Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Success is much harder to analyze than failure. When things go wrong in a chemical plant or space program, it’s usually possible to figure out the causes and resolve to avoid those things in the future. But when things go right, it’s difficult to know why. Which factors were important to the success, and which weren’t? Was the success due to skill, or just luck? If we are to learn to deal with hazardous technologies, our best bet is to look for organizations that manage risk successfully and see how they do it.

This is the goal of the high-reliability organization project at the University of California, Berkeley. For more than a decade, Todd La Porte, Karlene Roberts, and Gene Rochlin have been studying groups that seem to do the impossible: operate highly complex and hazardous technological systems essentially without mistakes. The U.S. air traffic control system, for instance, handles tens of thousands of flights a day around the country. Air traffic controllers are not only responsible for choreographing the takeoffs and landings of dozens or hundreds of flights per hour at airports but also for directing the flight paths of the planes so that each keeps a safe distance from the others. The success is unequivocal: for more than a decade none of the aircraft monitored on the controllers’ radar screens has collided with another. Yet the intricate dance of planes approaching and leaving airports, crisscrossing one another’s paths at several hundred miles an hour, creates plenty of opportunity for error. This record of safety is not due to extremely good luck, the three Berkeley researchers conclude, but to the fact that the institution has learned how to deal effectively with a complex, hazardous technology.

Perhaps the most impressive organizations they have studied are the nuclear aircraft carriers of the U.S. Navy. While it’s impossible for anyone who hasn’t worked on such a ship to truly understand the complexity, stress, and hazards of its operations, this description by a carrier officer to the Berkeley researchers offers a taste:

So you want to understand an aircraft carrier? Well, just imagine that it’s a busy day, and you shrink San Francisco Airport to only one short runway and one ramp and gate. Make planes take off and land at the same time, at half the present time interval, rock the runway from side to side, and require that everyone who leaves in the morning returns that same day. Then turn off the radar to avoid detection, impose strict controls on radios, fuel the aircraft in place with their engines running, put an enemy in the air, and scatter live bombs and rockets around. Now wet the whole thing down with salt water and oil, and man it with 20-year-olds, half of whom have never seen an airplane close up. Oh, and by the way, try not to kill anyone.

A Nimitz-class carrier flies ninety aircraft of seven different types. These aircraft have only several hundred feet in which to take off and land instead of the mile or more available at commercial airports, so they need help. At takeoff, the planes are catapulted by steam-powered slingshots that accelerate them from standstill to 140 knots (160 miles per hour) in just over two seconds. As each plane is moved into place on the steam catapult, crewmen check it one last time to make sure that the control surfaces are functioning and that no fuel leaks or other problems are visible. The catapult officer sets the steam pressure for each launch depending on the weight of the plane and wind conditions. The spacing of the launches-about every 50 seconds-leaves no time for errors.

But it is the recovery of the planes that is truly impressive. They approach the flight deck at 120 to 130 knots with a tail hook hanging down to catch one of four arresting wires stretched across the deck. As a plane approaches, the pilot radios his or her fuel level. With this information, the people in charge of the arresting gear calculate the weight of the plane and figure the proper setting for the arresting-gear braking machines. If the pressure is set too low, the plane may not stop soon enough and so topple off the end of the deck into the sea. If the wire is too taut, it could pull the tail hook off or else snap and lash out across the deck, injuring or killing anyone in its path. The pressure for each of the four wires is set individually by a single seaman.

Meanwhile, landing signal officers are watching the approach of the plane, advising the pilot and then-if everything appears right-okaying the landing. Just as the plane touches down, the pilot gives it full throttle so that if the hook does not catch, the plane will be going fast enough to take off and come around again. If the hook does catch a wire, the plane is slammed to a halt within about two seconds and 300 feet. As soon as the plane is down and stopped, “yellow shirts” rush to it to check the hook and to get the plane out of the way of the next one. As the arresting wires are pulled back, other crewmen check them for frays. Then it all begins again. The cycle has lasted about 60 seconds.


0 comments about this story. Start the discussion »

Tagged: Communications

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me