Skip to content

The Two Second Rule

October 15, 2013

two second rule

Our post two weeks ago was on the topic of Black Swans and Bow Ties. The basic theme was that:

  1. Unexpected bad events (black swans) are going to happen, no matter how good our safety management systems may be, and
  2. We should therefore pay more attention to the right-hand side of our bow tie diagrams.

The post generated many useful and thoughtful discussions, particularly at various LinkedIn groups.

Black Swan

Nicholas Taleb

My interest in the Black Swan concept came about because at the time the Deepwater Horizon/Macondo (DWH) fire and blowout occurred (April 2010) I happened to be reading Nicholas Taleb’s fascinating book The Black Swan. A few days after DWH Tony Hayward, CEO of BP at the time, stated that the event was a black swan. I concluded that Mr. Hayward was correct, but the event was not bad luck, as seemed to be implied by his remark.

Regardless of the terminology that is used we must accept that unexpected catastrophic events can happen and so it is necessary to have systems in place to respond effectively to them — whatever their cause. On one of the first HAZOPs I lead the team raised the scenario, “Airplane crashes into the facility”. We were not near an airport so this scenario received just a few seconds of discussion — and rightly so. But a very legitimate discussion would be, “Do we have the response systems to handle a major event such as an airplane crash?”

Capping Stack - Macondo

Capping Stack

In the case of DWH the offshore oil and gas industry immediately knew what to do: drill a relief well. While the relief well was being drilled various intermediate responses such as “Top Hat” and “Junk Shot” were tried with varying degrees of effectiveness. But the long-term solution was never in doubt.

This knowledge as to what needs to be done right away seems to be in contrast to what is taking place at the Fukushima-Daiichi (FD) power plant. This event started two and a half years ago but we seem to be no nearer a long-term solution. Indeed, in recent days there has been more bad news. Radioactive water continues to leak into the ocean, at least one worker has been exposed to high levels of radiation and the decision to remove the fuel rods from Reactor #4 seems to be fraught with risk.

And new black swans may be hatching. The following is from Reuters (October 7th 2013).

The operator of Japan’s crippled Fukushima nuclear plant said on Monday that pumps used to inject water to cool damaged reactors were hit by a power failure, but a backup system kicked in immediately. The Nuclear Regulation Authority said a worker conducting system inspections mistakenly pushed a button turning off power to some of the systems in the four reactor buildings . . .

. . . Earlier this year, Tepco lost power to cool spent uranium fuel rods at the Fukushima Daiichi plant after a rat tripped an electrical wire.

At first glance the DWH and FD events appear to possess strong similarities. In particular both were a surprise. However, there is one major difference. As already noted, within seconds of the DWH blowout everyone knew what the ultimate solution was going to be. By contrast, there does not appear to be a clearly defined long-term solution to the FD situation. It may be that there are Japanese language reports that provide more information, but, to outsiders, it appears as if the authorities and engineers are improvising solutions as they go along.

These thoughts put me in mind of the Two Second Rule – widely used in drivers’ education. The basic idea is simple: stay two seconds behind the vehicle that you are following to ensure sufficient stopping distance. But there is another type of Two Second Rule: for any industrial situation know what the worst case scenario is and be able to implement an effective solution “within two seconds”.



Early in my career I worked on a chemical plant that manufactured polystyrene. An intermediate reactor contained a viscous prepolymer that was mixed with a slowly turning ribbon stirrer. There was a possibility that we could lose control of the reaction and that the prepolymer would form polystyrene, thus creating a “lollipop” around the stirrer. If this happened we had to remove the lollipop by lifting it from the reactor, transport it to waste ground and blow the polystyrene off the ribbon with dynamite. This response posed some obvious safety and environmental hazards.

But, if the reaction showed signs of running away, all we had to do was add elemental sulfur. This would kill the reaction and allow us to drain the prepolymer in a controlled manner. It was an expensive decision but it did not require fresh thinking. Our Two Second Rule was clearly defined.

Piper AlphaThe same two second concept can be seen with respect to the Piper Alpha disaster. The inventory of oil and gas on a production platform such as Piper is quite low; in the event of a major fire the hydrocarbons are blown down to flare and the fire should die down within 20 minutes or less. But Piper burned for hours, the reason being that other platforms kept feeding condensate and gas to Piper (which was a hub). The Two Second Rule here (which was not followed) is: in the event of a major fire on a production platform close the subsea riser valves.

In these three examples the two second rules are:

  • DWH: Drill a relief well
  • Polystyrene reactor: Add sulfur
  • Offshore Production Platform: Close the subsea riser valves

Each of the above statements, which average less than four words per event, constitute the heart of the right hand side of the respective bow tie.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: