Drifting Towards Disaster… a contributory analysis of a complex

Drifting Towards Disaster… a contributory analysis of a complex
system failure.
Google Maps
—  Mine at Plymouth, Pictou County, NS
—  Part of rich, high quality, gassy Foord seem, mined since 1807,
but history of accidents
—  Allan mine: 8 methane explosions in 40 year life
—  Pictou area mines claimed over 600 lives in 150+ year history;
244 of those from Foord seam (Westray)
—  Area was depressed; desperate for new employment
—  Government provided subsidies and guarantees to facilitate
development
—  Geotechnical conditions, delays, productions issues and
inexperienced miners plagued early operation.
—  Reorganization of mine inspection responsibility further
complicated situation
—  Around 5:20, the morning of May 9th , 1992, sparks from
the cutting bits of a continuous miner set of an
underground explosion that resulted in the death of 26
miners.
—  The force of the explosion sent the top of the mine
entrance over a mile into the sky and damaged mine roof
supports.
—  Rescue efforts over the next six days would not,
unfortunately, meet with any success as all 26 of the
trapped miners had perished, very likely at the time of the
explosion. 15 bodies were recovered before rescue efforts
were abandoned due to safety; 11 remain to this day.
— 
— 
— 
• Nov. 1988: Curragh Inc. of Toronto buys rights to Pictou County coal, establishes subsidiary Westray Coal
Inc.
• May 3, 1990: Ottawa approves $85 million guarantee after lengthy negotiations; project months behind
schedule.
• Sept. 11, 1991: Curragh chairman Clifford Frame officially opens mine.
— 
• Sept. 28-Oct. 12: Three major cave-ins; Opposition MLA Bernie Boudreau sounds alarm about safety.
— 
• Oct. 18: Department of Labour asks Westray to draft plan for spreading explosion-retarding limestone dust;
it is never filed.
— 
• Nov. 22: Department of Natural Resources engineers reject changes to mine plans, threaten to rescind
mining permit.
— 
• Dec. 8: Miner Carl Guptill injured, takes safety complaints to Department of Labour officials.
— 
• Dec. 20: Natural Resources does an about-face, approves the altered mine plan after all.
— 
• Jan. 6: United Mine Workers of America fails in certification drive.
— 
• Mid-Jan.: Inspectors refuse to act. Carl Guptill is fired.
— 
• Mar. 28: Cave-ins force the sealing off of a major coal-producing area; the makeshift seal fails to contain
the methane gas, which leaks out.
— 
• Apr. 6: Westray wins John T. Ryan safety award.
— 
• Apr. 29: Labour department inspector Albert McLean orders the company to spread limestone and clean up
coal dust "to prevent an explosion." It is not done.
— 
• May 1, 6: McLean and a Provincial Engineer visit the site, but no effort is made to ensure compliance with
orders.
— 
• May 9: Methane and coal-dust blast rips through mine at 5:18 a.m., killing all 26 men working
underground.
— 
• May 10-13: Rescue crews recover 15 bodies from southwest section, suspected site of explosion.
— 
— 
• May 14: Search called off as too hazardous. Eleven bodies are left underground.
• May 15: Justice Peter Richard of Nova Scotia Supreme Court named to head the inquiry into the disaster.
—  Direct:
—  Sparks from the teeth of the continuous miner
—  Methane gas pockets
—  Coal dust in explosive concentrations
—  Indirect
—  General disregard and neglect for safe mining practices
—  Illegal or inadequate equipment / maintenance
—  Inappropriate attitude towards safety by mine management
—  (or any of the other 27 items listed on p21, 22 of the report
summary “The Explosive Environment”
—  Curragh Resources (Clifford Frame)
—  Canadian Mining Development (CMD) – main access slopes
—  Westray Mine Management
—  Gerald Phillips, mine manager
—  Roger Parry, underground manager
—  Provincial Government
—  Donald Cameron, Min. Industry, Trade & Tech, then Premier in ‘91
—  John Buchanan, Premier, up to ’91
—  Leroy Legere, Min. of Labour from ’91
—  Department of Labour
—  Albert McLean, John Smith, Inspectors
—  Claude White, Director of Mine Safety
—  Jack Noonan, Executive Director
—  Department of Natural Resources
—  Robert Naylor, geologist
—  Miners/community in Stellarton/Plymouth, Pictou County
—  Carl Guptill
—  Justice K. Peter Richard concluded, "The Westray Story is
a complex mosaic of actions, omissions, mistakes,
incompetence, apathy, cynicism, stupidity, and neglect.
