On initial consideration, one might reasonably ask: What can the National Aeronautics and Space Administration (NASA) contribute to the oil and gas industry?
About 3 years ago, a senior principal at Deloitte Advisory’s Energy & Resources Operational Risk Group reached out to NASA to better understand the safety culture at NASA with the intent of understanding how that culture might translate to oil and gas operations. Very quickly, the conversation expanded to the realm of risk management.
Working with Deloitte, NASA came to appreciate the remarkable similarities between an offshore deepwater facility and the International Space Station. Both exist in extremely hostile environments. Both function in remote locations where movement of crew and supplies must be carefully choreographed. Both are extremely complex engineering structures where human reliability plays a critical role in mission success, and both have a deep commitment to personal and process safety.
It also should be noted that both have dedicated teams—the onboard crew and the onshore support experts—that live by the mentality that “failure is not an option” because of the consequences to life and the environment should a catastrophic mishap occur.
At NASA, we use qualitative techniques—such as fault trees, failure modes and effects analyses, hazard assessments, etc.—to understand risk based on statistics, experience, or possibilities that our engineers can anticipate. Similarly, upstream oil and gas exploration and production uses qualitative techniques—such as process safety methods, barrier analyses, bowtie charts, hazard identification, hazard and operability studies, etc.—to assess risk. At NASA, these qualitative approaches are augmented by a quantitative risk-assessment technique called probabilistic risk assessment (PRA) to uncover and mitigate low-probability sequences of events that can lead to high-consequence outcomes.
Why PRA?
The technique of PRA was developed by the nuclear power industry and initially published in mid-1975, though not widely publicized. However, the investigation of the Three Mile Island incident in 1979 revealed that the PRA had documented the sequence of low-probability events (both of hardware failures and human errors) that led to the high-consequence near-meltdown of the nuclear core. As a result, the US Nuclear Regulatory Commission has required a facility-specific PRA for every nuclear power plant in the United States.
In February 2003, Space Shuttle Columbia was lost on re-entry when a piece of insulation foam broke off from the external tank and struck the wing leading edge of the space shuttle. Recognizing that the cause of this accident was a low-probability, high-consequence event, NASA committed to strengthen its safety and mission assurance capabilities. PRA was adopted and embraced by the Space Shuttle and International Space Station programs.
A PRA creates a rigorous logic flow for a complex system. Every safety-related hardware component is captured as a node and quantitative reliability performance numbers are assigned to each possible outcome. For example, a pump can function as commanded, remain off when commanded on, remain on when commanded off, or operate at only a partial level of capability. Human actions also are captured as logic nodes that can have quantitative reliability information assigned to them. For example, a person can push the correct button within the assigned timeframe, push the wrong button, push the correct button outside the assigned timeframe, or do nothing.
A rigorous PRA also can account for common cause failures in both hardware and software. For example, if a pump fails in one system, then all similar pumps from the same lot/vendor that may exist in entirely separate systems are now suspect.
Given a high-consequence undesirable event (such as loss of hydrocarbon containment), every single path through the logic model that could lead to that event can be assessed. Should a low-probability action occur (perhaps a highly trained individual is distracted and fails to observe a change in the mud flow rate in vs. the mud flow rate out), then every other subsequent low-probability action(s) can be identified to mitigate the undesirable event.
Why BSEE?
In April 2015, I attended a conference that explored crossover technologies that might have applications to the space and energy sectors. Brian Salerno, director of the Bureau of Safety and Environmental Enforcement (BSEE), gave a presentation that included an acknowledgement that BSEE would need better tools to assess risk as operators moved to deeper drilling; higher temperatures and pressures; less well understood environments; and introduced new, emerging technologies. He suggested the need for a quantitative approach to risk management.
The outcome of several meetings was a US Government Interagency Agreement between BSEE and NASA signed in January 2016, formalizing a partnership between the two organizations for 5 years. Under this agreement, NASA will work with BSEE to develop a process for preparing PRAs for offshore deepwater drilling and production operations. Together with the oil and gas industry, we will evaluate whether the additional insights of a PRA provide meaningful information for the operators and contractors as well as for the regulator, BSEE.
NASA has a document to guide in the preparation and execution of a PRA referred to as the “Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners” (NASA document number SP-2011-3421). The first task that BSEE has given NASA is to rewrite the PRA Guide to be relevant to the oil and gas industry. NASA is scheduled to deliver the initial version of the document to BSEE by the end of the 2016 calendar year.
Projects With Anadarko
In addition to working with other government agencies, NASA has a special mechanism for working with commercial organizations. In situations where NASA has unique facilities, technologies, techniques, or experiences, it may enter into a reimbursable agreement (referred to as a Space Act Agreement) to perform work for the mutual benefit of the Space Act partner and NASA.
Anadarko Petroleum is working with suppliers to develop various subsea equipment with working pressures of more than 15,000 psi for their Shenandoah field in the Gulf of Mexico. The director of Engineering and Technology Global for Anadarko, Jim Raney, wanted to have a set of eyes from outside the industry look over the approach to risk management being used by his team for this activity. Anadarko entered into a Space Act Agreement with NASA in November 2014, enabling NASA to engage and participate in the project.
Anadarko introduced NASA to the unique layout of bowtie charts (an integration of fault trees and event trees), to the barrier analysis approach, etc. Our eventual assessment back to Anadarko was that all their risk-management techniques were qualitative and, while excellently executed, might not capture low-probability, high-consequence events. NASA explained its use of quantitative PRA modeling to capture these types of events.
Anadarko was open-minded to the possibility that PRA might provide insights not otherwise available through their more traditional qualitative risk-management techniques. Since the project would require a blowout preventer (BOP) with a rated working pressure up to 20,000 psi, Anadarko asked NASA to prepare a PRA for a generic 20,000-psi BOP. The work began in October 2015.
The development of the BOP PRA was a true partnership; Anadarko provided world-class expertise on the design and operations of BOPs, and NASA provided world-class modelers and data analysts. The results of the BOP PRA model were presented to Anadarko management on 28 July 2016. A final report was delivered at the end of August.
While it is not my place to discuss any facet of the work that NASA did in partnership with Anadarko, I am able to state that Anadarko followed up the BOP work by asking NASA to perform a PRA of the dynamic positioning system being considered for the Shenandoah development. The PRA for that began in June and is ongoing.
NASA is just beginning to work with BSEE and the oil and gas industry. Our hope is that the benefits of a quantitative assessment of risk will both complement the industry’s current approach to risk management as well as help with risk-informed decision making. It has worked for NASA in the exploration of space. Could it also work for offshore deepwater drilling and production operations?
