From the Brink of Disaster

Lessons for Electrical Safety and Reliability

H. Landis “Lanny” Floyd, DuPont

First, it may be useful to share a bit of background on DuPont, the oldest Fortune 500 company. French immigrant Eleuthère Irénée du Pont founded the company in 1802 to make black powder to supply gunpowder and explosives used in farming, mining, and construction in the expanding United States. For nearly 150 years, the manufacture of explosives was the primary business of the DuPont Co. This was an inherently hazardous business. In 1818, a massive explosion destroyed much of the powder mills, killed or injured more than half of the employees and injured Mrs. du Pont. This catastrophe solidified E.I. du Pont’s philosophy in safety management. His words, “We must seek to understand the hazards with which we live,” became the foundation of the company’s approach to managing the design, construction, and operation of facilities for manufacturing highly hazardous materials. In the early 20th century, the company began diversifying into chemicals, which like gunpowder and explosives, involve inherently hazardous materials and manufacturing processes. In the mid 1980s, an effort began to apply experience in managing safety of inherently highly hazardous processes to the unique hazards of electricity. That effort continues today and is the focus of this paper – applying lessons from high profile disasters to the unique hazards of electricity.

During the 20th century, the combination of emerging technologies and machines and processes brought together massive quantities of energy and hazardous materials.

Energy densities took on massive scale, and when something went wrong, the consequences were far reaching. Very detailed investigative reports are available for each of these disasters. Hundreds of books have been written that expand on the official reports. Documentary films have been produced on some of these disasters. It is not possible to capture the full breadth and depth of the lessons learned within the scope of this paper. However, we will see there are ways we can help assure that the full scope of these lessons are applied to electrical safety. Electrical accidents seldom involve more than one or two victims and typically do not generate such attention. But the lessons from the disasters that receive extensive scrutiny can be applied to electrical safety. It is critical that those of us involved in electrical safety understand this, as it can help accelerate improvements and change in how equipment and systems are designed, how electrical hazards are managed, and in changing cultural beliefs and attitudes on risks and consequences of electrical accidents. The key learning or learnings noted with each are only a small selection from the hundreds of recommendations developed form the investigation of each of these events.

1937 – New London School Disaster

On March 18, 1937, a natural gas leak caused an explosion that destroyed a public school building in New London, Texas. The explosion killed more than 295 students and teachers. Of the 640 people in the building at the time, only 130 escaped without injury. The area was rich in oil and natural gas resources and the school district was one of the wealthiest in the US. Built in 1932, the original plans called for a central boiler for heating the building; however, the school board opted to install 72 gas-fired heaters instead. In 1937, the school board cancelled its contract with the natural gas supplier and tapped into a waste gas line from a local refinery. The waste gas was odorless and colorless, and leaks went undetected. Although some students had been complaining of headaches, no action was taken. It is believed that a switch on an electric sander caused a spark that ignited the gas-air mixture. This disaster led to worldwide standards requiring mercaptan additives to all natural gas supplies. The strong odor makes leaks quickly detectable. Decades later, the renowned news anchor Walter Cronkite, who as a young reporter was on site, commented that he never covered a news event that was more disturbing.

A key learning: The hazard (much like electricity) could not be detected with human senses.

1947 – Texas City Explosion

On the morning of April 16, 1947, the worst industrial disaster in the US began unfolding in Texas City, Texas. A small fire on board the SS Grandcamp, loaded with ammonia nitrate escalated to involve nearby refineries, chemical plants and the explosion on April 17 of a second vessel, the SS High Flyer, also loaded with ammonia nitrate. Within a 24 hour period, nearly 600 people weredead, more than 100 missing and never accounted for, 3500 people injured, 1519 houses destroyed, more than 2500 people homeless, major port facilities destroyed, a Monsanto chemical plant destroyed, and total property losses exceeded $700 million in 1947 dollars. Adjusted to 2011, the property financial loss alone exceeded $6.9 billion.

A key learning: The first responders on board the SS Grandcamp and the disaster response team at the port did not understand the hazard and its potential for catastrophe.

1972 – Eastern Flight 401

On December 29, 1972, Eastern Airlines flight 401 from New York to Miami crashed in the Florida Everglades. With 176 people on board, 101 were killed. The Lockheed L1011 Tristar was the first wide body jet crash in the US, and at that time it was the deadliest crash of a commercial flight in the US. In preparation for landing, an indicating light for the front landing gear did not illuminate, and the flight was diverted to give the crew time to investigate. The plane was put on autopilot while the flight crew, including the captain, first officer, second officer and an engineer from Eastern began investigating the problem. While investigating the landing gear situation, it is believed a control was accidently bumped, sending the plane into a gradual, imperceptible descent. There were no ground lights in the Everglades to give visual warning of the planes close proximity to the ground. The investigation team coined a new phrase, CFIT – controlled flight into terrain. Preoccupation with the nose landing gear indicator malfunction distracted the four highly qualified, competent crew and they failed to notice and respond to six different altitude warning alarms.

