It is quite common and vessels often have outages that leave them Not Under Command. Usually they are safely at sea when this happens and they can drift for hours without causing problems. But of course there's always a possibility of it happening at exactly the wrong moment.
The reasons for this are the usual: lack of redundancy, lack of maintenance, overworked and understaffed crews, etc. etc. The book lays out how ships are pretty much designed to be floating disasters and the Class societies (essentially privatized regulators) are in the pockets of the builders, and they are so captured that they make rules that make it difficult to make safe vessels.
For instance, he was trying to design multi-screw vessels but the rules now assume single-screwed ships and it can be impossible to design in additional shaft alleys and still conform.
It wouldn't help with this accident, but you would think that the electronics would be on batteries. It wouldn't be too hard to have rack of batteries that would power the lights, instruments, radios, and sensors. Doesn't help if the propulsion or steering go out, but does make easier to know whats going on.
The problem is with steering. The rudder on a ship this big is going to be wall of steel several stories tall with gears as big as car.
Warships have several independent backup steering options reducing finally to a worm gear at the top of the shaft with a winch handle big enough to put a gang of men on it. But ships like this will have none of that. They will have a small wheel or joystick on the bridge and if power goes out the rudder will definitely stay in the last commanded position until power is restored. Even if they had auxiliary steering they would not have the crew to man those positions.
This ship would have alternate diesel power plants called "mules" (think APUs on aircraft). It's possible that when the lights came back on that was because they got a mule started.
But really if we don't want accidents like this to happen the ship should have redundancy. A 10,000 TEU container ship is one of the largest and heaviest moving structures ever created by man. Why is it acceptable that it is driven by exactly one engine powering one screw in front of one rudder?
By the way a ship this big with only one screw is very difficult to maneuver at slow speeds. They pretty much have to be going at least 14-15knots to have any rudder authority.
> But really if we don't want accidents like this to happen the ship should have redundancy. A 10,000 TEU container ship is one of the largest and heaviest moving structures ever created by man. Why is it acceptable that it is driven by exactly one engine powering one screw in front of one rudder?
Perhaps because we have a whole lot of them going and a very low frequency of events like this.
Maybe there's some lighter weight interventions we could do that would further halve the risk of something like this happening that are less costly than fully redundant engine and drive.
They're supposed to have emergency steering gear. Why didn't it work? Maybe ships should have an auxiliary genset running while near land.
Do we need kindergartens to be safe? How many dead kids is too many? /s
Seriously, in England it is a legal requirement to have redundant brakes on a freaking bicycle. A dude that hit a grandma with a bicycle due to 1 non-functional brake went to prison. But a giant container ship needs nothing?
What is the cost of fixing this bridge and + lost lifetime earning of all the people who dies + compensation to their families? Is that really cheaper than installing batteries plus electric motor?
Now imagine this ship would hit a bridge in daytime, when it’s clogged with traffic?
Cost/benefit analyses are just a fact of life. I see your point, but without really considering the question we don't know what the proper response is. It is not obvious to me that we need to mandate backup power systems, there are an awful lot of ships entering ports around the world each day and very few bridge collapses.
The problem is that the bridge collapses that do happen are just catastrophic. The economic impact alone will be massive for Baltimore. But will the responsible parties pay out that damage in full? Unlikely.
Cost-benefit analyses aren't designed to evaluate the total risk a business venture presents to everyone who could possibly be involved; they're designed to evaluate the risk posed by a problem that will launch lawsuits that will play out in courts for years, if not decades. Meanwhile, some injured parties settle for pennies on the dollar, laws change, and in the absolute worst-case scenario, major shareholders draw down their positions in the corporate venture that caused the problem. The world keeps on spinning, and just maybe some regulatory agency will pay attention to the report issued by the likes of the NTSB and USCG.
The process does not adequately protect the public.
Regulations are written in blood, because trying to make everything safe pre-emptively is impossible economically for a number of reasons. Primarily being, you can’t (usually) realistically force people to spend the money on something that isn’t clearly an actual problem.
And that fundamentally means until someone ‘bleeds’/a big enough disaster happens, some things won’t get fixed.
See the triangle shirt waist factory for an example of what it took to be able to force people to pay for certain kinds of fixes.
Since folks aren’t currently burning down the NTSB’s offices or the like, it also seems like your opinion that the public is not currently adequately protected isn’t a majority one?
The only way we’ll ever hit zero accidents is if we are all dead, it’s impossible to do anything without some risk.
I have lived in two different cities where no kindergarten age children have died getting hit by cars outside of their school.
Last year I saw a child fall off a raised garden bed at his school, hit his head, and leave in an ambulance. I never found out what happened as I was just visiting that small town.
Children die at or going to/from kindergarten a few times a year I bet in the US.
