Space shuttle Challenger explosion

Hard lessons

Technology historian E&T examines the causes of ten of history's worst engineering disasters and the lessons that could be learnt from them.

The following ten engineering disasters - stretching from the sinking of the Swedish ship Vasa in the 17th century to the explosion of the Chernobyl nuclear reactor at the end of the 20th century - illustrate what lessons are learnt when things go wrong.

There will always be failures or disasters as engineers and designers push the boundaries by building taller buildings, longer bridges, or by reaching further into space.

Each time there is a failure or disaster, changes are made and regulations introduced only to be outstripped by further developments.

The Space Shuttle Challenger

On 28 January 1986, space shuttle Challenger broke apart 73 seconds after launch, killing its seven crew members. The subsequent Rogers Commission found that the immediate cause of the accident was the failure of both primary and secondary O-rings on the right solid rocket booster, allowing hot gas and flame to escape, which then came into contact with the booster attachment and external tank, resulting in structural failure.

The problems with the O-rings had been known about for nine years but had been ignored, partly because safety was deemed ensured with the presence of the second ring. However, as was later made clear, the second ring was there for unforeseen failure, not a failure that had been considered. Engineers' warnings that low temperatures would exacerbate the problem were also ignored by NASA managers because of pressure to keep to the launch timetable.

Now widely used as a case study for trainee engineers, this disaster taught us many lessons: that the advice of engineers should be considered carefully by management; that the ethics of whistle-blowing and group decision-making should be introduced. Afterwards, there was a total redesign of the solid rocket boosters, in which three O-rings were incorporated, watched over by an independent oversight group as stipulated by the commission.

In summing up the disaster, Richard Feynman, a member of the Rogers Commission, made a telling point to the effect that "for a successful technology, reality must take precedence over public relations, for nature cannot be fooled".

Tacoma Narrows Bridge

The Tacoma Narrows road bridge over Puget Sound in the USA was opened on 1 July 1940. From the start, its twisting and swaying motion in high winds quickly earned it the nickname 'Galloping Gertie'. However, in November 1940 a 40mph wind broke Gertie up, and she collapsed, though with no fatalities.

This has grown to be considered an instance of aesthetics winning out over stability and durability. The bridge was a culmination of a trend in design that had been developing from the start of the 20th century, shaped like an aircraft wing and with similar properties. This gave it an unfortunate predisposition to lift in the wind.

The disaster led to a realisation that aerodynamic forces in bridge construction were not fully understood. New studies were undertaken that addressed these problems, and wind tunnels started to be used to test designs.

The Vasa 

Astonishingly, the instability of the Vasa, built for King Gustavus Adolphus of Sweden, was known even before her maiden voyage in 1628. At 1,200t, she was one of the largest and most ostentatious warships of her time, powerfully armed and decorated with hundreds of painted sculptures. But the king's constant interference during construction compromised the design from the start.

A test involving 30 men running back and forth across the deck was stopped after three tries, it being obvious the ship would capsize. The king was not told and no one resisted his repeated entreaties to put the ship to sea. However, if it is still difficult today to be a whistleblower, one can infer that the pressures to keep quiet in the age of absolute monarchs were even greater. The foundering of the Vasa, after it encountered a moderate breeze and water entered the lower gun ports, was inevitable.

Given that the ship's demise took place in full sight of a clutch of foreign ambassadors, the lessons from this disaster will have been taken and implemented widely. Later ships, including those of the British Royal Navy, carried their heavy guns on the lower decks with lighter ones on the top deck, the topside of the ship being curved inwards to bring the weight of the cannon nearer to the centre line of the vessel.

The Herald of Free Enterprise

While open gun ports may well have contributed to the sinking of the Vasa, there is absolutely no doubt that, nearly 350 years later, failure to shut the bow doors caused the sinking of the channel ferry The Herald of Free Enterprise, when it left the Belgian port of Zeebrugge bound for the English port of Dover on an evening in March 1987.

The 'roll-on roll-off' ferry, owned by Townsend Thoresen, was designed for rapid throughput of vehicles, with access via doors at the bow or stern. To enable loading at Zeebrugge, it was necessary to lower the bow by filling the forward ballast tanks. On 6 March 1987, with loading completed, the last crew member departed the car deck with the bow doors still open, assuming that the man whose job it was to close them would arrive. He did not; he was asleep. The captain on the bridge had no means of knowing the status of the doors and so sailed with the bow still down as the ballast tanks had not completely emptied. As the ship gathered speed, water entered the car deck and - with no subdividing bulkheads - flowed freely, destroying stability. The ship listed 30° to port, righted itself, listed to port again and capsized in shallow water after a fortuitous turn to starboard at the last moment. A total of 193 passengers and crew died.

The subsequent enquiry found that, "From top to bottom, the body corporate was infected with the disease of sloppiness". Repeated requests for door indicator lights had been ignored. These were installed on the other boats immediately. Many other lessons were learnt concerning draught gauges, freight weights, emergency lighting, life jackets and means of escape. The accident also caused naval architects to look at the 'free water' effect, considering freeing flaps to allow the escape of water from the car deck in the event of flooding and the use of dividing bulkheads.

