Summaries of some major industrial accidents

Deepwater Horizon/Macondo:-

(A former employee of Cameron International - who designed and made the BOP - has described this as an 'excellent article'.)
(Note: BOEMRE was renamed the Bureau of Safety and Environmental Enforcement BSEE in 2012.)
4. This article from Offshore magazine (Dec 2016) summarises the new US offshore drilling regulations and their effects on the offshore O&G industry 
5. Despite the major differences between the 2005 BP Texas City accident and Deepwater Horizon, there was always a suspicion that there had to be some sort of corporate common cause between the two events. This has now been identified in the CSB's report volume 3, published 2016. The relevant extract shows that the process safety lessons learned as a result of Texas City had not been applied to the Macondo-Deepwater
Horizon project. 


1. 6MB conference presentation on Fukushima and its consequences (November 2011)
2. Journal article Fukushima and its consequences (Nuclear Future, April 2012)
3. Journal article Emergency Planning after Fukushima (Nuclear Future, April 2012)

Ammonium Nitrate accidents:- 

1. An overview of three major accidents (Oppau 1921, Texas City 1947, Toulouse 2001) is available here.
2. A list of ammonium nitrate accidents (as comprehensive as I can manage) is given here.

  The Kyshtym accident, Chelyabinsk:-
This is an article published in Nuclear Future 2016 about the history of the Mayak plant near Chelyabinsk,
where one of the world's worst nuclear accidents occurred in 1957, that led to mass relocation of people.
The accident was a legacy of the urgency to develop nuclear technology in the post-WW2 era. 


The History of Technology and Safety 

This section presents a series of essays about 'how we have learned to control technology'.

I would greatly welcome any feedback from website visitors - please use the 'contact' page.

1. Learning from Ignorance is an essay about the development of pressure vessel integrity since the 19th century. Basically, the design and construction of pressure vessels were a long way ahead of the underpinning scientific understanding of metal failure - and there were many serious accidents before the gap between science and engineering was closed.

2. The Second Industrial Revolution presents a very brief history of computer development, and discusses some of the safety issues raised by computers.

 3. The Chernobyl Accident - A Retrospective presents a personal view of the April 1986 accident, its causes and consequences, and the difficulties of managing safety in a totalitarian regime.

4. Situation Awareness and the Human-Machine Interface discusses three commercial aircraft crashes where the crew lost situation awareness. In each case, misleading information from the aircrafts' digital systems confused the pilots in the few minutes they had to make key decisions.

5. Human Behaviour in a Crisis - The Saudia 163 Accident, 1980 describes the horrific accident at Riyadh airport when 301 passengers and crew died on the runway after the plane had landed safely.

6. The Piper Alpha accident in 1988 caused a complete re-baselining of safety management in the North Sea oil and gas industry. The report by Lord Cullen was a model of its kind. This note describes some of the human failings that caused the initial accident and the poor emergency response.

7. Refineries and three accident case studies presents a brief overview of refineries and their accident record, followed by three accident case studies: (i) A pipeline rupture and fire in Washington State, USA, on 10th June 1999, (ii) An accident at the coking plant of the Anacortes refinery, Puget Sound, Washington State, USA, on 10th June 1999, and (iii) The BP Texas City refinery fire and explosion on 23rd March 2005.

8. The Management of Ageing Combat Aircraft - the Nimrod Story presents a summary of the findings of the Hadden-Cave report into the Nimrod accident in Afghanistan in 2006, and some thoughts on the role of safety analysis.

9. Nuclear research in Germany 1938-1945 is a journal paper published in 1985, about the inconsistency between Werner Heisenberg's and David Irving's accounts regarding what the German nuclear programme during the war was trying to achieve - a reactor or a bomb? Since I wrote this article, various other accounts have been written, e.g. Thomas Power's 'Heisenberg's War: The secret history of the German bomb' (Penguin 1994) and David Cassidy's 'Uncertainty - The life and science of Werner Heisenberg' (Freeman 1992), which have developed this story in much more detail. This topic is a fascinating footnote to the Second World War. In 2014, I was going to deliver a presentation on this topic to the Nuclear Institute but they decided the topic was too controversial, which was surprising - the only real controversy is about scientific ethics and honesty. I decided to finish the presentation anyway - here it is - it is much too big to have been a single lecture, but I hope this is an interesting summary of the work of various writers who have researched this fascinating topic. 

10. A great article on the dilemmas facing engineers when dealing with safety issues was presented in The New Yorker magazine, May 2015. It is a piece about auto recalls for safety defects, and how the debate about whether or not to recall can be overtaken by emotional arguments. In particular, it refers to the case of the Ford Pinto from the 1970s and 80s. A good read. 


Climate Change

I am currently studying part-time towards a Master's degree in Earth Science. My motivation was that, having spent my career in energy industries, I was keen to understand throroughly the science of the prediction of future climates, since fossil fuel combustion is causing long-term change. This involves an understanding of geology (where the evidence of past climate change comes from) as well as studying the Earth as an engineering system - its atmosphere, its oceans, tectonics, and changes to solar radiant energy.

The UK seems likely to be affected less than some other parts of the planet, at least in the next century or so. We may get wetter, but not much warmer. A major impact of climate change in the UK and elsewhere will be rising sea level. Again, not a lot will happen in the next century or so, but thereafter coastal cities and low-lying farmland will be badly affected. This presentation gives an overview of the uncertainties in the predictions of future global mean sea level (GMSL).

