SoylentNews is people
SoylentNews
from the details-matter-even-really-little-details dept.
The root cause of the collapse of Baltimore's Francis Scott Key Bridge when hit by container ship Dali has been identified. It was the wrong placement, by a few millimeters, of the label on one wire. As usual, the National Transportation Safety Board has taken their time and done a detailed investigation--summarized in this short video
https://www.youtube.com/watch?app=desktop&v=bu7PJoxaMZg
tl;dr - the wire was not completely inserted into a terminal block, due to the wire label wrapped over the ferrule. Over time the connection became intermittent and eventually shut off power on the ship...after which it drifted into the bridge. Of course there were additional contributing problems as well.
The YT video comments include some more interesting details.
[Ed. note: For those not inclined to watch the YouTube video, the narrative summary of the video is listed in the spoiler below.]
1. The Dali electrical system distributes power and control signals throughout the vessel.
2. The control circuits contain hundreds of terminal blocks that organize thousands of wires.
3. The wires on the Dali were terminated with metal sleeves called ferrules that allowed for easier assembly into the terminal blocks.
4. Each wire was identified with a labeling band.
5. This image shows several terminal blocks on the Dali with wires connected.
6. To assemble a wire into a terminal block, a tool inserted into a side port opens a spring clamp, which allows the wire's ferrule to slide into place.
7. Removing the tool closes the spring clamp, securing the ferrule firmly against the terminal block's internal conductor bar.
8. Labeling bands identify wires and are typically positioned on the wire insulation.
9. However, many labeling bands on the Dali wires were placed partially on the ferrules, which increased the ferrules' overall circumference.
10. As a result, during vessel construction, some of the ferrules could not be fully inserted in the terminal blocks, including the ferrule on wire 1 from Terminal Block 381.
11. On that wire, the labeling band prevented full insertion of the ferrule, so the spring clamp gripped only the ferrule's tip, resulting in an inadequate connection.
12. Due to this unstable connection, over time the ferrule on wire 1 slipped out of the spring clamp to rest atop the spring clamp face, resulting in a precarious electrical connection.
13. When a gap occurred between the ferrule and the spring clamp face, the electrical circuit was interrupted, leading to a blackout on the Dali.
(Score: 2) by VLM on Tuesday December 02, @05:16PM (4 children)
Ah its worse than a fire where they'd have some control, they seem to have lost control entirely. I found this:
https://www.ntsb.gov/investigations/Documents/Board%20Summary%20Contact%20of%20Containership%20Dali%20with%20Francis%20Scott%20Key%20Bridge.pdf [ntsb.gov]
"When Wire 1 electrically disconnected, one of the high-voltage breakers
connecting the high-voltage bus to its step-down transformer—a mechanism that
lowered voltage carried from the main, high-voltage, electrical bus before transferring
it to the low-voltage bus—opened."
Ouch. They call it a breaker not a contactor (maybe a marine thing?) so I assume its a NC safety circuit that opened but who knows.
It was intermittent and they were running the breaker in manual mode not automatic so someone had to turn it on by hand, which "makes sense" for a safety shut down switch, I guess, although the report ripped on them for having an emergency shutdown switch (assuming thats what it was)
So the HV breaker was feeding a LV transformer causing a LV blackout, the LV was powering the main engine coolant pump and the steering gear coolant (hydraulic cooler?)
The engine had an automatic shutdown when the coolant flow was interrupted.
They were running the generators fuel supply using a maintenance cleaning pump instead of the main and backup fuel pumps (why?) so maint is not safety critical so they had precisely zero fuel pumps available. I guess if you have a triply redundant system some dumbass will try to run everything off the third backup until it fails too.
It was their third blackout in a couple days and they're just like "oh well what could possibly happen?" FAFO and they hit a bridge.
They had a separate backup generator that wouldn't start because some damper was moving too slowly for the firmware to be happy so it shut down.
