Systems engineers routinely treat all systems as if the principles used to design systems are created and applied by human designers. But the principles of systems design are derived from the way systems function in the natural world. This is most sharply illustrated when a system design is altered to the point of brokenness and it continues to function as a system—but no longer in the ways intended by the designers. The following is a tragic example of system entities continuing to interact but without the controls designed to shape their interactions to achieve the originally intended results.
(Author’s note: At the time of the Southmountain disaster described in this post, the author was an Assistant Attorney General assigned as counsel to the Virginia Department of Mines, Minerals and Energy, with specific responsibility for the two coal-related Divisions. In that capacity, he served as counsel to the Division of Mine Safety’s investigation of the explosion. This post is based on his memory of the events recounted and his understanding of the principles involved. Any oversimplifications or mistakes in recounting the facts and mining engineering aspects are purely his and should not reflect in any way on his generous and excellent teachers in the Division.)
Shortly before sunrise on December 7, 1992, the night shift at Southmountain Coal Company Mine No. 3 near Norton, Virginia was just finishing its work. At 7:00 A.M. they would trade places with the day shift who would take over production. Nine miners were working underground with one man on the surface who took the coal from the stacker belt that conveyed it from underground, and deposited it on the stockpile outside using an end loader.
At approximately 6:15 A.M., the outside man noticed that the lights on the surface went out. Returning to the mine office building, he found that it had been partially destroyed by the force of an explosion that exited from the mine entries some 200 feet away. At about this time, one of the nine underground miners who had been cleaning coal from around the conveyor belt relatively close to the surface entrances, emerged from the mine with serious burns.
The end loader operator put the injured man in his private vehicle and set out for the hospital. On the road away from the mine they encountered the mine superintendent arriving for the day shift. The end loader operator advised him of what had occurred. The end loader operator and the injured man continued on to the hospital. In the mean-time, the dayshift crew began arriving for work, but abruptly departed when they realized what had happened and the dangerous situation at the mine.
One of them stopped a Virginia mine safety inspector passing the mine entrance and advised him that an explosion had occurred. The inspector communicated the information to the Chief of the Virginia Division of Mines and proceeded to the mine to assess the situation. He issued a closure order.
(In Virginia, mine safety laws are enforced by the Division of Mines. The Division is headed by a chief mine inspector, and the mine inspectors and a variety of technical specialists provide the on-the-ground enforcement work. Most of these dedicated public servants hold advanced training and degrees in mining or mine safety engineering in addition to having long experience in the mining industry prior to their employment with the Division. In the case of accidents involving serious injury, fatalities and/or explosions, the Division is charged with investigating the causes and making recommendations for the prevention of similar accidents. Most of the facts in this post are drawn from their exhaustive report.)
After the closure order, a rescue effort was mounted. Mine rescue teams from the area reported to the scene. At 9:00 A.M., the first team went underground and began a systematic search for the miners who were presumed alive and trapped until otherwise verified. Over a period of 6 days, the rescue teams worked tirelessly despite twice finding dangerous levels of gas necessitating their withdrawal, and twice enduring a wait while boreholes were drilled into the mine from the surface above the shafts to measure and exhaust the dangerous gasses. Finally, on the evening of December 12, the bodies of all 8 miners had been located some 6,000 feet from the mine opening and were brought to the surface by the teams.
(Note: Mine rescue teams consist of highly trained, experienced miners whose courage and commitment to their community are of the highest order. Although they were highly frustrated when they were forced to surface before completing their task, they never flinched at returning to their dangerous search. It was a privilege and inspiration just to watch them work.)
With the recovery completed, the scene was secured, and the investigation began. It was conducted by a joint Virginia Division of Mines and federal Mine Safety and Health Administration team.
Underground coal mining is a heavy and dangerous industry. The intricate engineering involved is frequently surprising to the uninitiated. Every coal mine is a complex system in the highest sense of that term. It is designed to be as safe as it can be in an inherently dangerous environment. From extraction plans to ventilation to equipment, the design is worked out to produce coal from seams buried deep beneath the surface and to do so in ways that are both safe and efficient.
In classic underground coal extraction (known as “room and pillar” mining) such as was done at the Southmountain Mine, the coal is removed from a seam (layer) by removing the coal from between the rock layers above and below the seam. The result is a series of tunnels made by removing coal which are only as tall as the seam is thick.
The tunnels are arranged in a grid with the passages running with the direction of the mining known as “entries,” and the tunnels running crosswise known as “crosscuts.” This system is extended along the entries into the mine until mining halts due to some constraint, e.g., the mineral rights boundary is reached. This is known as advance mining.
Most of the weight of the rock on top of the coal seam is supported by the system of pillars. The rock around coal seams tends to be composed of a number of relatively thin layers. These are bolted or “pinned” together with roof bolts drilled into the roof or “top” to bind the rock into a more stable span between the pillars. The size of the pillars and the spacing of the roof bolts are carefully engineered based on the composition of the mine roof. This is specified in the mine’s roof control plan.
