interesting reading indeed.

I have worked SCADA systems as mentioned in the report before going
into teaching.  They are useful monitors, but we regularly used to
have problems with them.  We used a SCADA system to control soup
cooking, and at least once a month found that the system would fail to
close valves completely.  This could lead to too much water entering
the soup, making it watery, allowing one flavour to mix with another
(although I quite liked the chicken and mushroom soup), or even allow
Clean In Place (CIP) chemicals to mix with product or divert straight
ot drain, rather than recycle for treatment in our effluent plant. CIP
chemicals are highly caustic, but are used because they are good at
removing fats and oils......

SCADA is designed to run and monitor the system and switch things on
and off according to set parameters, and hence is only as good as the
programming.

We used to find our biggest problem was sensor failure, which would
let the system think it was doing one thing, when because of the
failure something else was happening.  Our favourite was the water
feed pipe sensor saying the valve had closed, when it actually hadn't.
2 mins later, soup would flow over the top of the vessel.  Check the
records and it showed the valve was shut.....

We ended up having a second SCADA terminal next the Shift Manager PC,
which meant that I could keep an eye on things and notice if anything
was untoward.  Needless to say it was useless, because if you see
everything as "normal", you take no action......

I would guess that the level sensor failed, which meant that the
system continued to think that the tank was not full, and so would not
shut the valve once the critical level was reached.  With no data to
say that the level was high, fuel would continue to pump in, over
flow, explode and destroy a Vampire........ (no mention of it the
report....)

Having read this factual report on the cause of the disaster I don't
understand your last comments at all. ???
The blame game is yet to come.

I would apply this to many situations floodplains, aircraft flight path
final approach, chemical and petrochemical plants etc  what kind of moron
builds or allows houses to
be built in a situation where there is an obvious inherant danger ? ( see:
politicians)
when you know make the buggers live there.
Derek

I have just had a quick glance of the report and notice from the image
of the tanks they have manual access for dip checks. If the monitoring
system failed at the point of filling then the crew are not to blame.
But may have failed to post fuel watcher on top. Most of my time while
working with fuels in the forces. (aviation, diesel and petrol bulk
tanks was monitoring). So depending on the weather. 1. dip checks 2.
calculations. 3. manual monitoring. If the crew already knew of the
failure and nothing was done then management and company are to blame
under health and safety and gross enviroment failure. We had simular
incident in the RAF. A lad was charged and sent down for overfilling a
fuel tanker for the station aircraft.
Badger might remember this as we were stationed there. As a result a
good ammount went into the local bay. But this hilight a failure to not
doing manual monitoring.

regards an ex-refueller