Some well-intentioned but misguided blunders were also
added to the mix. It was clear from the outset that the loss
of 26 lives at Plymouth, Pictou County, in the early
morning hours of 9 May 1992 was not the result of a
single definable event or misstep. Only the serenely
uninformed (the willfully blind) or the cynically selfserving could be satisfied with such an explanation.”
—  A 1997 Halifax Chronicle-Herald article quoted Frame
protesting, "I'm sitting up here in Toronto . . . How in the
name of God would I know that anybody was adjusting a
methane detector? . . .And if I didn't know that, how could
I have any feeling of guilt, other than the fact that I
shouldn't have developed the Goddamned mine in the first
place."
—  If the "floor, roof and sides of the road and the working places"
…had been systematically cleared so as to prevent the
accumulation of coal dust;
—  If the "floor, road and sides of every road" …had been treated
with stonedust so that the resulting mixture would contain no
more than 35 per cent combustible matter (adjusted downward
to allow for the presence of methane); and
—  If the mine had been "thoroughly ventilated and furnished with
an adequate supply of pure air to dilute and render harmless
inflammable and noxious gases," …then . . .
—  . . . the 9 May 1992 explosion could not have happened, and 26
miners would not have been killed.
—  What if — Clifford Frame, as Westray's chief executive officer, had acknowledged that the
— 
— 
— 
— 
— 
— 
motivation for mine safety begins at the top? What if he had sent a clear message to Westray
management that a safe working environment was paramount?
What if — Gerald Phillips, Roger Parry, Glyn Jones, and other Westray managers, with a clear
directive from the chief executive officer, had conscientiously directed compliance with the
Manager's Safe Working Procedures?
What if — the Coal Mines Regulation Act had been applied and enforced by the inspectorate
of the Department of Labour? Would it have made a difference if the executive director of
occupational health and safety had even read the act?
What if — the public servants at the Department of Natural Resources had fulfilled their
legislative responsibilities and determined, before issuing mining permits, that the mine plans
submitted by Westray assured "safe and efficient" use of the resources and then followed up to
determine that Westray was mining in accordance with those plans?
What if — the Westray miners, at the certification vote on 5 and 6 January 1992, had voted in
favour of the application of the United Mine Workers of America to represent them as the
bargaining agent under the Nova Scotia Trade Union Act?
What if — Department of Labour inspector Albert McLean, while at Westray on 6 May 1992,
had returned underground to evaluate the company's progress in complying with the several
oral and written orders issued during the inspectors' visit of 29 April 1992?
…
—  Dept. of Labour filed 52 charges under OHS Act against
management including Phillips and Parry.
—  OHS charges dropped in favour of criminal charges
against Phillips and Parry
—  Charges stayed in 1995 (prosecution failed to provide full
disclosure)
—  Appeal ordered new trial, but dropped for lack of
evidence.
—  Bill C-45 in 2004; new legal duties and liabilities for
workplace safety.
—  Westray disaster occurred because of numerous errors and
cases of neglect or dereliction
—  Result of a complex interaction of many factors by many
contributors
—  Many characteristics in common with other disasters
—  many “normal” actions, not all errors or mistakes*
—  Also many things in common with other “complex
systems”.
—  A diversity of contributing factors that ultimately result in a
catastrophe*
*E.g. Alaska Airlines crash
—  A “safe practice” is one that, if followed, will (based on
experience) lead to an acceptably low “failure rate” (risk)
—  Hypothesis (unsubstantiated): the amount of empirical
data required to determine the probability of failure with
an acceptable degree of confidence is greater than any
individual and most organizations can accumulate on their
own. (remember the exception w.r.t. confidentiality)
—  “things” have failure rates (mtbf), and we have technical
methods for analysis and improving reliability through
design, redundancy, maintenance etc.
—  People are part of a complex system and can either
contribute to or prevent failures, depending on their
knowledge (experience, training, understanding),
capability (including authority) and attitude.
—  Premise: “The growth of complexity in society has
outpaced our understanding of how complex systems
work and fail. Our technologies have got ahead of our
theories.” (Dekker)
—  Traditionally use a Newtonian-Cartesian view of the world
(Dekker, 57, 80) to model systems and determine reasons
for failure (all “working things” have a deterministic
relationship, and if we fully understand that relationship
we can predict behaviour and understand failures by
finding the “broken part”)
—  A complex system is one in which there are so many interactions,
unknowns, non-linearity's, amplifications, translations etc., that no
one agent (or group of agents) can fully understand its operation or
(deterministically) predict its behaviour.
