On Jul 23, 2010 C-Span covered the testimony of Mike Williams, former chief electronics technician of the Deepwater Horizon offshore drilling platform. I found this fascination to watch. In his testimony he said that key alarms were turned off prior to the explosion that led to the oil spill, because people higher up in the chain of command do not want to be gotten out of bed at two in the morning due to false alarms.
What can I say here? We all obviously think turning off automatic alarms is a bad thing. What would have been a better solution to the problem? A timeout on the override? Getting people in the chain of command to actually understand the risks of turning safety features off in the name of production? Better Maintenance logs across departments and system replacements (testimony clearly indicates that area had problems)? Is your system designed to minimize false alarms?
What do you think after watching Mr. Williams' testimony?
One off-the-wall closing thought: "This is the Seventh Sign: You will hear of the sea turning black, and many living things dying because of it." -- White Feather, a Hopi of the ancient Bear Clan.
Looking for Missed Alarm Bugs in a Formal Verification Tool
-
[This piece is co-authored with Vsevolod Livinskii.] Formal verification
isn’t some sort of magic pixie dust that we sprinkle over a computer system
to mak...
3 months ago
No comments:
Post a Comment