Software Failures on Oil Rigs Mishandled alarms because of user interface Untested portions of code Frozen screens (op. system, app. glitches) Lack of audit trails (recording of data/user actions) Is it possible that the Deepwater Horizon was caused by software?
Evidence? Transocean’s interim report to House of Rep. on June 8, 2010 stated that a full control- system software review was needed July 19, 2010 article in Houston Chronicle: “display screens on the primary workstation used to operate the drill controls.. had locked up more than once before the deadly accicent”
Speculation – What could have Happened? Rigs have numerous software subsystems Variations in hardware, firmware, operating systems, and applications can cause problems similar to that on your laptops Engineers make best efforts to test/ retest Hardware and software interfaces are the weakest links Industry lacks standards in these areas
Mishandled Software Alarms Alarms are not acted on because: – They are not properly prioritized – There are so many (50 in 10 minutes), the minor ones cry wolf Calibration errors Flooding errors
Possible feal failures that could have caused the DH Disaster Buried Alarm – Driller misinterprets “Mud Trip Tank Overflow” alarm as some other minor alarm and clears it Missed Alarm – Mud pump fails, but operator considers alarm is because of sensor problem – Software interface so cluttered that user fails to notice details in alarm that point to true cause Alarm Calibration Error – No alarms existed for detecting unusually high flow and vibration levels in pipes and pumps