And this bridge being down will shutdown the port and reroute all automobile traffic that used to travel across it for months and the bridge itself will require design rebuilding, all of which will be extremely costly economically.
Biden has said that the Federal government will pay to rebuild the bridge, in order to get it done quickly.
But presumably they will ultimately seek reimbursement from the Dali’s insurers. As will the Port of Baltimore and anyone else who has suffered damages.
> What is the cost of fixing this bridge and + lost lifetime earning of all the people who dies + compensation to their families? Is that really cheaper than installing batteries plus electric motor?
I don't mean to contribute to this already-too-charged discussion any more than to say that the answer to this question is not as obvious as you think it is. If anything, I would bet that the former is less expensive than the latter, and I say that with immense sadness. Does that make sense?
It’s a legal requirement to have brakes on both wheels of your bicycle. That’s not the same thing as redundancy. Braking performance is significantly reduced if you can only brake on one wheel, so both brakes need to be functional to stop quickly and safely.
And the dude went to prison because he hit and killed a grandma while riding with reckless disregard for the safety of pedestrians. The brake thing didn’t help, but it was a side story.
On pavement, when the front brake performs well and is operated near optimal power, the back tire will not have traction. The back brake is entirely redundant in that case.
> ”Redundancy doesn't necessitate the redundant option being identical to the first.“
Yes. In fact, in a redundant system, using different designs or technology is often an advantage, so that a failure mode that affects one system is unlikely to affect the other.
But if something is redundant, it is “able to be omitted without loss of function”. Front and back brakes on a bike are not there for redundancy. They are components of the same braking system: without both in service, they don't work as well.
Or to put it another way, the front brake isn’t there as a spare in case the back brake fails. It’s there because without brakes on both wheels, you can’t stop quickly in an emergency.
> Front and back brakes on a bike are not there for redundancy. They are components of the same braking system: without both in service, they don't work as well.
Bikes are very different from cars due to the short wheelbase vs high center of gravity.
At moderate or fast speeds maxim deceleration occurs when the front tire applies enough force to lift the rear tires off the pavement thus removing the impact of the rear tires. Below maximum acceleration you could use the rear break but it doesn't do anything applying the front break slightly harder would do.
At sufficiently low speeds the rear tire can help, but it's really there for redundancy as even acting alone it doesn't work very well.
This only applies in ideal conditions (eg: dry tarmac). Where there is less surface friction (wet or icy surface, dirt or gravel trails, etc) you're going to quickly hit the limits of the tire's traction, so will need both brakes if you want to stop in the shortest possible distance.
Wet roads, cold ice, and dirt still provide enough friction to send you over your handlebars at speed. They just increase the maximum speed rear tires provide any benefit. Near its melding point ice isn’t going to provide enough friction for rear breaks to matter.
So sure there’s a minimal benefit in some very specific conditions, but no they are there for redundancy.
In reality, the rear brake contributes nothing (apart from redundancy in case of front brake failure) to being able to stop quickly in an emergency. The quickest stop is achieved by using the front brake as strongly as possible while bracing oneself to avoid going over the bars, which if done correctly, will mean the rear wheel will have next to no contact with the ground. That means locking the rear wheel with the rear brake will contribute nothing to stopping.
Conspiracy... some adversary is waiting for opportunities during unfavorable/aberrant conditions and triggering simple failures at impossibly inopportune times. Without any redundancy, conditions it looks like a freak accident. It would be interesting if you could come up with a likelihood for each conditions to have overlapped temporally. If someone comes to the conclusion that its possible to create the triggered failures it would be prudent to forbid sailing in conditions that might lead to these supposed "fly under the radar attacks".
> Maybe there's some lighter weight interventions we could do that would further halve the risk of something like this happening that are less costly than fully redundant engine and drive.
Redundancy doesn't inherently have to cost a lot more. For example, if you have three engines driving three props, they can each be 1/3 as large, and not necessarily weigh much more if at all. But then if you lose one, you lose 1/3 power rather than experiencing total loss of control.
> Redundancy doesn't inherently have to cost a lot more. For example, if you have three engines driving three props, they can each be 1/3 as large, and not necessarily weigh much more if at all.
Yah, from aviation everyone moved to twins because tri-jets and four engine jets were too expensive in comparison. Things don't scale up or down perfectly; in practice you end up with more maintenance.
But it seems like here they lost steering, so maybe there's something better we can do to keep steering more of the time (the cutover to emergency steering gear isn't instantaneous or perfect).
Planes use two engines because they can land with one and smaller jet engines are about as complicated as larger ones. Ships have different constraints. For example, a lower output diesel engine could have fewer cylinders and correspondingly lower maintenance costs.
but two engine jets can fly on one engine for a while, however a one engine boat this big is an uncontrolled juggernaut when it has some speed and no engine because it doesn't have any redundancy.