The de Havilland Comets

The first of its type, the de Havilland Comet, which first flew in July 1949, came into service with BOAC (British Overseas Air Corporation) in May 1952 after the most exhaustive testing. It was the world's first pressurised commercial jet airliner. Being quieter, smoother and faster than propeller-driven aircraft, in some cases cutting journey times by half, it became very popular.

Two early accidents were attributed to pilot error, while one of May 1953 in India was due to structural failure. By 1954, the aircraft had flown 25,000 hours representing about 10 million miles.

When a Comet broke up soon after leaving Rome Airport in January 1954, with the death of all 35 on board, the fleet was grounded and a committee under the chairmanship of a Mr C Abell was convened. Though structural problems were considered, it was decided fire was the probable cause. With another crash a month later, also after leaving Rome, the Comet fleet was again grounded and a full-scale investigation was started by the Royal Aircraft Establishment (RAE). An identical air frame was subjected to repeated re-pressurisation and over-pressurisation until it failed, the failure starting near the corner of one of the windows. With the subsequent discovery of some wreckage containing two windows confirming this, the RAE report attributed the accident to "the structural failure of the pressure cabin due to fatigue".

Many lessons were learnt with regard to the design, safe life and testing of pressure cabins. It was realised that greater use should be made of the facilities at the RAE and that there should be some changes in the system of inspection. All Comets were subsequently withdrawn from commercial service.

A Comet 4 was designed and built but did not enter service until 1958 by which time Boeing and Douglas, learning from the Comet disasters, had built safer and cheaper aircraft. It was understood that, had these companies been first in the field, they would inevitably have had the same problems as de Havilland.

The Titanic

If sculptures on the deck were not considered on the Titanic, as they had been on the Vasa (see [3]), safety took second place to aesthetics in at least one area. The design had originally included two rows of lifeboats on the deck but one row was removed, allowing more space and a better view for passengers with first-class berths. This was not against the Board of Trade regulations which covered only ships up to 13,000t and not the 46,000t Titanic.

The sinking of the Titanic is history's best known sea disaster, written and speculated about endlessly in books, feature films and documentaries. The upshot of this research means that it now seems likely the iceberg buckled the plates and popped out substandard rivets along a length of the hull, allowing water into at least five of the watertight compartments. As the boat went down by the head, water flowed over the transverse bulkheads, which were barely above the waterline, into other compartments. It has been said that the height of the bulkheads was reduced to avoid spoiling the first-class public rooms.

In the aftermath of the disaster, the height of transverse bulkheads was increased and double hulls reaching further up the sides of ships became common. There were new regulations regarding safety, increasing the number of lifeboats and allowing easy access to them for all passengers. There were also changes regarding the use of radio at sea.

The Tay Bridge

By the time Thomas Bouch came to construct the Tay Railway Bridge in Scotland, he had a record for finishing projects on time using economical designs; one of his contractors described his bigger bridges as "muscle without flesh". The Tay Bridge was completed in February 1878 to become the longest in the world at 3,264m, with 85 spans, 13 of which formed the central navigation spans. As a train crossed the bridge during a violent storm on 28 December 1897, these central spans failed and the bridge collapsed into the Tay. Along with the lives of 75 passengers and crew, Bouch's reputation was lost, and the disaster is believed to have led to his death the following year.

The bridge itself was a mishmash of designs with changes made during construction. The subsequent enquiry found it was "badly designed, badly built, and badly maintained". But the immediate causes of the collapse were written about as recently as 1995. It now seems certain that a strong gust of wind caught the bridge and the train causing the bolts in the base plates, which anchored the bridge to the piers, to fail, allowing the column bases to lift off. This put pressure on the diagonal bracing members which then collapsed. Bouche had, without doubt, made an inadequate allowance for wind loading using 10lbsf/sq ft (1 lbsf/sq ft = 0.048 kN sq m). The advice that this wind loading was adequate had been given by, among others, Sir George Airy, the Astronomer Royal. True, the science of wind effects was still in its infancy, yet engineers in France and America had been using 50 lbsf/ sq ft. Strangely, this fact was not known or applied in Britain.

In summary, the importance of research into the effects of wind on structures was recognised, as was the need for quality control during construction and for engineers to resist undue pressure to keep costs down.

St Francis Dam

William Mulholland, like the Tay Bridge's Thomas Bouch, had a reputation for economical design and for finishing his projects on time and within budget. The similarities with the Tay Bridge go even further. Mulholland changed the design of the dam during construction increasing its height by some six metres, without any corresponding increase in the width of the base. But, like Bouch, he was an innovator, and in 1913 completed what was the longest aqueduct in the world, 380km, from Owens Valley to Los Angeles, California.

