Is poor software design/testing the REAL cause of the USS McCain crash?

A 19-year Navy veteran, Sanchez had watched as technicians replaced the ship’s traditional steering controls a year earlier with the new navigation system. Almost from the start, it caused him headaches. The system constantly indicated problems with steering. They were mostly false alarms, quickly fixed, but by March 2017, Sanchez’s engineers were calling the system “unstable,” with “multiple and cascading failures regularly.”

 

In the early hours of Aug. 21, 2017, the McCain was 20 miles from Singapore, navigating one of the world’s busiest shipping lanes… the McCain collided violently with a 30,000-ton Liberian-flagged oil tanker. Ten Navy sailors were killed and scores more were injured. It was the Navy’s worst accident at sea in 40 years…

 

The NTSB put it plainly: “The design of the John S McCain’s touch-screen steering and thrust control system,” the board found, “increased the likelihood of the operator errors that led to the collision.”

That was an excellent long-form article from ProPublica, “The Navy installed touch-screen steering systems to save money. Ten sailors paid with their lives.” Read the whole thing.

The new navigation system was the integrated bridge and navigation system (IBNS), which required months of retrofitting and 3 miles of cables and fiber optics. Not surprisingly, the software proved inadequate. More than 60 “major steering faults” were found in the month leading up to the McCain’s crash. Many sailors operated IBNS under backup manual mode.

Commander Sanchez was charged, but not convicted, of homicide. It seems that user-error is the default explanation given for military mishaps when in fact the systems are at fault. In this case, it looks like blame went up the chain:

“There is a tendency of designers to add automation based on economic benefits (e.g., reducing manning, consolidating discrete controls, using networked systems to manage obsolescence),” the report said, “without considering the effect to operators who are trained and proficient in operating legacy equipment.”

 

Adm. Phil Davidson, then the head of training and manpower for the Navy, led the review. The Navy fired or forced out five senior commanding officers above Sanchez, the McCain’s captain, including four admirals.

I wonder if those sacked Admirals were in charge of the IBNS development and fielding program, or if they were hapless fall guys responsible for training on the deficient system. The NTSB blamed oversight and training. Almost certainly, however, the contractor and string of program officers were at greater fault. There was obviously no concern for the user in the software design, and the perpetual errors and constant contractor upkeep meant it was prematurely fielded.

Usually, there is a race to get a system fielded according to an arbitrary schedule set years in advance. Such an advanced bridge/navigation system should probably first been tried on smaller ships with continuous user feedback, tested extensively, iterated, then progressively scaled up to larger and more complex ships. While such a strategy might appear to slow down capability improvements, in reality going slower may get you to the desired end state faster.

Of course, incremental and continuous scaling of new solutions doesn’t fit well with the acquisition and budget processes. Having a 5-year (or to-complete) funding plan for particular capabilities doesn’t provide the necessary flexibility. Instead, some unintuitive design is thrust upon users and fielded without proper testing. We go from RDT&E, to procurement, to operations. Where’s the continuous feedback and capability deployment?

Be the first to comment

Leave a Reply