Authors: (December 12, 2009) Steve Dzul, Steve Pankratz, Derrick Boroski
Process controls can have a huge impact on surrounding communities, as well as the environment. An engineer of a large-scale process, therefore, has an important ethical responsibility to operate a process safely and properly. These responsibilities extend well beyond the scope of merely the company for which they work. Catastrophic failures in process control remind us of the importance of control systems and engineering in today's world.
4.1 Bhopal, India Disaster
The Bhopal Gas Tragedy in Bhopal, India on December 3, 1984 was a large toxic gas leak that killed thousands of people in the surrounding area. A tank with 42 tons of methyl isocyanate(MIC) was contaminated with water. This in turn caused a run away reaction that greatly increased the pressure and temperatures in the tank, which forced the emergency venting of the toxic gases to the atmosphere.
This tragedy was largely due to the failure or lack of safety controls:
- Runaway reaction as temperature and pressure increased without regulation
- MIC was supposed to be cooled, however in the Bhopal plant the refrigeration system was not turned on. Temperature control on the tank could have greatly hindered the runaway reaction that ensued with the addition of water.
- Flare tower to handle the leakage of toxic gases was not functional
- The plant also had vent scrubbers, which were also not functional
- Water curtain, which would neutralize some escaping gas, not designed properly. It was not tall enough to reach the top of the flare tower, making it essentially worthless.
- Alarms that would have alerted to a malfunction in the tank had not been operational for 4 years
The figure below illustrates some of these failures:
Had at least some of these been functioning the amount of toxic gas released would have been substantially reduced.
From this tragedy we can see that if the plant had proper safety controls the effects of the disaster would have been greatly reduced. Therefore as a chemical engineer it is our responsibility to society to provide sufficient safety controls to chemical processes in order to prevent disasters such as the Bhopal Gas Tragedy from happening. Unfortunately, industrial negligence is still a problem in many third-world countries.
4.2 Three Mile Island Disaster
One of the largest and most far reaching plant failures in United States history took place at a nuclear power plant on Three Mile Island in March 1979. The event was caused by either a mechanical or electrical failure of the main feed water pumps causing the power plant to begin to overheat. As the heat increased, the control scheme caused the turbine and reactor to shut down. This caused a pressure increase in the primary system (nuclear portion of the plant) and a relief valve automatically opened to release some of the pressure to prevent the reactor from blowing. All of these actions were well designed to prevent a significant event from happening. The problem was that the release valve did not close properly when the pressure in the reactor was relieved. As a result, when the reactor started back up, coolant in the core of the reactor was lost through the pressure relief valve. Because there was no control mechanism that measured the level of the coolant in the reactor, the operators, who only judged the water level by the pressure in the reactor, actually decreased coolant flow to the reactor.
The figure below is a simplified diagram of the TMI-2-plant:
The result of the control design failure that prevented the operators from cooling the reactor was that the rods that held the nuclear fuel melted causing the fuel to also melt. This is the worst thing to have happen in a nuclear power plant and is what happened to cause the disaster at Chernobyl. Thankfully, the accident was largely contained and although the entire nation watched for 3 days as the threat of an explosion or breach of containment loomed, 0 deaths or injuries resulted. In fact, corrective steps were so successful that the average increase in radiation to the surrounding population was around 1% and the maximum increase at the boundary to the site is estimated to be less than 100% of the natural background radiation present in the region.
The accident at Three Mile Island showed the importance of proper design of control systems. As a result the US Nuclear Regulatory Commission took steps to tighten their regulation and increase the safety requirements on Nuclear Power Plants. These included revamping operator training as well as increasing the design and equipment requirements. This also brought the dangers of all industrial processes to the forefront and reminded people of the importance of the safety of the communities surrounding chemical and power plants.
Unfortunately, the incident also inspired intense fear of nuclear power in the general population and is partially responsible for the reduced build rate for new nuclear power plants since that time. Although control failures can be corrected fairly quickly, after one safety issue it is difficult to convince the general public that engineers have fixed the problem and that it will not happen again.
References: www.nrc.gov/reading-rm/doc-collections/fact-sheets/3mile-isle.html: The United States Nuclear Regulatory Commission
4.3 Texas City Disaster
Authors: (December 14, 2009) Virgil Humes, Fred Garner
In March of 2005, 15 people were killed at the of a refinery explosion in Texas City, TX. The refinery is the third largest in the country with the capability to process over 400,000 barrels of crude oil daily. On this particular day, the isomerization unit (whose purpose is to boost the octane rating of fuels) was being started up. As part of the normal start-up sequence, operators began feeding hydrocarbon liquid into the tower. However, a discharge valve that should have been opened was overlooked. A high level alarm was ignored and a second high-level alarm had not yet been re-enabled from the various maintenance activities that had been going on while the unit was down. Upon realizing that the tower was filling, a discharge valve was opened to release the hot fluid from the bottom of the vessel. This fluid then passed through a heat exchanger, warming the fluid that was still being pumped into the tower. The boiling that resulted in the bottom of the tower caused liquids to spill over the top of the stack and into a blow down drum with an atmospheric vent and no flare. The blow down drum could not contain the volume and began ejecting liquid and vapor hydrocarbon from the atmospheric vent. The vapors were soon ignited by a diesel truck with its ignition on. Fifteen people in a nearby trailer were killed in the resulting explosion. Inadequacies in the written start-up procedures, operator training, and the design of the safety relief system led to tragic and unnecessary loss of life. But examples such as these serve to make process environments even safer places to work in and around.
An animation detailing the circumstances surrounding the explosion was released by the U.S. Chemical Safety Board during the investigation. Some accounts of the incident vary in a few details, but all are in agreement that the written procedures, operator training, and some aspects of the safety system design were to blame.
After the incident at the refinery, representatives from BP said the company would eliminate all blow-down drums/vent stack systems in flammable service. Also, the Chemical Safety Board (CSB) recommended that BP commission an independent panel to investigate the safety culture and management systems of BP. The findings of the panel showed that BP management had not distinguished between occupational safety and process safety. This led to new implementations of process safety throughout BP North America.
Wikipedia - Texas City Refinery (BP)