The Surprising Way That Success Can Threaten Safety

On a cold January morning in 1986, nearly 1 in 5 Americans watched in horror as Space Shuttle Challenger broke apart 73 seconds into its fateful flight. One of Challenger’s two solid rocket boosters – which are nearly the same height as the Statue of Liberty and hoist a million pounds of rocket fuel propellant – sprung a violent leak, causing a quick cascade of structural failures that ultimately resulted in the total breakup of the shuttle. The astronaut crew capsule, which was designed to withstand intense forces, continued to ascend for another 3 miles before arcing back down to Earth. 

On that fateful day, President Reagan was set to deliver the nation’s State of the Union Address, but given the enormity of the disaster, chose to postpone it, and talk directly to the American people, and especially American school children, who had been excitedly watching their astronaut school-teacher hero, Christa McAuliffe’s space debut. “The Challenger crew was pulling us into the future, and we’ll continue to follow them”, Reagan stated. Yet, learning form Challenger would prove more difficult than Reagan’s eloquent words had promised. 

Seventeen years later, on February 1st, 2003, NASA lost a second shuttle. Space Shuttle Columbia broke apart upon re-entry into Earth’s orbit after a piece of foam insulation the size of a suitcase dislodged from the shuttle and impacted the left-wing during liftoff, ultimately compromising the wing’s heat protection. Briefing the crew of Challenger after the launch, NASA sent an email to the Commander and Pilot of Columbia that debris had impacted the left wing, but after careful assessment, there was little cause for concern. On re-entry, Challenger’s left wing failed at a speed of Mach 20, resulting in the disintegration of the shuttle, high in a clear Texas sky. 

Investigations into the Challenger and Columbia disasters proved exhaustive. In the case of Columbia, investigators combed through 30,000 documents, interviewed 200 experts, and employed 25,000 searchers, who scoured vast swaths of the Western United States for evidence and debris. 

Although nearly two decades apart, the Rogers Commission into the Challenger disaster and the Columbia Accident Investigation Board (CAIB), published nearly identical findings. Regardless of the obvious technical malfunctions that lead to the disasters, the ultimate underlying cause was a creeping disrespect for safety culture – the set of attitudes, beliefs, and processes that all levels an organization respect and share when it comes to understanding the importance of safety.

A common understanding of incidents and accidents is that a linear chain of events, called proximal factors, must all take place for an adverse event to occur. The logic states that if any of those factors is absent, the chain will be broken, and the potential accident will be stopped. The often-quoted Swiss Cheese Model (see the work of Prof. James Reason) provides a handy conceptual framework for understanding this, in which the holes in slices of swiss cheese represent the unlikely way in which a unique set of circumstances would have to align in order to create an uninterrupted accident chain.

As the shuttle reports indicated, accident chains tend to be couched in cultural factors, which are far more nuanced and challenging to diagnose than mechanical failures or procedural issues. Endemic qualities, like operational priorities, managerial style, industry competition, relationships between employee groups, past successes and failures, and internal pressures such as performance blaming or bonuses, constitute a far more complex array of dynamics that can breathe life into accident chains. 

To be fair, space is tough, and NASA is one of the world’s top organizations for safety science. Perhaps all the more important, however, in understanding how easy it is to fall prey to the deeply nuanced trenches of human error.  

Today, many organizations aspire to achieve “goal zero”, a desire not to suffer a recordable incident or accident – particularly one that leads to a fatality. While this is outwardly logical, many organizations fail to appreciate or capture significant safety lapses that lurk just below the surface because success is defined solely as the absence of someone or something getting hurt. Even high-reliability organizations that openly measure near-miss events, close calls, errors or lapses, hazards, and threats, can miss critical cultural forces that threaten safety.

Counterintuitively, routine operational successes can also be a threat if an organization equates mission completion with safety. The old adage, “All’s well that ends well”, is a common safety trap. The exhaustive Challenger and Columbia reports concluded that it was not so much the engineering flaws that resulted in the catastrophes as it was the human decision-making errors and the safety complacency that arose from repeatedly (and successfully) dodging bullets. These are deep cultural issues. 

The absence of incidents is undoubtedly a useful measure of safety. Yet, a more complete understanding would include workplace attitudes and job behaviours. Triangulating between these three views – attitudes, behaviours, and outcomes – can help illuminate what is happening below the surface and just how close an organization is flirting with disaster. A simple place to start is by measuring anonymous safety perceptions within an organization, including views on organizational relationships, decision-making, conflict management, and operational performance pressures. Budget conscious perception surveys, if done right, are an effective early-warning tool for identifying safety hotspots that require further investigation. This “beyond goal zero” approach is an emerging frontier in safety culture research.

Importantly, safety perception surveys are typically deployed during normal operations rather than as part of accident or incident investigations. This makes them uniquely adept at capturing everyday cultural perceptions and safety threats in advance of adverse events. Perhaps such anonymity would have illuminated some of the deep underlying cultural currents plaguing NASA, such as a “go-mentality” and a fear of speaking up and voicing concern during operational decisions. While mechanical failures are bound to plague even the best organizations, it is how teams in those organizations create opportunities to break accident chains that is the real measure of safety and reliability.