Again, as with the Tay Bridge, the faults were apparent soon after construction was completed in 1926 but were ignored. On 12 March 1928, the dam failed with the resulting flood wave causing around 600 deaths. Mulholland accepted sole responsibility for the disaster though he was not blamed at the time and, like Bouche, worked no more.

It seems that the real cause was the reactivation of a paleomegalandslide, probably undetectable at the time, on which the western side of the dam was built, together with the increase in height. Another reason was the fact that one man was responsible for the construction (again as with Bouch), with no oversight or advice sought or given. As a result, it was felt that never again should similar projects be left to the sole judgement of one man and control by the state engineers was introduced. In 1929, California enacted professional registration for engineers (Mulholland was self-taught), and the importance of the study of the geology in site selection was emphasized.

Ronan Point

Early in the morning of 16 May 1968, Ivy Hodge in her flat in the Ronan Point tower block in east London lit a match for her gas stove. The resulting explosion due to a gas leak blew out the supporting walls and led to the collapse of the four floors above. The weight on the floors below led to the progressive collapse of the whole corner of the building. Four people died.

The 22-storey block of flats was built using the Larsen-Nielsen large panel system, which involved the assembly of factory-built pre-cast components. This method was fast and cheap at a time when there was a great need for new housing. It required less labour and skill which was scarce at a time of full employment but was not recommended for buildings higher than six storeys.

The gas leak was caused by a faulty joint, while the collapse was the consequence of shoddy building work and the absence of structural redundancy, meaning there were no alternative methods of support once the corner walls fell away.

This disaster brought about wide changes to the out-of-date building codes. It was decided there was a need to allow for the possibility of internal explosions and progressive collapse. The requirement for structural redundancy was acknowledged. Subsequently, these changes were introduced in the US, Canada and western Europe. The importance of quality control in building construction was also re-emphasised.


There is good reason to describe the explosion at Chernobyl nuclear power plant in the Ukraine on 26 April 1986 as the most catastrophic engineering disaster in history, as the consequent release of radioactivity led to the enforced and lasting evacuation of the surrounding area. A highly radioactive plume drifted over large areas of Europe as well as eastern north America, affecting millions of people.

The causes of the disaster have been analysed extensively. The reactor at Chenobyl, the RBMK (High Power Channel Type Reactor) was - and is - flawed in a number of ways, some of which cannot be rectified. As Hans Meyer of the International Atomic Energy Agency said in 1996, "the great danger of the RBMK reactors is that they can catch fire in a way other reactors cannot". On top of this, there were administrative failings at the plant. The immediate cause was the conducting of a test, which had been postponed and then restarted with the result that many operatives were exhausted. Also, with a change of shift, some of those who arrived for work either did not know what was happening or were inexperienced.

Greenpeace concludes that there has been a failure to learn lessons with regard to the continued operation of dangerous reactors. However, in other areas lessons have been learnt. Countries reorganised their emergency responses to such accidents, a stimulus was provided to get international agreements on food contamination. The awareness of radiation effects and their treatment was increased dramatically.

Ten reasons for ten disasters

  1. Conflict between designers, engineers and management: Vasa, Titanic, and Challenger;
  2. Flawed geological research: Tay Bridge and St Francis Dam;
  3. Flawed design or use of flawed materials or components: Tay Bridge, Titanic, Challenger and Chernobyl;
  4. Modification of design during construction: Tay Bridge and St Francis Dam;
  5. Ignoring known problems: Vasa, Tay Bridge, St Francis Dam, Challenger and Herald of Free Enterprise;
  6. Poor construction: Tay Bridge, St Francis Dam and Ronan Point;
  7. Lack of quality control and oversight or use of poorly skilled labour: Tay Bridge, St Francis Dam and Ronan Point;
  8. Impatience to get the project finished or launched: Tay Bridge, Vasa and Challenger;
  9. Being first in the field or the biggest at the time: Tay Bridge, Titanic, Comet & Challenger;
  10. Aesthetics more important than strength, durability or safety: Vasa, Titanic and Tacoma Bridge.

What causes disasters?

Dr Scott Steedman of the Royal Academy of Engineering sees one of the main causes of engineering disasters in what could be called the overdevelopment of original designs. "The boundaries are pushed too far. Concepts or designs are stretched making those that have been successful lighter, slimmer, longer or taller, so that sooner or later a mechanism comes into play which had not been anticipated originally. This was true in the case of the Tay Bridge and the Tacoma Narrows Bridge disasters.

"With very sophisticated computer programs you have something that looks exactly like the structure you are trying to build. It looks very whizz-bang, multi-coloured and fantastic but deep inside that computer model is an algorithm which will say how material is going to behave under certain conditions of stress and strain." However, without understanding how the algorithm has been constructed, "you may use the software and believe it, stretching your computer model into an area it should not go."

Steedman also sees a potential problem with teamwork - as with Challenger where information was not being passed on "through the chain of command to someone who realises the significance of the problem and can deal with it". He sees a further difficulty with teams where members are "all tackling the problem in their own way [so] it is not a coherent thing."

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them