4. Accidents: Normal?

1. Understanding big accidents

2. NASA's failing grade

3. The blame game

4. Accidents: Normal?

5. Holey-headed reactor

The Airbus A-380 is the world's largest airliner, capable of sardining 656 passengers. Smart investigations of air crashes get credit for the high reliability of air travel. Photo: U.S. Centennial of Flight Commission

Is anything perfectly safe?

"Normal" accidents?
Two decades ago, Yale sociologist Charles Perrow published a book describing strange accidents in complex systems (see "Normal Accidents..." in the bibliography). Despite the name, "normal accidents" does not imply that accidents are normal, but that they are inevitable in certain kinds of systems.

"I was trying to say that even if we tried very hard," Perrow told us, "and did everything that was possible, had the best talent and so on, some kinds of systems are bound to fail if they are interactively complex, so errors interact with each other in unexpected ways, if they were tightly coupled, so we could not slow them down or shut them off."

Giant passenger plane soars across blue sky.

In these terms, Perrow says, the Columbia burn-up was not "normal," since it started when NASA ignored a known hazard. When the cause of the blackout of 2003 is finally unraveled, it may prove to be a normal accident-where multiple unexpected conditions interact in a system with tight limits and little spare capacity.

A typical "normal accident," says Perrow, a retired professor of sociology from Yale University, caused Patriot missiles defenses to miss Scuds during the first Gulf War. The Patriot batteries were not designed to run for long periods nonstop, Perrow says, and a normally tolerable rounding error in calculations used to track the target added up.

Although the operators had received a software patch, they were unwilling to restart the missile while under threat of attack. "They did not know what the patch was for," Perrow explains. "It did not say, 'If you are running for a long time, you will get a miscalculation.'" The normal accident began, he says, when the Patriot was "used in a way it was not quite designed for," and it continued when the attempted repair was misunderstood.

Measuring risk
If accidents are always lurking, how to analyze risk and decide which are acceptable? The process involves three decisions, says William Freudenburg of the University of California at Santa Barbara:

The science -- how safe is it? What is the probability of an accident?

The values - is that safe enough? Here, scientists have no particular advantage over other citizens, Freudenburg contends.

The blind spots - what have we overlooked? Here, he says, scientists may be even worse off than the public, because they tend to focus. "The time you spend focusing on one question is time you are not spending on other questions that may also be important," Freudenburg says. "A way of seeing is also a way of not seeing."

Even the first, relatively straightforward step in this process can be problematic. Take the giant oil tanker Exxon Valdez, which ran aground in 1989, spilling 37,000 tons of oil into Prince William Sound, Alaska. The situation seemed safe, says Freudenburg. "This was not some Liberian rustbucket, it was the largest, newest, best-equipped tanker, owned by what was then one of the largest corporations in history, and it ran straight into a rock that been on the navigation charts for 200-plus years... with a red light flashing on top of it. If you had asked me, what is the probability of this happening, I don't think I could have come up with a number that low."

Culture clash
Engineers are cautious sorts, trained to expect things to go wrong. (After all, if you Google "Murphy's Law," you'll come across websites like this. The websites all seem to claim Murphy coined it in different locations - but Murphy was always an engineer...)

At any rate, we asked Henry Petroski, a professor of civil engineering at Duke University who writes widely about design, whether a complex system can ever be made fail-safe. "It can be to very high degree," he told us, "but I like to think that real engineers never say 'never.'" And while details on the blackout are not yet available, he says, "Nothing that is designed, made, or built is perfect, so to expect that there are never going to be blackouts is to expect more of technology than is reasonable."

But Petroski suggests looking at the bright side. Accidents produce understanding. "Things are always made with imperfect knowledge," he says. The steam engine, for example, was invented long before scientists could explain it by the yet-unknown laws of thermodynamics. "In some cases," Petroski says, "there is simply not the knowledge to anticipate what will happen when something is made."

100% Assurance (with line through it) This process, of course, is called trial and error. And while errors can be costly, examining them has lead to such highly reliable systems as air transportation.

But while astronauts, like people who use elevators, might wish for fail-safe technology, 100-percent assurance may not always be desirable, says Petroski, author of a book on design called "Small Things Considered" (see bibliography). "Some say if there never are any failures, the resources of society are not necessarily being fairly apportioned," because of the time and money needed to design and produce a near-perfect design. "You can wait and think about it forever, and never get the thing out the door, and it would cost you a lot of money."

A fail-safe technology is not likely, says Johnson. "Technology," after all, is a fancy term for "stuff made by humans." And that's the key, he says: "If there are flaws, imperfections, how could those be otherwise than the flaws of their creators?"

One place you don't want a flaw is in a nuclear power plant.

back

more

There are 1 2 3 4 5 pages in this feature.
Bibliography | Credits | Feedback | Search

©2003, University of Wisconsin, Board of Regents.