The Unintended Consequences of a career in Engineering Or How to end up a mass murderer without even trying What am I here to talk about? The PATRIOT System, and my part in it Stands for Phased Array Tracking, Radio Intercept Of Target Designed and built at Raytheon, right here in Massachusetts First built as an anti-aircraft missile system Modified to function as an Anti-Ballistic Missile system Deployed during the First Gulf War in Saudi Arabia, Kuwait, and Israel Here's what it looks like How PATRIOT was used Initial interceptions of Scud missiles were very successful, but they used 4 PATRIOT missiles per Scud – just to make sure This was a problem: Iraq had hundreds of Scud missiles, more than all the PATRIOT missiles ready to use. So, to make interceptions more economical, modifications were made to have the PATRIOT disable the Scuds, rather than destroy them Every effort was made to find and destroy the mobile launchers, without which the Scuds were useless PATRIOT batteries were permanently placed around sensitive areas, manned and running 24/7, in case of missile attack How effective was it? In the initial trials, extremely In 'economy' mode, somewhat less effective The strikes by the PATRIOT missiles were skewed towards the front of the Scud The idea was to disable / detonate the warhead Worked as planned, mostly, but that left 2 tons of rocket still falling on the target It helped that the Scuds could not be aimed well When deployed to Israel, the 'economy' mode was less helpful as Israel is a densely populated area. The worst failure occurred Feb 25, 1991 So what happened? February 26, 1991 WAR IN THE GULF: Scud Attack; Scud Missile Hits a U.S. Barracks, Killing 27 By R. W. APPLE Jr., Special to The New York Times In the most devastating Iraqi stroke of the Persian Gulf war, an Iraqi missile demolished a barracks housing more than 100 American troops on Monday night, killing 27 and wounding 98, the American military command in Riyadh said early today. Some of those who lived there were women, but a military spokesman said he did not know whether any women were killed or wounded. A pool report said the barracks housed the 475th Quartermaster Group, an Army Reserve unit based in Farrell, Pa., a small town near the Ohio state line. A television correspondent said he had seen a Patriot defensive missile intercept the Soviet-built Scud, a missile that has been fired again and again into Saudi Arabia or Israel during the war, often on erratic courses. Monday night's attack was the first of the Iraqi surface-to-surface missiles to take a sizable number of lives. Greg Siegle, a freelance writer, said he saw "a gigantic explosion" 100 feet off the ground, then another as bits of glowing metal fell to the ground and set fire to the barracks, which is situated in Al Khobar, a city a few miles from Dhahran and its big air base. He said the building caught fire at once. Within an hour, it was a charred skeleton. The American command disputed the accounts of the witnesses. It did not say whether a Patriot missile had been fired, but said the Scud had broken up in flight, as have several others launched in the last few weeks. Baghdad radio, hailing the attack, said the missile struck "the coward traitors who mortgage the sacred places of the nation and turn Arab youth into shields of flesh." Many of the occupants of the barracks, a corrugated-metal warehouse that had been converted into temporary housing for British and American troops, were eating dinner or relaxing when the missile hit. Others were apparently working out or sleeping, and many survivors wandered around, in sweatsuits or gym shorts, stunned, during the rescue efforts. A military policeman said that most of those in the building were Americans from Army transportation and quartermaster units. Not all of the names of the units were immediately available. In Pennsylvania, an operator taking calls at the Farrell Police Department last night said that members of the 475th Quartermaster Group came from Farrell and many other towns along the Ohio-Pennsylvania border. The operator said she had seen several families gathered outside the group's headquarters at the United States Army Reserve Center on her way to work. Chaos engulfed the scene moments after the burning debris fell into the converted warehouse. Saudis in the neighborhood followed it down from the sky and quickly ran to the scene, complicating rescue efforts. Mr. Siegle said it took at least 20 minutes for the first fire engines to arrive. GAO United States General Accounting Office Washington, D.C. 20548 GAO's Account Information Management and Technology Division B-247094 February 4, 1992 The Honorable Howard Wolpe Chairman, Subcommittee on Investigations and Oversight Committee on Science, Space, and Technology House of Representatives Dear Mr. Chairman: On February 25, 1991, a Patriot missile defense system operating at Dhahran, Saudi Arabia, during Operation Desert Storm failed to track and intercept an incoming Scud. This Scud subsequently hit an Army barracks, killing 28 Americans. This report responds to your request that we review the facts associated with this incident and determine if a computer software problem was involved. If so, you asked that we provide information on what the specific software problem was, and what has been done to correct it. Appendix I details our objectives, scope, and methodology. Results in Brief The Patriot battery at Dhahran failed to track and intercept the Scud missile because of a software problem in the system's weapons control computer. This problem led to an inaccurate tracking calculation that became worse the longer the system operated. At the time of the incident, the battery had been operating continuously for over 100 hours. By then, the inaccuracy was serious enough to cause the system to look in the wrong place for the incoming Scud. The Patriot had never before been used to defend against Scud missiles nor was it expected to operate continuously for long periods of time. Two weeks before the incident, Army officials received Israeli data indicating some loss in accuracy after the system had been running for 8 consecutive hours. Consequently, Army officials modified the software to improve the system's accuracy. However, the modified software did not reach Dhahran until February 26, 1991--the day after the Scud incident. So what went wrong that day? A software error in the Engagement Control System caused the PATRIOT guarding the area to lose track Without a good target track, the PATRIOT missiles cannot engage So it never fired at the Scud Normal operation The range gate error What happened that day A Perfect Storm of circumstances The PATRIOT system's software had a flaw Our Army never found the flaw due to how they used the system Used as a point defense system against the Soviet Union mostly Moved around constantly for security reasons Pretty reliable, but if down, it took a long time to repair I had just finished the TMU project at Raytheon, and the upgraded units were in the field. The Storm continues The PATRIOT systems were being used in fixed positions, run 24 hours a day With the TMU improvements I made, the system was both more reliable (it could spot trouble sooner) and much quicker to repair The Israel Army found the flaw in PATRIOT when running for as little as 8 hours They alerted our Army, which issued a vague warning that didn't prompt anyone to action The Storm breaks The Iraqi launched a Scud missile at Dhahran, in Saudi Arabia The Scud functions perfectly The PATRIOT battery guarding the city was running too long, and the flaw prevented the missile from being tracked. The automatic systems never fired There was no time for the operators to do anything The Scud hit the barracks, killing and wounding 125 people And yet it could have been prevented The Army worked on a fix to the flaw for 2 weeks after it was found Distributed patches for the software to all PATRIOT units in the theater The patches arrived on Feb 26th One day after the barracks was destroyed. Nothing like that can happen to me, right? • • • No matter what we're working on, there is almost always some potential for disaster, especially with software and hardware for the military (also CIA, NSA, etc.), transportation, and medicine (and many others). Sometimes it's not even doing your job wrong, but doing it right. How will YOU handle it?