Understanding big accidents
2. NASA's failing grade
3. The blame game
4. Accidents: Normal?
5. Holey-headed reactor
When people make a costly mistake, it might seem logical to remove them from a position where they can repeat that mistake. Indeed, at a Sept. 3 Senate hearing, NASA boss Sean O'Keefe said about 15 senior leaders of the shuttle program have been replaced since Columbia's crash.
But some senators wanted more blood on the carpet. According to the Los Angeles Times, Sen. Ernest Hollings, a Democrat from South Carolina, said, "Now they talk about an accident, but it was an avoidable accident. You talk about failure, but it was an avoidable failure." Hollings, the newspaper reported, said a captain of a Navy ship would be "cashiered" under similar circumstances (see "NASA Boss Rejects..." in the bibliography).
However, Stephen Johnson of the University of North Dakota argues that the Columbia crash reflects an "organization problem, not an individual failure." His perspective: he spent 13 years as a "fault protection" engineer in the aerospace industry.
"The question of whose head should roll for this is a real oversimplification," Johnson says. "Did people make mistakes? Absolutely." But the real culprit, he insists, is the system. "There were engineers who were very uncomfortable, and various pieces of information that would have allowed people to make the right decision. This is a classic case where collectively the information exists to make the right decision, but it did not get communicated to the right people."
Johnson charges that NASA subtly reversed its launch standards, which theoretically require a proof of safety before each launch. Like the decision to launch Challenger in O-ring-chilling temperatures, the refusal to photograph Columbia in orbit reflected new and dangerous attitude, Johnson says. "Nobody in NASA consciously made a decision saying, 'Prove it can't fly,' but the subtle dynamics of communication changed until it became, in effect, 'Prove to me it's a problem.'
"It's a subtle, social, psychological, cognitive thing going on within that particular bureaucratic system," Johnson says, "... that twice has lead to the same result... there were signs, signals, pieces of information that should have said loud and clear, we have a problem that should not be allowed to go on, but those got ignored, overruled."
Oddly, even though NASA's communication problems are often blamed on its military structure, some social scientists consider another military group -- U.S. Navy -- a "high-reliability organization." The secret, apparently, is to relax the stiff hierarchy at crucial times. When jets are being launched from a nuclear aircraft carrier, even a lowly deckhand can force the bosses to pay attention to dangers.
Nuclear aircraft carriers are complex and dangerous,
but they have a very low rate of accidents. Experts say that when jets are launched,
the command structure becomes flexible and communication is open.Photo: U.S.
NASA apparently lives by different rules. When some engineers requested the satellite photos, says Bier, "The higher-ups cancelled the request, apparently because it had not gone through proper channels or would be politically embarrassing to NASA rather than that there was no need for the information... That's a sign of an organization that has internal political challenges. It's troubling."
As NASA has focused its resources on the International Space Station, sharp drops in the shuttle budget probably contributed to the Columbia crash, Bier adds. "As with most organizations, senior management, I suspect, placed survival of the organization as a very high priority, and so every time Congress cut the resources, I think senior management was inclined to say, 'Okay, we can do it.' There was never an obvious point where they said, 'The cuts have gone too far, and we can't fly as safely as we want.' In that kind environment ...if people are sending problems up the chain of command but nothing happens because there are no resources to handle them, over time, they will be less likely to do that," Bier concludes.
When problems develop on power lines, corrective
action must be taken fast or a blackout can result.
of Land Management.
The echoes of Challenger in the Columbia story do not surprise William Freudenburg, a professor of environmental studies and sociology at the University of California at Santa Barbara.
Freudenburg, who says he "Spent quite lot of time, some years back, looking at organizational factors, the connection between humans and hardware in screwups," sees cycles of vigilance and inattention as a natural part of human behavior.
"Not only do individuals get lazy, sloppy, but organizations do also," he says. "They predictably run into crunch times. In a time of constraints, you protect your core functions and cut back on the peripheral ones."
No organization makes safety its highest priority, Freudenburg insists: "I call it a ' while' task: 'Our job is to get oil for America while protecting the environment,' or 'to explore space while maintaining an adequate level of safety.'"
Who would have predicted that a modern ship would run
aground on a reef that was first charted more than 200 years ago? Photo: NOAA.
The result can be an "atrophy of vigilance," which, he says, "appeared basically everywhere" in the Exxon Valdez oil spill. The Coast Guard had shut down a high-power radar that might have detected Valdez wandering into the shallows. And while the regular oil-spill drills that preceded the grounding had uncovered plenty of problems, they were downsized because, well, there had been no spills. As a result, a modern ship went aground on a reef that had been charted more than 200 years before.
Are accidents inevitable in complex systems? Normal?