Failsafe

  • Published
  • By Lt. Col. Robert Garner
  • 341st Missile Wing chief of safety
MALMSTROM AIR FORCE BASE, Mont. --  Failsafe from Merriam Webster is defined as: incorporating some feature for automatically counteracting the effect of an anticipated possible source of failure: being or relating to a safeguard that prevents continuing on a bombing mission according to a preconceived plan: having no chance of failure: infallibly problem-free.

Failsafe is a term that is embedded into our strategic heritage but it is also a term that can be easily misunderstood and misapplied. Knowing how to plan your operations and design your materiel so that it fails in a safe mode is a vital capability we need in any, but especially nuclear, operations. How do you know your operation or system is failsafe? One technique is to use "what if" analysis. Look at your procedures, go through each step and ask at each step, what if it fails here?

If the answer is a mishap, then that step is not failsafe.

How do you address the problem? You can engineer out the problem by modifying the device. An example of this is the Otis elevator brake. Prior to the Otis device, if an elevator's cable broke, the elevator fell to the bottom of the elevator shaft. Not a good failure mode. Elisha Graves Otis invented an elevator brake that automatically engages when the cable breaks. This is a prime example of a failsafe. When the cable fails the elevator comes to a stop, in a safe mode.

Other ways to failsafe involve modifying procedures. United States Navy doctrine is to land airplanes on carriers under full power. The reason is that to stop on a carrier, an aircraft has a tail hook that must catch a cable attached to the deck of the carrier. If that cable breaks, or, if the hook misses all the cables and the aircraft isn't under full power, it will likely crash into the ocean. By being under full power on landing, the aircraft has the ability to climb to safety. This ensures that if any critical components of this process fail, either the cable or the pilot's skill to catch the cable, then the failure mode is a safe one--climbing to safety rather than going into the sea.

Some things we do to try and failsafe a system actually don't failsafe at all. For example, inspections and audits are often not really making things failsafe but are often the first thing we do to try and prevent mishaps. If we refer to the elevator example only inspecting the cables on a periodic basis and not having the Otis device, depending on how frequently the elevator is inspected could reduce the probability of the elevator failing. However, it wouldn't reduce the catastrophic results when it did fail. Inspections and audits can be a vital mishap prevention tool, but you really need to use them in conjunction with failsafe measures to have a safe system.

How can this apply to you? Look at the things you do at work or at home on a daily basis. Ask "what if" questions, and if the answer is you get a mishap, try and find ways to failsafe that part of the operation either by seeking better material or changing procedures.