Incident: Warehouse Fire Caused by Electrical Fault in Ocado's Robot.

Published Date: 2019-04-29

Postmortem Analysis
Timeline 1. The software failure incident at Ocado's flagship distribution center in Andover, southern England, was caused by an electrical fault in a battery that prompted a robot to catch fire [83945]. 2. The article was published on 2019-04-29. 3. Estimation: The incident likely occurred around April 2019.
System 1. Battery charging unit at the edge of the ambient storage grid 2. Plastic lid on the top of a grocery-carrying robot 3. Ambient product storage grid without heat sensors [Cited from Article 83945]
Responsible Organization 1. An electrical fault in a battery at the edge of the ambient storage grid caused the software failure incident at Ocado's flagship distribution center in Andover, southern England [Article 83945].
Impacted Organization 1. Ocado - The software failure incident, caused by an electrical fault in a battery that prompted a robot to catch fire, impacted the British online grocer Ocado as it led to the destruction of its flagship distribution center in Andover, southern England [Article 83945].
Software Causes unknown
Non-software Causes 1. The failure incident was caused by an electrical fault in a battery that prompted a robot to catch fire at the Ocado distribution center in Andover, southern England [Article 83945].
Impacts 1. The software failure incident, caused by an electrical fault in a battery that prompted a robot to catch fire at Ocado's flagship distribution center, resulted in the destruction of the distribution center in Andover, southern England [Article 83945].
Preventions 1. Implementing thorough testing procedures for the software controlling the battery charging units to detect and prevent potential electrical faults that could lead to fires [83945]. 2. Regular maintenance and inspection of the robotic systems to ensure all components, including the plastic lids, are in proper working condition and do not pose a fire hazard [83945]. 3. Enhancing the software monitoring capabilities to detect anomalies or overheating in the robots and trigger immediate corrective actions before a fire incident occurs [83945].
Fixes 1. Introducing additional localised smoke detectors [83945]. 2. Removing the plastic lid on the robots [83945]. 3. Adding heat sensors in the ambient product storage grid [83945].
References 1. Ocado's circular to shareholders [83945]

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown The article does not mention any previous incidents of a similar nature happening again at Ocado or at other organizations. Therefore, it is unknown whether this software failure incident has happened before at one organization or multiple organizations.
Phase (Design/Operation) design <Article 83945> The software failure incident at Ocado's distribution center in Andover was caused by an electrical fault in a battery that led to a robot catching fire. This incident can be attributed to a design failure as it was a result of an issue with the battery charging unit and the design of the grocery-carrying robot, which prompted the plastic lid to catch alight. The company took remedial actions to address the design flaw, such as adding additional localised smoke detectors, removing the plastic lid on the robots, and incorporating heat sensors in the storage grid [83945].
Boundary (Internal/External) within_system The software failure incident at Ocado's distribution center in Andover was caused by an electrical fault in a battery that led to a robot catching fire [83945]. This incident can be categorized as within_system, as the failure originated from within the system itself, specifically from the battery charging unit and the robot within the distribution center.
Nature (Human/Non-human) non-human_actions The software failure incident at Ocado's distribution center in Andover was caused by an electrical fault in a battery that prompted a robot to catch fire. This incident can be categorized as a non-human_actions failure, as it was due to an issue with the battery charging unit and the plastic lid on the grocery-carrying robot, rather than human actions [Article 83945].
Dimension (Hardware/Software) hardware The software failure incident at Ocado's distribution center in Andover was caused by an electrical fault in a battery that led to a robot catching fire. This incident was attributed to hardware failure, specifically an electrical fault in a battery charging unit [Article 83945].
Objective (Malicious/Non-malicious) non-malicious The software failure incident at Ocado's distribution center in Andover, England, was non-malicious. The incident was caused by an electrical fault in a battery that led to a robot catching fire, as reported in Article 83945. The company took remedial actions to prevent such events in the future, including adding additional smoke detectors, removing the plastic lid on robots, and installing heat sensors in the storage grid. These actions indicate that the failure was not intentional but rather a result of technical issues.
Intent (Poor/Accidental Decisions) accidental_decisions The software failure incident at Ocado's distribution center in Andover, southern England, was caused by an electrical fault in a battery that led to a robot catching fire [Article 83945]. This incident could be categorized under "accidental_decisions" as it was a result of an unintended electrical fault rather than poor decisions.
Capability (Incompetence/Accidental) accidental The software failure incident at Ocado's distribution center in Andover was not directly attributed to development incompetence or accidental factors in the provided article [83945]. The incident was specifically mentioned to be caused by an electrical fault in a battery that led to a robot catching fire.
Duration unknown The article does not mention any specific information related to the duration of the software failure incident. Therefore, it is unknown whether the software failure incident was permanent or temporary based on the provided article.
Behaviour other (a) crash: The software failure incident in the article was not specifically described as a crash where the system loses state and does not perform any of its intended functions [83945]. (b) omission: The incident did not involve the system omitting to perform its intended functions at an instance(s) [83945]. (c) timing: The failure was not related to the system performing its intended functions correctly but too late or too early [83945]. (d) value: The software failure incident was not attributed to the system performing its intended functions incorrectly [83945]. (e) byzantine: The article did not mention the failure as a result of the system behaving erroneously with inconsistent responses and interactions [83945]. (f) other: The behavior of the software failure incident in the article was related to an electrical fault in a battery that caused a robot to catch fire, leading to a huge blaze that destroyed the distribution center. The incident was not directly related to the software's behavior but rather to a hardware issue with the battery charging unit [83945].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence The software failure incident at Ocado's distribution center in Andover, southern England, was caused by an electrical fault in a battery that led to a robot catching fire [83945]. The consequence of this incident was primarily related to property damage as the huge blaze destroyed the flagship distribution center. The fire caused significant damage to the facility and equipment, impacting the company's operations and potentially leading to financial losses. Additionally, the incident prompted Ocado to take remedial actions to prevent such events from occurring again, indicating a theoretical consequence of potential future disruptions if similar issues were to reoccur.
Domain manufacturing The software failure incident reported in Article 83945 is related to the industry of (f) manufacturing. The incident occurred at Ocado's flagship distribution center, where a fire broke out due to an electrical fault in a battery that caused a robot to catch fire. Ocado is an online grocer, and the distribution center is crucial for the manufacturing and distribution of grocery products [83945].

Sources

Back to List