[SystemSafety] Approaching Cape Town

Les Chambers les at chambers.com.au
Fri Apr 7 01:09:53 CEST 2017


Brian

I think your point is valid. Lisa Blair is taking on what could be called a
luxury risk. But there is much we can learn from this, not the least of
which is that Lisa is a member of the human race which has a penchant for
seeking out danger and taking risks. In the sanitised world we live in there
will always be a subset of human beings who want to chance their arm not
because they have to but because they can. It is often the job of safety
engineers to moderate their behaviour. But before you decide to put in the
effort (and take the career risks) you need to recognise/classify what
you've got, someone who is sailing just a little to close to the edge? Or a
complete nutter who wants to swan dive over it.

 

The good news is that, in pursuing and Antarctica circumnavigation record
Lisa has done us all a favour. She came back online last night and gave a
detailed account of her dismasting and how she dealt with it.
(https://lisablairsailstheworld.com/) You almost never get such detail of a
life threatening safety incident - literally as it happened. She recorded
not only what she did but also her mental state at the time, working through
the second worst case scenario that can happen to a sailor - made even more
dangerous by nine metre waves, 30 to 40 knot winds and temperatures below
five degrees centigrade. This information is gold to any sailor but is also
required reading for all functional safety engineers, given that a modern
yacht fitted out for solo sailing is a complex system of systems.

In Lisa's case she had a single point of failure, a swage fitting on the
port shroud. (see http://www.apsltd.com/rigging-wire-assemblies for graphic)
A critical piece of rigging that holds the mast in place and comes under
huge stress when a boat is hit by gusts or knocked down.

When a mast comes down the first job is to get rid of it before it holes
your hull and sinks you. Luckily she had a clean break but the mast was
still attached to the boat by its rigging, soaring backwards and forwards
where the deck meets the hull. She had a pair of bolt cutters but they were
not fit for purpose. The wire diameter of the rigging on a 50 footer
defeated her. She was then reduced to pulling out split pins with long nosed
pliers, some of the time balanced on a bow spirit in nine metre waves.

Lesson 1: don't go to sea without an appliance capable of severing all
ringing and mast if need be. I've seen some boats carry petrol motor powered
angle grinders. I favour welding gear.

After some hours of work she got rid of the mast and managed to salvage the
boom so she may be able to raise a jury rig.

To her eternal credit she kept a cool head throughout her ordeal. This was
my major take-away from this incident. That kind of cool is only gained
through years of dealing with bad outcomes in stressful situations. No
engineer who has spent a life sitting at a desk would be capable of dealing
with an emergency of this magnitude, let alone imagining the mental state of
someone caught in the crosshairs by cruel fate - and most importantly
designing a system that deals effectively with the situation. 

On my Atlantic crossing we were hit by a severe squall. 50 knot winds seemed
to hit us from all directions at once and the rain was so heavy it flattened
the ocean turning it into a foreboding pinging grey. We lost control of the
boat. The skipper (a veteran of eight Atlantic crossings) came on deck, lit
a flag in the horrendous downpour, sorted us out in five minutes then went
back to bed. Experience counts for a lot.

Abstracting all this and projecting it onto driverless cars we see many
players (eg Ford) ditching level III automation where the driver must take
control when the automaton can't handle the situation, sometimes at high
speed. Some have compared it to tossing a Rubik's cube at someone who is
half asleep and unfamiliar with the puzzle and giving them a second to solve
it. Any sailor could tell you this is a ridiculous and dangerous strategy.
Just taking over the helm of a 50 footer on a black night healed over in a
30 knot wind requires practice and discipline. My watch observed that if a
helmsman was to make an error it would usually occur in his first five
minutes on the helm. You are usually half asleep and there is also the shock
of transitioning from being just present on deck to total responsibility for
the boat. So we developed a mentoring discipline. The previous helmsman,
familiar with the conditions on the night, stayed close and whispered hints
in the new helmsman's ear. 

All in all my 18 days on the Atlantic could be called luxury risk but it did
teach me a lot about myself and caused me to reflect at length on the human
condition as it relates to safety critical systems engineering. I continue
to write up the experience and will publish at some point on my blog.

 

Most importantly given that we may not see something as true and as detailed
as Lisa's account for some time I highly recommend it.

OBTW - she still motoring north for Cape Town at five knots and has arranged
to pick up some fuel from another vessel. So she is going to make it and
we'll hear more.

 

Cheers

Les

 

From: Smith, Brian E. (ARC-TH) [mailto:brian.e.smith at nasa.gov] 
Sent: Friday, April 7, 2017 5:16 AM
To: Les Chambers; 'Peter Bernard Ladkin';
systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Approaching Cape Town

 

Even airlines have different appetites for the acceptance of risk.  Case in
point


 

Chambéry Airport or Chambéry-Savoie Airport, also known as Chambéry
Aix-les-Bains Airport, is a small international airport near Chambéry, a
commune in Savoie, France.  Commercial activities started at the airport in
1960.  Next to Le Bourget Lake and surrounded by mountainous terrain, the
airport is in a perfect location for aviation enthusiasts.

 

Because Airline A had a large population of pilots, as a group they had
difficulty in maintaining currency and familiarity with the challenging
nature of the approach to that airfield.  Airline A decided to cease
operations there.