> but two engine jets can fly on one engine for a while
Not just for a while. They must be able to do so indefinitely, until you run out of fuel. Of course, you are going to want to get it back on the ground long before that happens.
Emergency steering gear is required on every commercial vessel and is regularly tested. We will have to wait for the investigation to see what actually happened.
At least in small craft, bow thrusters are usually electric, with local batteries charged from the main engine room. I don't know what large craft are like, but it doesn't seem unreasonable that a bow thruster may remain operable even if the main engine fails. Clearly that's not required or they would've had it and used it, but it could be required if the regulations didn't suck.
Furthermore, steering could absolutely have an electric backup for the hydraulic pumps that power the main steering gear. As long as there's some forward speed through the water, the rudder should work. But again, backups clearly aren't required or they would've worked here.
Steer-by-wire cars are required to have all sorts of redundancy so they're almost as safe as steering-shaft cars in case of an engine failure. This is a 9,900TEU ship with a 41480 kw powerplant. That a ship with so much more destructive potential is allowed to operate without the same level of redundancy as a $90k Audi, is unconscionable.
The difference for a car and drive by wire system is that the failure mode of control systems on cars is normally catastrophic and dangerous. If a car loses steering or brakes, it will hit something within seconds 95% of the time.
That ship spent 1 (4:30 to 5:30) hour of a presumably 10-20 day voyage in a critical control section. The tugs left the ship right around 5:08 (43 seconds into the video). A much better policy for this case would be to have required the tugs stay with the boat until it passed the main span safely.
There were no doubt maintenance issues that led to this accident, but it is exceedingly rare for these types of failures to cause this type of catastrophic result.
Aircraft carriers are billion dollar ships, these are not. The most expensive container ship tops out at ~$250 million and the one that crashed today is more like $80-150 million. The propulsion systems on these vessels cost tens of millions. $100k wouldn't even pay for the material costs of a rudder.
I don't know enough about the cost and safety tradeoffs made in the design of these ships to comment but your numbers are orders of magnitude off from both directions.
Right. It's not like the ship owners (or, more saliently, their insurers) want things like this to happen.
Second-guessing the marine engineers in this case is like the people post-9/11 who argued that future buildings should be designed to withstand the impact of a wide-body jetliner fully loaded with fuel.
Really recommend you read Tankership Tromedy which was written by a marine engineer. You don't even have to find a copy, the author put a PDF on the internet:
Great resource which allows one to get an idea of the issues involved in Tanker safety. Thank You for posting the link.
Just browsed the book and immediately found "the smoking gun" in the preface itself!
Mandate twin screw in the form of two fully independent engine rooms. Under the current system, 99.5% of all tankers, however large, are single screw. These ships are always a single failure away from being helplessly adrift. The book presents evidence, never before public, that there are at least ten total loss of power incidents on tankers every day. Twin screw, properly implemented, would reduce this failure rate by more than a factor of one thousand. Twin screw would also drastically improve tanker low speed maneuverability which is implicated in a number of big spills including the Aegean Sea shown on the cover.
This was written in 2006, so it clearly does not take any data from this incident into account. Even if it were written today, it would not be based on any real data -- it's far too soon for that.
The bridge has been there for nearly 50 years, in a port that handles around 50 million tons of cargo every year.
It seems pretty clear that whatever the cause, it was an extremely rare incident.
> It seems pretty clear that whatever the cause, it was an extremely rare incident.
It may be rare in the lifetime of the bridge, but if there is a variable which has change (or is moving) then that isn't so important a consideration. For example, if container ships have recently become much larger in relation to the design requirements in place at the time of the bridge's construction.
I don't need to browse the book to understand that a book from 2006 can't possibly have any data from an incident that happened yesterday, and that no conclusions can possibly be rendered at this time about the causes of this specific accident.
People are telling you to read the book because, yes, it has a ton of perspective on the long-standing market and regulatory forces that shape the environment that almost certainly led to this specific incident. Understanding how loss-of-power incidents happen, why ships are built the way they are, how flags-of-convenience affect the standards to which ships are maintained and inspected, how ship builders, owners, lessees, operators, crews, and regulators interact, YES, all of those things are extremely relevant to understanding the present situation.
If someone made a landscape painting today using the wet-on-wet technique, would you argue that a Bob Ross episode from years ago couldn't possibly tell us anything about it? That's silly. It's precisely applicable. Mr. Ross himself might not describe the specific location of today's trees or clouds, but he can darn sure tell you how the brush strokes add up to make a tree. Actually he's probably one of the world experts on precisely that.
