From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.5-pre1 (2020-06-20) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.5-pre1 Date: 20 Apr 92 14:30:35 GMT From: weh@sei.cmu.edu (Bill Hefley) Subject: Re: Patriot Missile Software Problem Message-ID: <43886@as0c.sei.cmu.edu> List-Id: In article <9204172209.AA05774@ajpo.sei.cmu.edu> SAHARBAUGH@ROO.FIT.EDU writes: >You may find this report interesting and thought provoking: > >GAO/IMTEC-92-26 Patriot Missile Software Problems, >16 pages, available from >US General Accounting Office >PO Box 6015 >Gaithersburg, MD 20877 >or call (202) 275-6241 >1st copy free, additional $2 each > I don't want to quibble with Sam, as he not only points out the software deficiency, but also questions how else this problem might have been encountered and whether it could have been influenced by language and hardware choices. Careful readers, trying to understand WHY this terrible incident happened, need to look beyond just the technological problems, though. Page 9 of this GAO has a section entitled "Patriot Project Office Response to Anomaly." This sectionpoints out that Army officials assumed Patriot users were not running their systems for more than 8 hours at a time. Direct quote: "On February 21, 1991, the Patriot Project Office sent a message to Patriot users stating that very long run times could cause a shift in the range gate, resulting in the target being offset. The message also said a software change was being sent that would improve the system's targeting. However, the message did not specify what constitutes very long run times. According to Army officials, they presumed that the users would not continuously run the [Patriot] batteries for such extended periods of time that the Patriot would fail to track targets. Therefore, they did not think that more detailed guidance was required." These problems are independent of any implementation language or hardware -- they have to do with understanding the operational environments of our systems, defining clearly and precisely what we mean (requirements), and communicating these to those who need to know (requirements specs). From this report, the Army program office knew of the difficulty of "very long run times," but it isn't clear that they understood the implication in the operational setting, nor forcefully communicated guidance to alleviate the problem.