—  A complex system evolves somewhat like a living, biological
organism, adapting to its surroundings and stimuli in a way that is
never fully understood by the agents operating within the system.
—  Agents operating within the system will make decisions based on
their limited knowledge to meet their own goals, and can only define
the system’s characteristics as a construct based on their subjective
observations (i.e. no “external reality”). These decisions can have
global implications unknown to, and not understood by, the agents
making them.
—  Complex systems tend to “drift” into failure…
—  Uncertainty and competition (next slide)
—  Chronic pressure to trade off resource and cost pressures with
safety
—  Decrementalism (Dekker, p40, p15)
—  Drift occurs gradually, in small imperceptible steps
—  Empirical validation… normalization of exceptions
—  Sensitive dependence on initial conditions (butterfly effect)
(Dekker, p42)
—  Unruly technology
—  There are uncertainties, especially with new technologies, that
can invalidate assumptions on which initial decisions are based
—  Contribution of the Protective Structure
—  Regulators often directly or indirectly collude (e.g. Westray)
Complex System Boundaries
Complex
System Operation
Economic boundary
Dekker, p37: Rasmussen
—  “…Murphy’s Law is wrong: everything that can go wrong
usually goes right, then we draw the wrong
conclusion.” (Dekker, p39, Langewiesche)
Crossing the road
—  High Reliability Organizations (HROs) have a number of
common traits (Dekker, p93-95)
—  Leadership Safety Objectives
—  Redundancy (both serial and parallel)
—  “Considerable delegation and decentralization of decision
authority about safety issues” (p94)
—  Organizational Learning – accept small risk in order to
avoid large ones (will test ideas / theories)
—  One more characteristic… diversity.
—  The Herfindahl Index: (Dekker, p175)
N
H = ∑s
2
i
i=1
Changing oil…
Between
subjective
and objective
Corroborated
by evidence,
example
—  “The culture of safety that was observed [in HROs] is a
dynamic, intersubjectively constructed belief in the
possibility of continued operational safety, instantiated by
experience with anticipation of events that could have led
to serious errors, and complemented by the continuing
expectation of future surprise.” (Dekker, 95, Rochlin)
“imaginative
forecasting”
Expecting the
unexpected
—  Incubation & Surprise
—  Progressive laxity in inspection/enforcement (“contribution
of the protective structure”)
—  Scarcity & Competition (boundary issues)
—  Financial “issues” led to pressure to produce; led to
inexperienced operators (workload issues) and then safety
issues (marginal safety boundary)
—  Lack of High Reliability Organizations (HROs) traits
—  No leadership safety objectives/culture, poor diversity score,
centralized decisions, poor training…
Phillip’s the miner
—  “Failures and disasters are usually the result of numerous
contributory “events” and preconditions, all culminating
in a coincident effect at one point in time. Considerably
more often, fortunately, a disaster is averted because at
least one of the preconditions does not materialize or one
of the events does not occur. However, those who
contribute to this avoidance, will never know that the one
action they took changed the course of events, was the
“game changer”, that saved a life.”(Lynch)
Bateman’s GPWS
—  Disasters happen because a number of things all go
“wrong” at the same time
—  Almost always, one person might have changed the
outcome by doing one thing differently (or better)
—  That one person could very often be you, the engineer
—  But… you will never know for sure that what you did
averted a disaster, so…
— Have faith!
—  At the end of the day, when I take my rest
—  Content that I have done my best
—  To do my part, however small
—  To make things safe, for one and all
—  Though certain I may never be
—  A disaster was missed because of me
—  This recompense will ease my strife
—  In doing so, I saved a life!
©Denard Lynch 2012
—  “Westray Mine Public inquiry - Executive Summary”, Justice
K. Peter Richard, 1997, ISBN 0-88871-468-8
—  “The Westray Mine Explosion: An Examination of the
Interaction Between the Mine Owner and the Media”, Trudie
Richards, Canadian Journal of Communications, Volume 21,
Number 3, 1996
—  “Liars, Cowards and Tricksters – Westray Coal Mine Disaster”,
Shirley Collingridge, wordsmith
—  The Westray conundrum, OHS Canada 25th Anniversary Best
Editorial, April/May 1998 (Retrieved from: http://www.ohscanada.com/25years/
best_editorial/1.WESTRAY.aspx Nov. 20, 2011)
—  “Drift into Failure: From Hunting Broken Components to
Understanding Complex Systems”, Sidney Dekker, Ashgate,
Surrey England, 2011, ISBN 978-1-4094-2221-1