A key learning: Qualification and competency alone will not prevent errors having catastrophic consequences. Highly qualified persons can and will make mistakes that put themselves and others at high risk.

1974 – Flixborough, England Explosion

On June 1, 1974, an explosion at the Nypro chemical plant in Flixborough, England killed 28 and injured 36 workers. An additional 53 people in the surrounding community were injured. The explosion occurred on a weekend when there was minimal staff on site. If it had been during the week, it was estimated that more than 500 workers would have been killed. 1500 buildings within a mile radius were damaged. Plant maintenance personnel had modified the plant process piping by building a 20 inch diameter bypass line around an out of service reactor. A crack developed in the bypass line, creating a vapor cloud that ignited, exploded, and destroyed the plant facilities. Fires burned for 10 days.

Key learnings included: The importance of minimizing inventories of hazardous materials, the need for documented procedures, and the need for engineering analysis of plant designs and modifications.

1976 – Seveso, Italy Disaster

The largest exposure of dioxins to human and animal populations occurred on July 10, 1976, in Seveso, Italy. Within a few days of a leak at a chemical plant, more than 3300 farm animals had died. Subsequently, more than 80,000 animals were slaughtered to prevent dioxin from entering the food chain. 220,000 people were monitored for long term health effects. In 1982, the European Union passed extensive industrial safety regulations, known as the Seveso Directives.

A key learning: Nearby residents, political authorities, and public health officials were unaware of the presence of a hazard.

1979 – Three Mile Island

The worst accident in the history of the US commercial nuclear industry occurred on March 28, 1979. The #2 unit at Three Mile Island generating station near Harrisburg, Pennsylvania, suffered a partial meltdown. A series of minor equipment malfunctions, coupled with human error, resulted in a major accident. Although there were no casualties directly related to this incident, it halted any further development of commercial nuclear power generation in the U.S.

A key learning: The reactor operators were not trained to operate the reactor under abnormal conditions.

1984 – Bhopal Catastrophe

The Bhopal disaster is considered the world’s worst industrial catastrophe. The official immediate death toll was 2259. Government agencies estimate more than 15,000 subsequent fatalities and 558,125 injuries from a leak of a toxic chemical, methyl isocyanate, from a Union Carbide chemical plant. The leak occurred on the night of December 2-3, 1984. Contributing factors included hidden failures in safety systems due to inadequate maintenance, lack of an emergency response plan, and storage of large quantities of highly hazardous materials in a heavily populated area.

A key learning: Hidden failures in engineering controls critical to safety can have catastrophic consequences.

1986 – Challenger Explosion

At 11:39AM on January 28, 1986, 73 seconds into its flight, the space shuttle Challenger exploded, killing all seven crew members. The disaster was captured live on national TV news. The Rogers Commission, appointed by President Reagan identified flaws in NASA safety management systems that contributed to the disaster. Most disturbing was the finding that maintaining schedule had taken priority over flight safety in decision making processes.

A key learning: Top management had created a culture that allowed cost and schedule to override safety concerns

1986 – Chernobyl Nuclear Disaster

The accident that occurred on April 26, 1986, at the Chernobyl nuclear power plant in the

Ukraine is considered the worst nuclear power plant accident in history. There were 56 deaths on-site. More than 350,000 people were relocated from the nuclear contaminated areas. It is estimated that 4000 deaths will result from increased cancer risk due to radiation exposure. The investigation found flaws and deficiencies in every aspect of the facility. The poor quality of operating procedures and instructions put a heavy burden on the operating crew, creating high degree of vulnerability to human error.

A key learning: The safety culture did not include understanding of the risks associated with the hazards, not only at the Chernobyl plant, but throughout the Soviet design, operating, and regulatory organizations for nuclear power that existed at that time.

1988 – Piper Alpha Explosion

The explosion of the Piper Alpha offshore gas platform on July 6, 1988, is the worst offshore oil disaster in terms of lives lost and impact on the industry. 167 workers were killed. At the time of the disaster, Piper Alpha accounted for 10 percent of North Sea gas production. The fire burned for three weeks before being extinguished by a team under direction of Red Adair. The government inquiry made 106 recommendations for change in safety procedures, all which became standard in the oil and gas industry.

A key learning: Lack of coordination of multiple maintenance activities compromised emergency safety systems

1999 – Institute of Medicine Report

This is not a singular incident as are the other disasters noted in this paper; however, this study has brought great attention to the prevalence of human error in critical situations.

In 1999, the US National Academies Institute of Medicine issued a landmark report on patient safety in the US healthcare systems. The report, titled To Err is Human, stated that 98,000 avoidable deaths occurred annually largely due to human error, making medical errors the 5th leading cause of death in the US. The report cited deficiencies in safety management systems spanning, government oversight, communication processes, incident reporting and sharing practices, equipment designs, team management, planning processes, education, and licensing.

