Emergency Procedures: For Driving and Other Purposes
The recent news of unintended acceleration incidents[1] involving Toyota-made automobiles raises an interesting, but unsurprising question of preparedness: Why are more people not prepared to deal with the unexpected while driving? This is not a question of reducing the manufacturer's liability or responsibility, but a simple matter of self-preservation: It is better to be a survivor able to bear witness than a victim leaving an estate with a large legal claim.
As the case with any collection of related incidents, there are a collection of issues. There are the significant technical questions of the underlying cause or causes of these incidents and which parties are responsible for the origin and correction. The engineering questions of precisely what systems or mechanical failures occurred will be investigated in due course. In terms of self-preservation, I find it interesting that the media accounts of this unfolding situation mostly fail to address the far more pressing public concern: How can one minimize the damage to ourselves, our passengers, and bystanders. It is far better to be scared and uninjured, than to become a statistic in the fatalities column.
This is not something specific to Toyota-made cars. Incidents can happen to any driver at any time, for any number of reasons. Some incidents are the result of design errors; others may be related to a maintenance or operating errors. The commonality is the question of safety: What must be done to terminate the incident with the minimum injury to people.
New Yorkers were witnesses to how an “unprecedented event” is not the same as an “impossible event” when US Air Flight 1549 had an encounter with a gaggle of geese immediately after takeoff from LaGuardia Airport (LGA). The encounter was fatal to several of the geese, who were ingested into the engines of the Airbus A320. While the aircraft itself was not damaged by the impacts, but both engines ingested geese and were severely damaged.
The two man flight crew, Captain Chesley Sullenberger and First Officer Jeffrey Skiles were knowledgeable and prepared to deal with the unexpected double engine failure. Improvising from a checklist far too long to be executed from an altitude of a few thousand feet,[2] Captain Sullenberger was able to execute an emergency touchdown in the Hudson River. All 155 people aboard the aircraft survived and were evacuated by an ad-hoc flotilla of water taxis and small ferries that ply that part of the Hudson River.
The author Dale Brown, a retired officer in the US Air Force, had a telling passage in Shadows of Steel:
“As with any check ride, the IP started Sampson off with a fifty-question emergency-procedures written test, including space to write down all sixty-seven lines of bold print emergency procedures for the T-38 Talon jet trainer, the steps that were required to be committed to memory word for word. No one was allowed to step inside any Air Force aircraft without demonstrating thorough knowledge of all aircraft systems.”
Mr. Brown has an excellent point. Perhaps the flight standard is not reasonable for ordinary driving, but the rationale behind the requirement remains. Regardless of who is ultimately culpable, it is far better to survive a frightening incident than to participate in a fatal one.
The long litany of National Transportation Safety Board investigations into fatal and non-fatal incidents clearly illustrates that incidents are rarely the result of a single error or malfunction, but are overwhelmingly the product of a cascade of malfunctions, errors, and misfortune. Safety is merely the consequence of interrupting such a cascade.
The recent automotive incidents highlighted a dramatic difference between driver training and training in other fields. Like many, I enrolled in Driver's Education as a teenager. I spent quite a few hours learning how to drive, both in the classroom and in car with dual-controlled brakes.
The Driver's Education experience was dramatically different from my training for an FAA Glider rating. Driver's Education was about how to drive. Relatively little attention or emphasis is paid on abnormal events. By contrast, pilot training is all about the abnormal, the normal is almost a secondary consideration.
In industrial and aviation settings, procedures for out of control devices are commonplace and well-exercised. The underlying thought is simple: human safety always comes first. Equipment may be valuable, but it can always be repaired or replaced.
The cure for an out-of-control device is simple: contain the damage and shut the device down. Engine throttles jamming in the open position or governors and other speed control devices failing are but one of an almost infinite number of possible malfunctions. The source of the failure is not relevant: it can be a mechanical failure such as a failed spring or stuck linkage in a governor or it can be an unexpected failure of a complex computerized engine control system, the solution is the same: shut the unit down before it causes more extensive damage. If this can be done without damage to the malfunctioning unit: fine; if not: so be it.
High speed un-commanded acceleration does not occur in a heartbeat. While embarrassing, a simple acceleration of a few seconds does not generally lead to spectacular speeds and fatalities, it leads to an accident with relatively minor injuries. Some of these will involve fatalities, but it is not physically possible for a car to accelerate to 120 MPH in a heartbeat. The incidents involving high speeds are reported to have been of extended duration, certainly more than a handful of seconds.
With a time scale of more than a few seconds, one need not be a passive bystander; one can take action to contain the incident. For an automobile with a throttle seemingly out-of-control, the correct actions are likely:
- Press hard on the brakes.
- Set the Cruise control switch to OFF
- Shift the transmission into Neutral
- If all else fails, turn OFF the ignition (do not remove the key which will lock the steering wheel)
If the engine is truly out of control, putting the transmission in Neutral may very well result in irreparable engine damage. It is far better to replace an engine than to land in a hospital or worse. With the engine still running out of control, the power-assist on steering and brakes will still function normally.
Turning off the ignition should stop the engine, but the power assist will also cease.
Sitting as a spectator while the vehicle accelerates out-of-control is not a good option, in any event.