 

In contrast, Airline B was a small operator with a limited number of pilots.
These pilots had much more frequent exposure to the conditions around
Chambray including terrain and local orographic winds.  They opted to begin
serving this challenging airport and accepted the risk in hopes of a market
reward.

 

For both airlines the hazards were the same, but as Les indicates their risk
tolerances were not equal.  This little piece addresses it from the
perspective of discretionary risk in recreational activities: 

 

All
<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUKEw
jug7r1nJDTAhWE1CYKHUfiAf4QFggjMAE&url=https%3A%2F%2Fbassamsalem.com%2F2013%2
F07%2F16%2Fon-risk%2F&usg=AFQjCNFBZe_uc-u3a5wGHSdxavGrbnE4eQ&sig2=XdXjhgh1ol
t5Iq3fTSQYXw>  Risk Is Not Created Equal | Against the Herd

 

As the article says, discretionary risk-taking is something "that we choose
to do.  However, unlike a calculated risk that we’re taking in the hopes of
a clear upside, this sort of risk typically has little quantifiable upside
and only subjective, lifestyle-related benefits.  The downside, on the other
hand, may be quite quantifiable.”

 

"Over the past decade or two, extreme sports have become a cultural
phenomenon with everything from mixed-martial arts to downhill
mountain-biking to extreme rock climbing.  They all involve tremendous risk
of bodily injury and, frequently, death.  However, we take on this risk on a
regular basis for the thrill and exhilaration of the experience.  Strangely
enough, while we might take the risk on ourselves, we’d frequently advise
our own children against it (a sure sign it’s a risk of luxury :-)).  Should
we take on such risk?  Some of this lifestyle risk is necessary to bring
excitement to life, but the line between a reasonable and an excessive
amount of luxury risk is a gray one.  And, I must admit, the older I get,
the less-inclined I am to take on such risk when I have so much of the other
two types I’m already taking on :-).  At the very least, we should not make
the mistake of confusing the types of risk with one another: taking on
luxury risk under the guise of calculated risk is a recipe for disaster.”

 

Because of the wonderful weather we enjoy here in California, I still
proudly ride my ‘risky’ motorcycle almost daily, but I do follow this
philosophy


 

Never let an airplane or a motorcycle take you somewhere your brain [or your
eyes] didn't go five seconds earlier.

 

Comments?

 

Brian

 

On 4/5/17, 3:31 PM, "systemsafety on behalf of Les Chambers"
<systemsafety-bounces at lists.techfak.uni-bielefeld.de on behalf of
les at chambers.com.au> wrote:

 

Peter

Off topic? Are you sure?

 

The sailing community formed the backdrop for the paper I delivered at the

Safety Critical Systems Club conference in Bristol, 2015. The topic was risk

tolerance. My sense was that it was well received. There is therefore a high

probability that at least 200 functional safety professionals disagree with

you.

The thrust of the paper was that risk tolerance varies by community of

interest. It is particularly high in communities such as bluewater sailing

and aircraft carrier operations. Risk tolerance is a key determinant of the

classical ALARP. Factors that determine and justify risk tolerance are

therefore worthy of study. Projecting these concepts onto our everyday

experience we see entrepreneurs with risk tolerances approaching that of the

bluewater sailor. The difference is that they are risking our lives not

theirs. Hence my cautionary note in a previous post that we should think

this through before climbing into one of their driverless cars. With Lisa

Blair we have an opportunity to study it in real time as a major safety

incident unfolds. For this reason I would hope that every nose on this list

is glued to Lisa's blog.

Remember the risk management process?

Phase 1: We assess risk, phase 2: we erect barriers to prevent risk

transforming into incidents, Phase 3: should incidents occur we make plans

to reduce the severity of the outcome, Phase 4: when incidents do occur we

carry out our plans.

In 40 years of advocacy for spending money on safety I have found stories

such as this valuable in convincing those who allocate capital to loosen

their purse strings. I've also found that people at the coalface who operate

critical systems prefer to be instructed through stories. They detest and

despise equations Peter. 

 

Lisa Blair is currently in risk management phase 4. A Facebook video you can

access through her blog indicates she's got everything under control, gently

motoring north to Cape Town in what looks like calm seas. I encourage

everyone to stay tuned.

 

Cheers

Les

 

-----Original Message-----

From: systemsafety

[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of

Peter Bernard Ladkin

Sent: Wednesday, April 5, 2017 11:49 AM

To: systemsafety at lists.techfak.uni-bielefeld.de

Subject: Re: [SystemSafety] Approaching Cape Town

 

Les,

 

On 2017-04-05 01:38 , Les Chambers wrote:

An update on Lisa Blair.

.....

Lisa's blog has stopped. I guess she's fully occupied at the moment. There

will be more news though.

Stay tuned.

 

While this is an important and interesting general story, it is manifestly

off topic. So, please, let's drop it.

 

PBL

 

Prof. i.R. Peter Bernard Ladkin, Bielefeld, Germany MoreInCommon Je suis

Charlie

Tel+msg +49 (0)521 880 7319  www.rvs-bi.de

 

 

 

 

 

 

 

_______________________________________________

The System Safety Mailing List

systemsafety at TechFak.Uni-Bielefeld.DE

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20170407/b5aefc82/attachment-0001.html>


More information about the systemsafety mailing list