A key learning: Highly qualified and competent personal can and will make mistakes that place others in jeopardy.

2005 – TexaS City Explosion

On March 23, 2005, an explosion at a refinery in Texas City, Texas, killed 15 workers and injured more than 170. The US Chemical Safety Board recommended the company commission an independent panel to investigate the safety culture and management systems. The panel was led by former US Secretary of State James W. Baker III. The panel’s principal finding was that management had not distinguished between occupational safety (i.e., slips-trips-and-falls, driving safety, etc.) and process safety (i.e., design for safety, hazard analysis, material verification, equipment maintenance, process upset reporting). The metrics, incentives, and management systems focused on measuring and managing occupational safety while ignoring process safety.

A key learning: The company had confused improving trends in occupational safety statistics for a general improvement in all types of safety.

2010 – Deepwater Horizon Explosion

On April 20, 2010, an explosion on the deep water oil platform, Deepwater Horizon, killed 11 workers, injured 17, and caused the largest offshore oil spill in US history. The platform sank on April 22. This event will likely spawn significant changes in government regulations and industry standards. Initial findings point to deficiencies in risk management and safety management systems.

Emergence of Safety Management Systems Standards

The high profile disasters in the 1970s and 1980s set the stage for the movement to identify best practices and establish standards for effective safety management systems to minimize risk to workers, the public and the environment. Some companies had already developed proprietary safety management standards that align with or go beyond industry standards that have since emerged. The first consensus standard addressing these needs appeared in 1995, with the publication of ISO 14001, Environmental Management Systems. In 1999, a collaboration of international safety organizationspublished OHSAS 18001, Occupational Safety and Health Management Standard. A similar standard, ILO Guidelines for Occupational Safety and Health Management Systems was published by the International Labour Organization in 2001. Implementation of these standards includes rigorous certification processes, similar to the ISO 9000 quality certification process. More recently, ANSI Z10 Occupational Health and Safety Management Systems, and CSA Z1000, Occupational Health and

Safety Management were first published in 2005 and 2006 respectively. These two standards are wellharmonized with each other and with the other safety management systems standards noted above, but can be applied without the rigorous certification requirements.

Linking NFPA 70E 2009 and CSA Z462-2008 to Safety Management Systems

Continuing its evolution since first published in 1979, the 2009 edition of NFPA 70E and the first edition of CSA Z462-2008 for the first time made reference to safety management systems standards. The referenced management systems standards focus on the strategic levels of management policy and implementation processes to help establish management commitment and support necessary for planning, implementing, and assuring sustainable and continuous improvement in safety performance. Better understanding the role of safety management systems in planning and implementing changes in an electrical safety program may be one of the most critical factors in the success of the electrical safety program, no matter what stage of implementation or its level of maturity. An organization just beginning to apply the requirements of NFPA 70E or CSA Z462, an organization that has a mature safety management system and electrical safety program, but hasn’t assessed integration effectiveness, and the organization that has a mature integration of the electrical safety program may all benefit from a critical review of their electrical safety programs and safety management systems. Unique to CSA Z462-2008 is Annex A, “Aligning Implementation of Z462 with Occupational Health and Safety Standards.” A key statement in Annex A underscores the importance of collaboration and integration:

“The most effective design and implementation of an electrical safety program can best be achieved through a joint effort involving electrical subject matter experts and safety professionals knowledgeable in safety management systems. This collaboration can help assure proven safety management principles and practices applicable to any hazard in the workplace are appropriately incorporated in the electrical safety program. This annex provides guidance on implementing CSA Z462 within the framework of CSA Z1000 and other recognized or proprietary comprehensive occupational safety and health management system standards.”

Where to go from here

Those who have been involved in the development and implementation of NFPA70E and CSA Z462 need to take on the challenge and educate ourselves on safety management systems and how effective electrical safety programs are dependent on integration within these systems. We need to actively seek ideas outside the box of electrical safety, learn how management of other hazards is continually improving and translate these learnings to the unique hazards of electricity.

  H. Landis “Lanny” Floyd II received his BSEE from Virginia Tech and joined DuPont in 1973. For the past 25 years, his responsibilities have largely focused on electrical systems reliability and electrical safety in the construction, operation, and maintenance of DuPont facilities worldwide. He is currently Principal Consultant, Electrical Safety & Technology. He has published or presented more than 100 technical papers, magazine articles, tutorials and workshop presentations on electrical safety and electrical technology. He is an IEEE Fellow, a professional member of American Society of Safety Engineers, a member of NFPA NEC panel 1 and 70E Task Group on Maintenance Requirements, a member of CSA Z462 Technical Committee, a board director of Electrical Safety Foundation International, a Certified Safety Professional, a Certified Maintenance & Reliability Professional, and a registered professional engineer in Delaware.