"Mostly" the piles of safety equipment caused the accident. If they had no emergency electrical shutdown, sure they'd electrocute people and have fires once in a while, but the power would be on. If the engine didn't auto-shutdown when it got toasty, they'd occasionally burn out engines but at least they'd have power. If they didn't have triple redundant fuel systems they wouldn't do something dumbass like not maintain it at all until all three failed at once. If they didn't have a backup generator that worried too much about stuck cooling damper doors, they'd have power.
(Score: 2) by VLM on Tuesday December 02, @08:00PM
I read between the lines some more and I think maybe they linked the circuit breakers for the HV and LV sides of the transformer. So, if either side pops, they both pop. But then they both should have popped. Hmm.
This would make sense because if they popped the HV side and powered up the LV off a plain old generator, then there would be out of phase HV power on both sides of the HV circuit breaker. Probably makes sense to "de-energize the entire transformer" rather than just one winding. Less exciting that way.
More data will be released sooner or later, probably.
(Score: 2) by JoeMerchant on Tuesday December 02, @08:04PM (2 children)
>They were running the generators fuel supply using a maintenance cleaning pump instead of the main and backup fuel pumps (why?)
That's the ingenuity the owners pay them for. Can you make it through next year before submitting any new parts orders? If you do there's a 5% bonus in your paycheck!
> I guess if you have a triply redundant system some dumbass will try to run everything off the third backup until it fails too.
This is why aircraft get annual inspections. Ships above a certain size should, also, but do not AFAIK. Were I harbormaster somewhere with a big fancy commuter bridge over the channel, I do believe I would require safety inspections before letting those scows in my harbor, but then they'd probably replace me with a more "business friendly" harbor master pretty quick.
> they'd occasionally burn out engines but at least they'd have power.
At least until the engine burns out. That one I get. What I don't get is allowing these things entry to ports with no seaworthiness checks whatsoever. The Dali can displace 149,000 tons (according to some sources) and cruise at 22 knots, that's 9.5x10^9 Joules of kinetic energy. If a Kh-47M2 Kinzhal 4300kg hypersonic missile manages to strike at Mach 10 (as I understand things they don't always hit at maximum speed), that's only 2.3x10^10 Joules of kinetic energy - equivalent to 5 tons of TNT - so the ship ramming out of control is only equivalent to 2 tons of TNT so it's "safe enough?"
>If they didn't have triple redundant fuel systems they wouldn't do something dumbass like not maintain it at all until all three failed at once.
As captain of a vessel with more destructive potential than a Mach 6 hypersonic missile, I wouldn't be leaving port without redundant fuel systems operational. That's like driving your car down the freeway with no brakes and a steering linkage that can let go at any moment.
>If they didn't have a backup generator that worried too much about stuck cooling damper doors, they'd have power.
By the time you've MacGyver'ed it that far, you already should be stopped waiting for proper repairs.
🌻🌻🌻 [google.com]
(Score: 2) by VLM on Tuesday December 02, @08:38PM (1 child)
I was thinking about that while eating lunch and I bet steering works at idle. Sure it'll burn out / boil over / warp the heads at full throttle but dropping to idle instead of shutting off altogether might be a safer response to overheating.
Might be a situation where the engine manufacturers guarantee is at financial risk unless the electronics shuts down the engine, vs the risk of knocking over a $5B bridge taking 6 years to replace.
That is also an amazing part of the story, inflation adjusted they built the first bridge for $0.5B equivalent half a century ago, and the replacement is supposed to cost $5B inflation adjusted now. Ten times the cost. Well maybe it'll be ten times as strong, who knows.
(Score: 2) by JoeMerchant on Tuesday December 02, @08:59PM
> Ten times the cost. Well maybe it'll be ten times as strong, who knows.
It'll probably have more effective bumpers against future accidents. That's one thing they did for the Sunshine Skyway after it got clipped.
🌻🌻🌻 [google.com]