This really isn’t funny, considering innocent people lost their lives, but it would be if not for that. The South African military was doing some live-fire training exercises, which included the use of an automated Type 90 Twin-35mm Towed Anti-Aircraft Gun, when something went wrong and the rapid fire gun began shooting off in random directions and at a much lower angle than would generally be used for shooting down aircraft. Before the gun system could be stopped, 9 bystanders were killed and 14 wounded.

The concept of an automated or semi-robotic weapon is not new at all and is more common than one might think. The unit is designed to shoot down low-flying, high speed aircraft, cruise missiles or other threats. Since it’s very difficult for a human to accurately track such targets, the device is equipped with it’s own sensors, such as radar, optical range finders and that sort of thing. When a target is engaged, the system is able to track and aim the guns using the onboard computers. If desired, it can be set up to be fully autonomous, protecting an area by scanning for incoming threats and shooting at any aircraft that cross into restricted territory. The basic idea is similar to the CIWS system used by the US for many years. Indeed, many anti-aircraft defensives systems are setup to the able to detect, target and destroy a potential threat before the human operator is even aware. And self-guided missiles date back to the end of the second world war.

What this accident points out is the necessity of certain safety principals which must always be built into any type of deadly-force capable automated weaponry system. Although the exact cause is not yet known, clearly the system either has a design flaw or was modified in an unsafe manner. Deadly force weapons like this are generally designed to “fail to safe.” Meaning that if any part of the system does not function properly, the system will not fire at all. Furthermore, low level hardware based safe-links are generally incorporated with the purpose of “failing” and disabling the device if it operates outside of is design parameters. A hypothetical example of this might be a fuse which is designed to blow if the system tries without proper authorization, or a mechanical component which will irreversibly jam if the unit begins to fire in a manner beyond it’s design capabilities.

Low-level safeties like a manual “kill switch” are always included and designed to be as accessible as possible and the final “arming” mechanism is generally as simple as possible and with the fewest areas for a mistake. For example, the system may not be able to fire at all unless it is powered on by a numerous electrical relays, connected in series. If even one subsystem does not work close the respective relay, the gun is not powered.

An interesting application of this principal is commonly found in deep-ocean submersibles. The submersibles are designed to be lighter than water and require large ballast weights to stay under. The weights are often held in place by electromagnets, which are connected to a manual kill switch inside the crew compartment. If the sub must surface in an emergency, the crew can cut the current and drop the ballast, bypassing any automated controls. Since the electromagnets require power to hold the weights, a failure of the power system will result in the vehicle surfacing, not diving.

All of us have had our computers do strange things, crash unexpectedly, drop hardware drivers for unknown reasons, freeze, get stuck in loops and so on. Debugging and good programming can help with this, but in the end, it’s always going to be a possibility, especially with complicated automated systems. So when such a system is connected to a device with potential deadly capabilities, there are three things that need to be kept in mind: Keep things simple, make failures result in non-function and always have an easily accessible “kill” switch.

While the cause of this accident remains under investigation, it should serve as a reminded to the designers of the importance of these simple yet critical principals.

---

This entry was posted on Friday, October 19th, 2007 at 8:42 am and is filed under Bad Science, Good Science, History. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

---

View blog reactions