Failure Modes

Sudden impulses and excessive strain can both trigger catastrophic failure. In either case, some component of the system will start to fail before everything else does. In Inviting Disaster [Chi01], James R. Chiles refers to these as “cracks in the system.” He draws an analogy between a complex system on the verge of failure and a steel plate with a microscopic crack in the metal. Under stress, that crack can begin to propagate faster and faster. Eventually, the crack propagates faster than the speed of sound and the metal breaks explosively. The original trigger and the way the crack spreads to the rest of the system, together with the result of the damage, are collectively called a failure mode.

No matter what, your system will have a variety of failure modes. Denying the inevitability of failures robs you of your power to control and contain them. Once you accept that failures will happen, you have the ability to design your system’s reaction to specific failures. Just as auto engineers create crumple zones—areas designed to protect passengers by failing first—you can create safe failure modes that contain the damage and protect the rest of the system. This sort of self-protection determines the whole system’s resilience.

Chiles calls these protections “crackstoppers.” Like building crumple zones to absorb impacts and keep car passengers safe, you can decide what features of the system are indispensable and build in failure modes that keep cracks away from those features. If you do not design your failure modes, then you’ll get whatever unpredictable—and usually dangerous—ones happen to emerge.