A large chemical corporation (CC) is considering constructing an insecticide plant. Local authorities,

who are part of the venture, have approved the construction and operational plans; all

considered alternatives satisfy local safety and environmental regulations. If CC decides to construct

a plant, it must choose between two different production processes. The less efficient process

uses the rare, expensive, but innocuous chemical Snowwater. The more efficient process requires

the cheaper but highly volatile and poisonous chemical, Lakethunder.

The probability of an accident at a plant using Lakethunder depends on the performance of the

plants elaborate safety system. A release of Lakethunder, should one occur, would cost CC $90M

and result in 900 deaths. The release of the poisonous gas Lakethunder may result from deliberate

sabotage or an accidental safety system malfunction.

Sabotage may be committed by insiders or outsiders. There is a probability of 2.0E-3 per year

that an insider will attempt sabotage. If an insider attempts sabotage, we assume he or she will be

successful in releasing the poisonous gas. We also assume that outsiders will attempt to sabotage

the plant one time during the year. For outsiders to successfully cause a poisonous gas release,

they must circumvent both the plant security system (probability 5.0E-3) and the safety system

controls (probability 1.0E-1).

The probability of an accidental safety system malfunction is dependent on the occurrence of a

chemical reaction (probability 2.0E-1) in the plants storage tanks.

For an accidental safety system malfunction to occur, either the cooling subsystem must fail (probability

given chemical reaction 5.5E-3 and probability given no chemical reaction 8.0E-4) or the

venting subsystem must fail. For the venting system to fail, the release valve must fail (probability

given chemical reaction 9.0E-1 and probability given no chemical reaction 6.0E-1), the alarm must

fail (probability given chemical reaction 5.0E-1 and probability given no chemical reaction 1.2E-1),

the operator must err (probability given chemical reaction 8.0E-1 and probability given no chemical reaction 7.5E-1), and the scrubber must fail. The scrubber can fail either by being clogged

(probability given chemical reaction 3.2E-2 and probability given no chemical reaction 8.0E-2) or

by leaking (probability given chemical reaction 1.0E-4 and probability given no chemical reaction

3.0E-5).

(1) Draw a functional block diagram for the operations of the Lakethunder plant that would prevent

an accidental safety system malfunction. You do not need to include sabotage or the security system

in the functional block diagram. Remember that a functional block diagram represents what needs

to operate in order for the system to function correctly.

(2) Draw a fault tree that includes the elements (both physical components and people) that would

lead to a chemical release of the gas Lakethunder. The fault tree should include both the accidental

safety system malfunction and sabotage (both insiders and outsiders).

(3) Find the minimal cut sets for the failure modes leading to a chemical release of Lakethunder.

(4) Calculate the probability of a chemical release.

(5) Assume that CC decides to construct the plant that uses Lakethunder. CC has budgeted

$100,000 to prevent sabotage. Should it be spent to reduce the probability of

1. insider sabotage from 2.0E-3 to 2.0E-4,

2. an outsider circumventing plant security from 5.0E-3 to 5.0E-4, or

3. an outsider circumventing the safety system controls from 1.0E-1 to 1.0E-3?

Assume the cost of implementing each option is $100,000. Explain your answer.

(6) Now assume that outsiders will attempt to sabotage the plant a second time during the year if

they are unsuccessful the first time. Because they learn about the plants security during their first

attempt, the probability that the outsiders circumvent the plant security increases to 5.0E-2. The

probability they circumvent the safety system controls increases to 2.0E-1. Calculate the annual

probability of a chemical release. Assume the mitigation activities discussed in part 5 have not

been implemented.