Many interstate highways traversing areas with steep grades have emergency deceleration ramps. Large trucks have had incidents with brake failure on such grades. Improved brakes, better maintenance, and inspections are all appropriate solutions. The deceleration ramps are a safety net if all else fails. A truck with a brake problem steers onto the ramp, which is designed to slow a heavily laden truck with total brake failure. The rationale behind crushable concrete runway extensions is similar.
In recent days, similar observations have been made by some columnists;[3] although they have been absent from major news reports. In my opinion, this omission is an error and does a disservice to the public. The public is better served by education as to what to do when dealing with the unexpected. Emergency procedures education would save lives, it is insurance against the inevitable next incident.
Recalling vehicles with defects is retrospective: it prevents repeats of incidents that have already been understood. Even recalling all known hazards will not address what happens the next time a defect in manufacturing or maintenance occurs.
These incidents are a warning call to improve our training practices to improve safety. When I was a student in Driver Education, I was taught to NEVER shift the transmission into Neutral while the car was running. Similarly, I was told to never force the transmission into a lower gear to slow the car down. Insofar as normal operating procedures, these are good recommendations.
However, when confronted with a malfunction, these prohibitions can easily become a recipe for catastrophe. Simulators play a large role in initial and refreshed pilot training; perhaps there is an important role to be had in driver training as well.
Practicing emergency maneuvers in real cars can be dangerous for all parties: the student, the instructor, the car, and the test track. Perhaps some technology transfer from the more demanding regimes to driving is appropriate.
Paraphrasing the introductory voiceover for “The Six Million Dollar Man”,[4] we can do a better job, we have the technology. A realistic motion simulator is well within reach that could allow us to train drivers to deal successfully with unexpected incidents without putting themselves at risk.
The relevance to Information Technology and Computing is straightforward. The particular context is only scenery and accent. The same principles of actively managing the response to an abnormal event to restore safe operation apply, whether dealing with a server problem, a network problem, or an out-of-control vehicle.
Notes
| [1] | Accident implies an unavoidable event; incident is a more neutral term |
| [2] | A&S Interview, &8220;Sully's Tale” February 18, 2009 |
| [3] | Mark Phelan “Odds of your vehicle going out of control seem rather rare” February 4, 2010 |
| [4] | A fictional TV-series in which former astronaut and test pilot Steven Austin (Lee Majors) is severely injured in a crash and rebuilt using bionic replacement parts. |
References
- A&S Interview, &8220;Sully's Tale”, February 18, 2009. Retrieved from http://www.airspacemag.com/flight-today/Sullys-Tale.html on February 7, 2010
- James Kanter, Micheline Maynard, and Hiroko Tabuchi,
“Toyota Has Pattern of Slow Response on Safety Issues”
, February 7, 2010.
Retrieved from http://www.nytimes.com/2010/02/07/business/global/07toyota.html on February 8, 2010 - Micheline Maynard. “Answers to Questions About Toyota” , February 5, 2010. http://www. on February 8, 2010 -->
- Jim Motavalli,
“The Dozens of Computers That Make Modern Cars Go (and Stop)”
, February 5, 2010.
Retrieved from http://www.nytimes.com/2010/02/05/ on February 8, 2010 - Mark Phelan,
“Odds of your vehicle going out of control see rather rare”
Detroit Free Press, February 4, 2010.
Retrieved from http://www.freep.com/article/20100204/COL14/2040441/1095/col14/Odds-of-your-vehicle-going-out-of-control-seem-rather-rare on February 8, 2010 - Bill Vlasic,
“Lawsuit Over a Crash Adds to Toyota's Difficulties”
, February 5, 2010.
Retrieved from http://www.nytimes.com/2010/02/05/business/05recall.html on February 8, 2010 - unknown, “U.S. Safety Regulators Announce Plans to Investigate Prius Brakes”, February 5, 2010. http://www. on February 8, 2010 -->
- National Safety Commission, “Toyota Runaway Engines” November 5, 2009. http://www. on February 8, 2010 -->
URLs for referencing this entry
- Home
- Services
- Speaking
- Upcoming Events
- TechnicalCounselSM News Archive
-
Ruminations – An IT Blog
- March 23, 2011
- March 6, 2011
- February 28, 2011
- February 9, 2011
- January 10, 2011
- November 26, 2010
- November 22 2010
- November 2, 2010
- October 25, 2010
- September 28, 2010
- August 31, 2010
- August 23, 2010
- June 21, 2010
- June 14, 2010
- May 25, 2010
- May 12, 2010
- March 2, 2010
- February 8, 2010
- December 21, 2009
- December 7, 2009
- November 24, 2009
- June 25, 2009
- May 8, 2009
- May 5, 2009
- March 31, 2009
- March 18, 2009
- February 20, 2009
- January 21, 2009
-
The OpenVMS Consultant
- Presentations
- Publications
- Technology Demonstrations
- Bookstore
- Contact Us
|
|
|
|
|
|
![[Valid Atom 1.0]](http://images.rlgsc.com/logos/valid-atom.png "Validate my Atom 1.0 feed")
![[Valid RSS]](http://images.rlgsc.com/logos/valid-rss.png "Validate my RSS feed")