Proclaiming your ignorance of extremely-well-researched expert sources is not a good look.
While it is true that the investigation into the causes of the disaster is just starting and we don't yet have a definite conclusion, user "jordanb" has done a great service in pointing us to a book written by a domain expert which had pointed out fundamental design flaws in the design of Tankers long ago. Design Flaws have no expiry date until they are acknowledged and fixed properly. In an era of disinformation/misinformation and focusing solely on profits it is important that people be shown some factual data by actual engineers/experts who were very much concerned with safety and how all concerns were flouted by concerned companies/authorities.
Just like the Boeing disasters have shone the spotlight on Civilian Aeroplane Safety, this disaster shines a spotlight on Tanker Safety, arguably a far far more important topic since almost all the world trade of goods and oil is dependent on them exclusively.
While the ship is $200Mish, how much is the cargo also worth? If the ship had went to the bottom in this event the cleanup would take 10x as long and release god knows what pollutants.
Based on what I've read the container ship was only half loaded (5k out of 10k TEU) and most of the containers were empty or lightly loaded. I don't think ships of that size can even navigate those waters fully loaded.
AFAIK the water around the bridge is only like 50 feet deep and the ship itself is about 150 ft high. It wouldn't even really sink, just get stuck on the bottom. A crane ship would come unload it and then tugboats would pull it out.
The worst case scenario though does take a long time if it gets fully grounded and stuck beyond the ability of tug boats to pull it out. A company specializing in marine salvage has to come in to cut it up in place and haul the ship away piece by piece. They use large cutting chains that they pull back and forth to cut through the metal. It's a fascinating process: https://www.youtube.com/watch?v=Ndr2a7AQ8b4
The ship can carry 10,000 TEU, which would fit at least 10,000 imported cars, which would cost around $500mm.
In this case it seems the ship wasn't full, but it's not hyperbole to estimate it as being worth a billion dollars fully loaded. Cars aren't the cheapest things you can ship in containers, but they're far from the most expensive either, and they're what the Port of Baltimore specialises in.
I know this may seem pedantic, but to image that the cost of an additional screw or screw+engine at 100k for vessels like this is patently absurd. Just trying to offer some explanation if you're confused at the responses you're getting. Requiring such a thing would probably have a measurable impact on the global economy, even if all current vessels were grandfathered in and exempt.
> That a ship with so much more destructive potential is allowed to operate without the same level of redundancy as a $90k Audi, is unconscionable.
Would you still believe this if it was demonstrated that the system lacking redundancy was - due to factors beyond the scope of this conversation - more safe by an order of magnitude than the steering system that includes redundancy but in a different medium?
Put differently: do you think the Space Shuttle should have had ejection seats? If yes, what about an Airbus A320 flying a normal commercial route?
Ejection seats are a use case noche unique to military flying where the pilot is A) the most irreplaceable piece in terms of warfighting, and B) injury of the pilot in the escape attempt is considered an acceptable tradeoff.
If you really want chills, think about this: a conscious decision was made with covil aviation that it was more economically feasible to sacrifice the human lives on board, and resolve the rest through lawsuits.
In short: if you know/are critical to the process of murdering extra-natiomals, you warrant a life saving device.
If you're a civillian, you're a line item in a potential series legal judgements.
Military aircraft are subject to failure from being shot at. Aircraft in combat will fail much, much more often than properly maintained civilian aircraft.
Civilian aircraft don't have election seats because situations where they would be useful are exceedingly rare.
That's wrong on so many levels that I don't know where to start. Where in a commercial airliner do you want to keep several hundred explosive devices that would violently launch a passenger out onto an open air, through a hole punctured through a pressurized fuselage at the perfect moment, when the plane could be either at a cruising altitude, over an ocean, or speeding down a runway?
Thanks for the link to that book. I don't know if it's the because of this catastrophe, but it looks to be unobtanium at the moment. Will have to find it in the library.
> lack of redundancy
This is what I am surprised at from many angles. It seems to me that the ship, the port (in the form of lack of tugboats), and the bridge (in the form of lack of secondary protection of the pillars) all had a lack of redundancy and secondary options.
It is quite common and vessels often have outages that leave them Not Under Command. Usually they are safely at sea when this happens and they can drift for hours without causing problems. But of course there's always a possibility of it happening at exactly the wrong moment.
The reasons for this are the usual: lack of redundancy, lack of maintenance, overworked and understaffed crews, etc. etc. The book lays out how ships are pretty much designed to be floating disasters and the Class societies (essentially privatized regulators) are in the pockets of the builders, and they are so captured that they make rules that make it difficult to make safe vessels.
For instance, he was trying to design multi-screw vessels but the rules now assume single-screwed ships and it can be impossible to design in additional shaft alleys and still conform.