Another reason for my interest in climate change is that we own a small holiday house on the beautiful sea-loch (i.e. fjord) of Loch Goil in Argyll, Scotland, which is only a short distance from the sea. Loch Goil has been carved from bedrock by the action of glaciers during the last glaciation. A short presentation, written for the local online newspaper, on the Ice Age landscape of Loch Goil is presented here.

Personal near-misses

Each of the following relate to safety anomalies or near-misses which I have witnessed. None led to injuries or accidents. One or two are actually quite funny, I think, but some others were potentially serious.

For some, I have not named the exact place or people involved.

  1. Oil shore terminal deluge systems
  2. Nuclear power station – inspection of storage tank in a pit
  3. Nuclear power station loss of electricity grid during severe storm
  4. Helicopter safety briefing, Indian Ocean
  5. Oil shore terminal permit to work arrangements
  6. Discussion with refinery senior management about hydrocarbon release response
  7. Fabrication of separator vessels, land-based oil field, Central Asia

Some good links

Many books and reports have reviewed and summarised the key points from major industrial accidents. One good source is which gives concise summaries of many accidents including Flixborough, Seveso, Mexico City, Bhopal, Piper Alpha, Texas City, Buncefield, Deepwater Horizon, etc. is a great source of information on industrial health and safety.

High-integrity C&I systems and new (or emerging) technologies are difficult bedfellows - to ensure high integrity, tried-and-tested technologies are preferable. This makes the adoption of new or emerging technologies a tricky area. One recent report that carries out an excellent review of the state of the art is which is a report produced for the US Nuclear Regulatory Commission in 2009 by Oak Ridge National Laboratory.

An excellent low-priced beginners' guide to Field Programmable Gated Arrays (FPGAs) is given in "FPGAs - Instant Access" by Clive Maxfield which is available on Amazon at 

A fascinating report called APT1, into Chinese cyber-attacks on Western companies, is available at . MANDIANT claims to have identified the Chinese organisation responsible for many organised cyber-attacks which have systematically stolen data from major corporations. (Note: I found the APT1 report quite difficult to download from the MANDIANT website, but it is accessible at other 'mirror' sites.)

The Oil & Gas UK website contains some excellent information. They have recently made a lot of reports available free to download as pdf's. Go to . Information available includes annual reports on the economic state of the industry, and its health and safety record.

Some case studies of digital C&I systems failures

Some of these were tragic; the others were just expensive. Item 8 (Torness fuel route) consumed about 4 years of my life.

I have included several aviation accidents and incidents here; modern civil aircraft have completely digital control systems and HMIs, and the complexity of these systems and the number of aircraft in service mean that there is now a body of case studies to which other industries should pay attention.

There are disturbing similarites between two aircrashes cited here as items 5 and 6. Both occurred after loss of indicated airspeed in fully digital cockpits where 'situational awareness' can be difficult (and especially so when under time pressure). In both cases it appears the crew did not realise their aircraft had stalled. There are general lessons here for digital HMIs; displays can be too 'busy', and the alarms generated may not necessarily make clear to the operator the basic information he needs to know. In both of these air crashes, pilot error was given as the main cause. In my view, HMI design was also clearly culpable.

  1. Pipe handling control system failure
  2. Paperless chart recorder failure
  3. Uljin 3 common-cause software error
  4. Kashiwazaki–Kariwa NPP IC failure due to electro migration
  5. Boeing 757 crash Feb 1996 (extract from IET journal)
  6. Airbus crash June 2009 
  7. Common-mode failure of high-integrity C&I systems
  8. Torness NPP fuel route protection systems (Journal paper)
  9. Boeing 737 crash Feb 2009  An example of a latent specification error, compounded by poor response to fault reporting and pilot error
  10. Airbus A330 incident 2008  A control system fault that led to a sudden pitch-down when at cruising height, injuring 119 passengers and crew. This accident was an interesting example of a latent, subtle, dangerous failure in a high-integrity software system that had been developed to high standards. The accident was caused by a Single Event Upset (SEU) fault in an an Inertial Reference Unit, compounded by architectural weaknesses and a latent software specification error that allowed the single SEU fault to affect multiple channels. 
  11. Boeing 767 crash May 1991  Control system fault leading to thrust reverser operation caused a fatal crash.
  12. Airbus A340 fuel starvation incident 2005  Hardware faults, specification issues and HMI issues led to a near-miss when two engines lost power.
  13. Cyber security incidents affecting nuclear power plants Summary details of three incidents affecting nuclear plants (pre-Stuxnet)
  14. Automobile recalls for software faults  There have now been a number of very expensive recalls for safety-related software faults in automobiles. This presents summary details of three examples.
  15. An interesting list of major non-safety commercial and industrial software failures during 2011 was presented in 
  16. A more recent list of major software failure for 2017 can be found at Also see 
  17. After the AirFrance A330 crash in mid-Atlantic in 2009 (see above), many (including me) thought it was such a strange accident that nothing like this would happen again. In December 2014, a similar accident happened to an Air Asia Airbus A320. The causes are similar: high altitude stall, while under 'Alternate law' control (i.e. with reduced in-built protection). As with the Air France accident five years previously, the air crew had not received training in recovery from high altitude stall. It appears there are still serious issues to be addressed regarding Airbus HMI design and air crew training.