When a system involves storage, control, usage and transformation of large amounts of energy, failures can have catastrophic consequences. However, ultimate failure is almost always preceded by a chain of events involving multiple factors, including system configuration, coupling behavior, interactions, unexpected feedback loops, weak links, operator errors, random events, common mode failures, and the like. In this paper, the position is taken that no matter how well a system has been designed, failure is inevitable. By thinking in terms of energy and process physics, a new tool to assist in this analysis, the Energy Expansion Tree, is employed to look for opportunities to short circuit the chain of events in such a way as to achieve relatively fail-safe behavior.