines, etc. People who work in deep trenches are subjected to considerable risk of death or injury from collapsing trench walls

Trench boxes greatly reduce the risks but should engineers specify the use of trench boxes?

If they do not workers are subjected to high risks

If they do they may incur liability in case of accident

EG 2401 - K. G. Neoh 14

6. Designing for Safety 4 criteria needed to help ensure a safe design

- design must comply with applicable laws- design must meet the standard of acceptable practice- potentially safer alternative designs must be explored- engineer must attempt to foresee potential misuses of product and design to avoid these problems

Once a product is designed both prototypes and finished devices must be rigorously tested with regards to specifications as well as safety

EG 2401 - K. G. Neoh 15

Class Discussion: De Havilland Comet 1 1st commercial jet airliner (1952: maiden flight from

London to Johannesburg)Disastrous History

- Mar 1953: Crash on takeoff: All dead- May 1953: Crash on takeoff: All dead- Jan 1954: Broke up in flight and crashed into the sea: All deadWhy???

Comet 4 - Redesigned and entered commercial service in 1958. But??

Designers wanted square window to differentiate from ships portholes

EG 2401 - K. G. Neoh 16

Roll-on-Roll-off passenger and car ferry Operate on route across English Channel

Class Discussion: Herald of Free Enterprise

1987 Capsized within minutes after leaving harbor

Loss of 188 lives

Simulation: http://www.youtube.com/watch?v=jz2jpLO-bYw

EG 2401 - K. G. Neoh 17

Multistep procedure for effectively executing engineering designs:(i) define the problem, ie needs, requirements, constraints(ii) generate several alternative solutions(iii) analyze pros and cons of each solution(iv) test the solutions(v) select the best solution(vi) implement the best solution

Safe exits impossible to build a product that will never fail. Hence in terms of sound engineering, assure that when a product fails,- it will fail safely- the product can be abandoned safely, or- the user can safely escape the product

EG 2401 - K. G. Neoh 18

Example of lack of safe exits Titanic largest and most luxurious steamship of its time

Confidence in its (unsinkable) design was so high that owners and builders had rejected plans for 64 lifeboats. The 20 lifeboats on the Titanic could only accommodate about half of the 2228 passengers.

> 1500 people perished when the Titanic sank after hitting an iceberg on its maiden voyage in 1912

EG 2401 - K. G. Neoh 19

Challenger accident in Jan 1986 the space shuttle exploded shortly after launch

Technical fault failure of the O-rings in the SRB Contributing factor the decision to launch on a

particularly cold day- Lowest T the shuttle had previously encountered during

launch was 53 F. Prior to launch in Jan 1986, T of seals was 29 F and some engineers expressed concern that the cold weather may affect the O-ring

- By deciding to launch, the boundary for acceptable risk was expanded by 24 F

Normalization of Deviance Risk is increased when engineers accept anomalies and increase the boundaries of acceptable risk

EG 2401 - K. G. Neoh 20

7. Causes of Technological Disasters

Technical design factors Faulty design Defective equipment Defective materials Faulty testing procedures

Human factors Operator error/ Ignorance Misinterpretation/ Misjudgment Human-machine mismatch Unethical/willful acts

Organizational system factors

Policy failures Cost pressures Communication failure Faulty group decision making

Socio-cultural factors Values placed on safety Attitudes towards risk Institutional (regulatory, educational) mechanisms

EG 2401 - K. G. Neoh 21

Class Discussion: Nuclear Plant Accidents

Where are serious accidents likely to occur?

EG 2401 - K. G. Neoh 22

1957 Sept: Mayak nuclear complex (USSR) fault in cooling system led to explosion and release of ~ 70 to 80 tonnes of radioactive materials

1957 Oct: Windscale nuclear reactor (UK) fire in graphite core, limited radioactivity release

1961 Jan: US Army SL-1 reactor (Idaho) explosion killed 3 workers

1979 Mar: 3 Mile Island power plant (USA) cooling malfunction, partial meltdown, limited radioactivity release

1986 Apr: Chernoby (USSR) fire and explosion, ~30 deaths soon after and thousands of extra cancer deaths, release of 100X more radiation than A-bombs dropped on Nagasaki and Hiroshima

