[PREV - POWER_SATS] [TOP]
May 20, 2008
A common error people make is
to distrust the very idea of It's a well-recognized
automatic safety systems. cognitive bias: people
like to feel like they're
For example, they worry about whether in control, hence they
a nuclear power plant will really virtually ignore the
shut down automatically in the case risks of errors in car
of trouble. driving, but panic
about every reported
But getting that kind of airline crash.
failsafe behavior to
work is really pretty
trivial as engineering
problems go.
I was working at the Nuclear
Research Facility at the INEL when
a small earth quake hit: all of the
reactors that were running shut
down automatically, as they were
supposed to.
It was also not the problem at
Three Mile Island: the automatic
systems saw rising temperatures and
shut the plant down multiple times.
The trouble was that
the human operators
continually did
manual overrides of
the safety systems.
And interestingly enough, once you
They looked at the point this out to people they tend to
low pressure gauge feel better about the TMI accident.
readings and assumed
the high temperature They *like* the fact
readings must be bogus. that there were
screwups by the
They were in the process human operators.
of switching to fancy new
computerized temperature But this hardly
measurements, and trusted let's the nuclear
the lower tech pressure industry off the
gauges more. hook: if human
beings are part
And the operators had been of the control
trained that pressure and loop, then the
temperature would always go reliability of
up together: but that's the whole system
*only* true if there's no gas depends on those
bubble in the system. Gas is humans, and you'd
springy and compressible, and better have some
it makes it possible for the way of making
pressure in the water to stay sure they *don't*
low when temperature goes up. screw up.
So we need social systems
(training and management) that
create an institutionalized
commitment to safety and
ensures that the operators are
well-informed and competent.
As is often the case:
the social component
is the hard part of
technical problems.
TECHIES_FALLACY
But then, in the
case of TMI the
problem was largely
self-healing.
Afterwards no one would
would dare shrug "oh,
it's probably a false
alarm."
Nothing like
trashing a
plant to
convince
that it's a
good idea to
take every
warning
seriously.
--------
[NEXT - WHOS_WE]