The mine is ventilated using large, powerful fans. At Southmountain, the fan was designed to exhaust air from the entry on one side of the mine entrances at the surface and draw air into the mine on the other side. The air was conveyed into the mine by creating an airway down those entries to the working area by hanging curtains or building “stoppings” between the pillars along the way to create a tunnel for the air. Another “tunnel” on the other side conveyed the exhaust air back out to the fan. The ventilation was designed to pull the air across the working face to bring fresh, outside air into the mine and carry exhaust fumes or gases back out to the outside.
Once advance mining is halted, additional coal can be extracted through a process called retreat mining. The retreat mining system used at Southmountain was a “5-cut” plan. Beginning at the limit of the advance mining, the miners cut into the sides of adjacent pillars in the order shown in FIG 3. The coal removed in these cuts weakens the pillars. This is carefully engineered to allow the weakened pillars to still support the mine roof long enough for retreat mining to take the crew a safe distance away before the pillars collapse and allow the roof to fall in.
One of the problems contributing to the Southmountain explosion was that the mining crews were taking six cuts instead of the planned five from each pillar. This alteration of the plan was done to increase production, but it weakened the pillars to an unplanned degree and allowed the roof to cave in more quickly and closer to the crews at work.
All of the cutting and removal of coal creates a good deal of dust. Coal dust coats everything and creates a safety problem. When it is stirred up into suspension in the air it can be ignited into an explosion. This is controlled by using ventilation systems to pull any dust in the air away from the work areas and potential sources of ignition (electrical short circuits, cutters striking rocks etc.) and by spreading inert rock dust to keep down the coal dust.
As the investigation revealed, a number of problems coalesced at Southmountain to create the deadly explosion. The retreat mining violated the 5-cut plan authorized for the mine, putting the crews closer to the collapsing roof. The roof collapse in this mine exposed a thin “rider” seam running 7 to 39 feet above the main seam being mined. Such seams are “gassy,” meaning that they contain pockets of methane gas which, in the right concentrations, is highly flammable and easily ignited. The Kelly rider seam at Southmountain was just such a gassy seam. This violation of the design put the explosive gas closer to the crew’s work area than was safe.
The mining operation had not been properly constructing and maintaining the ventilation system as they went. Nor were they spreading the inert rock dust in a way that would suppress the coal dust. These violations of their ventilation plan meant that the excess methane gas mixed with the coal dust in the air and was not conveyed away from the working areas as it should have been. All that was needed was an ignition source.
The investigation involved a number of interesting and ingenious techniques. One of the most significant of those turned out to be the work of the flames and forces team in pinpointing an ignition source. As the investigators explained, the methane, when ignited, causes the coal dust to explode, putting even more coal dust into suspension and exploding it as well. This explosion then propagates itself, feeding on the dust cloud formed in front of it. This creates a “rolling” explosion that forms a wall of flame approximately 50 feet deep which moves out of the mine toward fresh air at a velocity approaching the speed of sound. This wall of fire pushed air and dust and objects ahead of it, destroying and burning its way out of the mine.
That was the force that burst out of the mine mouth and destroyed the outside electrical system and office building, scattering belongings and debris up to 800 feet away. As it passed over the crew, it killed them instantly, sparing only the man working the belt near the surface. He escaped with his life, but was seriously burned. Hit by the speeding wall of flame, he staggered to the mine entrance and out into the early morning light, where he was found by the end loader operator.
By examining the interior of the mine, the flames and forces team was able to see where the wall of flame had passed by stationary objects in the mine (support timbers, roof bolt heads hanging down, etc.). As the flames sped by, they contacted one side of each object, turning the coal dust present on those surfaces to a sticky black residue called “coke.” This left the side facing the oncoming flames sticky while the shielded side facing away remained dusty. By locating and marking each object on the mine map with an arrow pointing from the dusty side toward the sticky side, the team was able to amass a collection of arrows leading back to the original ignition point of the explosion. A careful search of the indicated area turned up a partially melted butane lighter.
The mine had been engineered to provide adequate ventilation to remove noxious gases and dust. It was designed to support the roof long enough to allow coal extraction to the permitted level in relative safety. Any exposure of the rider seam would have taken place far enough away from the crews to not pose an unreasonable threat. Coal dust was to be controlled with the application of inert rock dust. Smoking materials were forbidden underground. Mining is dangerous in any case, but the system design was calculated to manage the risks to an acceptable level. The system as designed was reasonably safe.
The system as operated was obviously unsafe. The mine operators failed to control the ventilation system. They violated the extraction and roof control portions of their mine plan, causing unplanned roof collapses in the proximity of the mine crew. Someone took a prohibited ignition device underground. The result of these alterations to the system design caused the system to manifest an emergent explosion that cost eight men their lives. Altered ventilation, roof control, and dust suppression worked together with a careless ignition to take the very lives the system was originally designed to protect.