1999 Sept: Tokaimura nuclear fuel processing facility (Japan) - Workers break safety regulations by mixing dangerously large amounts of treated uranium, setting off a nuclear reaction, 2 deaths, workers exposed to high radiation

2004 Aug: Mihama (Japan) steam pipe rupture, 5 killed, no radiation leak

2011 Mar: Fukushima (Japan) fires after cooling systems failed due to damage from tsunami, large scale release of radioactive material

6

5

4

5

7

4

1

7

Deadliest nuclear power plant accident in Japan before Fukushima

5 people killed, 6 injured when steam pipe in secondary coolant system ruptured. Luckily, no radiation leak.

Class Discussion: Mihama 2004

Steam at 140 C, 9.5 atm P

Flowmeter

Available guidelines for checking coolant pipes but implementation is voluntary

Poor plant management or slack regulatory body?

Pipe has never been checked in 28 yrs of operation

Original wall thickness 10mm

Corroded to 1mm

Class Discussion: Fukushima 2011 Death toll from accident

is low but radioactivity released can lead to cancer deaths

EG 2401 - K. G. Neoh 24

Was the Fukushima disaster a man-made one?

Plant operator TEPCO after accident: size of tsunami was beyond all expectations

Japanese parliamentary panel 2012: root causes were organizational and regulatory systems that supported faulty rationales for decisions and actions

Plants structure was not capable of withstanding the effects of the earthquake and the tsunami

TEPCO and the regulators were aware of the risk from such natural disasters, but neither had taken steps to put preventive measures in place:

TEPCO had not upgraded the reactors seismic defenses as required by Japans Nuclear and Industrial Safety Agency; the agency failed to enforce the upgrade

Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to sticking with the program; our groupism; and our insularity.

EG 2401 - K. G. Neoh 25

EG 2401 - K. G. Neoh 26

Video Screening 1

Title: Engineering Disasters 3 (TA495 Eng 2002)

Documentary with archival footages shows how easy it is for small errors to be transformed into failure or tragedy

- Idaho experimental nuclear reactor- Space missions

What lessons can be learned from these accidents?

EG 2401 - K. G. Neoh 27

8. Case Study: The Bhopal Disaster Worlds worst industrial disaster

On the night of Dec 2, 1984, >20 tons of toxic chemicals escaped from the Union Carbide plant

Approximately half of Bhopals population (~ 1/2 million) was exposed to the toxic gas

Estimated 2000 8000 people died, and survivors continued to experience permanent disabilities and chronic ailments

Postings of Bhopal Disaster documentary are available on Web. Eg: http://www.youtube.com/watch?v=AXEYGIIxONUhttp://www.youtube.com/watch?v=rJg19W8x_Ls

EG 2401 - K. G. Neoh 28

Historical Development of Bhopal Plant

Bhopal plant opened in 1969 and was first limited to formulating pesticides (mixing stable compounds to get final product)

Plant was owned and operated by Union Carbide India, Limited (UCIL) and UC owned 50.9% of UCIL shares

In 1970s, the plant obtained license from the Indian Govt. to manufacture pesticides (rather than just formulating) which required the handling of dangerous chemicals

EG 2401 - K. G. Neoh 29

Union Carbide Corporation

Had a long and respected history in India since 1934

UC entered the pesticide industry in early 1960s as market was booming

As the pesticide market decreased and grew more competitive, UCIL hoped that by manufacturing raw materials and intermediates, it could increase sales and satisfy the Indian Govt.s push for domestic manufacture

EG 2401 - K. G. Neoh 30

Background Info UCIL Plant

Union Carbide plant at Bhopal manufactured pesticides using MIC (methyl isocyanate)

Many people lived in shanty towns built alongside the factory and thousands more lived nearby in the old city

EG 2401 - K. G. Neoh 31

Methyl Isocyanate (CH3-N=C=O)

Used for the manufacture of pesticide

Highly toxicTLV value of MIC is 0.1 of mustard gas, a chemical weapon used in WW 1

Highly reactiveRunaway reaction possible if mixed with water or metals

EG 2401 - K. G. Neoh 32

What Caused the Bhopal Disaster?

Accidental mixing of water and MIC

Inadequate training of personnel

Poor maintenance of equipment

Failure of safety systems

Lack of contingency plans with regards to notification and evacuation of surrounding population in event of emergency

EG 2401 - K. G. Neoh 33

Accidental Mixing of Water and MIC

Water could have entered the MIC storage tank E610 during the washing of the vent lines because workers did not follow SOP

Water reacts vigorously with MIC resulting in heat release, causing the T of MIC to increase

High T caused the MIC to vaporize, leading to buildup of pressure in the tank

When the internal pressure of the tank became sufficiently high, the pressure relief valve opened, releasing the MIC vapor

EG 2401 - K. G. Neoh 34

Inadequate Training of Personnel

When plant was first opened, UCIL sent its workers to the Institute Plant in W. Virginia for training

Later more experienced workers at the Bhopal plant were supposed to train the new employees

With high worker turnover, the quality of instruction progressively diminished

Training period also reduced to cut costs

EG 2401 - K. G. Neoh 35

Poor Maintenance of Equipment

Plants recent worker cutback resulted in halving of maintenance crew

Patchwork maintenance jobs to cut costs as plant was losing money

Minor leaks routinely occurred in plant

6 accidents had occurred at the plant between 1981 and 1984; 3 involving MIC or phosgene (another toxic chemical) resulting in 1 fatality

EG 2401 - K. G. Neoh 36

Failure of Safety Systems

Plant was designed with safety systems to prevent or mitigate potential accidents- MIC storage tank had a refrigeration unit to keep T down to prevent vaporization

- scrubber system to neutralize toxic vapors with caustic soda

- flare system to burn vapors before entering atmosphere

None of the safety systems was functional on the night of the accident

EG 2401 - K. G. Neoh 37

Failure of Safety Systems

Disabled safety systems useless as increasing gas P blew open the valve

Contents from E610 could not be transferred to E619 which was the safety overflow bec it also contained MIC

EG 2401 - K. G. Neoh 38

Lack of Contingency Plan

Plant employees did not appreciate dangers of MIC due to their lack of knowledge of its effects

Little communication between plant and community regarding actions to be taken in case of a major accident

On night of accident:- poor coordination between plant employees and officials: alarms & evacuation buses not well-utilized - populace not advised on precautions which could have reduced fatalities

EG 2401 - K. G. Neoh 39

The Day AfterMost of initial deaths occurred as a result of MICs effects on the respiratory system

EG 2401 - K. G. Neoh 40

Aftermath of Bhopal Disaster In 1989, UC paid US$470 million to the

Government of India as compensation to victims Activists continued to argue for higher

compensation Dow Chemical has purchased UC, and claimed

no further responsibility for compensation

Thousands of people around Bhopal still remain at risk of poisoning- tons of toxic waste remain on site- groundwater has high levels of contaminants- residents are plagued by medical and economical problems- Indian Govt. said it will clean up the site

EG 2401 - K. G. Neoh 41

Who is Responsible?

[1] Was such an accident foreseeable by UC?

- known problems with leaks in MIC system at Bhopal plant- UC aware of potential of runaway reaction in W. Virginia plant- UC safety audit team had highlighted deficiencies in safety measures at Bhopal plant, eg no automatic controls on MIC feeder tanks, unreliable gauges and valves insufficient training, lack of preventive maintenance high employee turnover

EG 2401 - K. G. Neoh 42

[2] Should the Indian Govt. share some of the blame?

- environmental and safety standards are less stringent than in US

- no policy or zoning forbidding people from living so close to a plant where hazardous chemicals were stored and used

- pressure to design a labor intensive plant (to improve employment) instead of more automated plant and to use locally produced equipment when possible

EG 2401 - K. G. Neoh 43

[3] Was the plant management negligent?

- safety systems were not functional even if disaster could not be averted, the effects could had been mitigated

- inadequate training, and maintenance and safety procedures cost cutting measures compromised safety- lack of communication with community inadequate info provided on effects of MIC

exposure and treatment

EG 2401 - K. G. Neoh 44

[4] Employee sabotage?

From UCs Report:

Proposed that an employee at the Bhopal plant deliberately introduced water into the MIC tank

EG 2401 - K. G. Neoh 45

End of Topic 7