Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patriot Missile Failure

Published byMae Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "Patriot Missile Failure"— Presentation transcript:

1 Patriot Missile Failure
1991: The American Patriot Missile Battery in Dhahran

2 Dhahran, Saudi Arabia The air base in Dhahran, Saudi Arabia, is the largest in the country. It was established by the US military in Later it was re-established as a Saudi air base, but during the Persian Gulf War, the base was used by UN coalition forces and was a target of Iraqi Scud missiles. Note the strategic location of Dhahran. The Scud missiles were largely ineffective, because they were inaccurate at the long ranges necessary to reach their targets. In fact, as I’m sure some of us remember, a popular joke at the time claimed the word Scud was an acronym standing for “Sure Could Use Directions”.

3 The Patriot Missile Phased Array TRacking Intercept Of Target
Unproven in 1991 Results after Gulf War: controversial The Patriot Missile system is a defense technology. Patriot stands for Phased Array Tracking Intercept of Target. It was originally designed to be a mobile defense against enemy aircraft, and that’s an important factor in what went wrong later. Prior to the Gulf War, defensive missiles hadn’t been used to intercept other missiles. The results were controversial; at the beginning of the War, the US military claimed an accuracy rate of 80%, but that figure was pretty hard to verify. Patriots are designed to explode just before encountering an incoming object, fanning out to intercept as much area as possible. Iraqi changes to Soviet Scud technology also made the missiles more prone to breaking up on atmospheric re-entry. Analyzing the resulting chunks falling into the ocean was a problem, and it’s also difficult to estimate how well your defense is working when the enemy’s weapons are so unreliable. Estimates after the war were revised to be much lower, but the figures are still an unknown. We do know that recent advances in Patriot technology have made it more accurate, but we also know of at least one clearly documented incident during the Gulf War where the Patriot Missile failed.

4 February 25, 1991 An Army barracks was struck by a Scud in Dhahran
8:40pm (12:40pm EST) An Army barracks was struck by a Scud in Dhahran 28 American soldiers were killed 97 people injured in the strike The Alpha Patriot Battery did not track and intercept the Scud

5 What Happened? The system was unable to identify the Scud
The range gate was inaccurate What happened: The range gate of the system was inaccurate, which prevented the Patriot from identifying the incoming object. Now that bears a little explanation. The Patriot is designed to identify only certain airborne objects. Basically, it scans the air with radar. When it detects any object in the air, it compares the object’s speed and trajectory to known behaviors. The Patriot determines a range gate for the object, which you can see illustrated in the drawing here. It’s a moving address in the air where the object is expected to be. If the object continues in the expected range gate for a Scud, the Patriot is activated.

6 The Design Flaw Old software
Time stored in 1/10 of a second, in integer format 0.110 = …2 24 bit registers Operation outside the range of expected use: 100 hours vs 14 hours The weapons control computer was based on a design from the 1970’s. Passage of time was stored in the computer in tenths of a second, which steadily increment from bootup to shutdown in integer format. So if twenty seconds had passed from the time the control unit was rebooted, you’d have a time of 200 units. To get the number of actual seconds, that 200 would be multiplied by 1/10, which gives you back 20 again. Unfortunately, in binary, 1/10 is a non-terminating decimal. To convert the time, 24 bit registers were used, limiting its accuracy. So this *points* number would stop after 24 bits. The result of this time calculation was used, with velocity, to determine the range gate. Now, this isn’t a problem with the Patriot as it had been used up to this point! The Patriot was intended to be moved around, quickly set up to intercept aircraft, and then shutdown and moved again and then rebooted. The average operating time for a Patriot missile system was originally intended to be for 14 hours max. But the control computer at Dhahran had been continuously operating for over 100 hours. If you multiply the expected error after chopping down that decimal times 100 hours, or 360,000 seconds, you’ve got an error of around a third of a second. A Scud would be well out of the expected range gate in that amount of time.

7 How We Almost Avoided It
Data recorders: the US did not use them, but Israel did February 11, 1991: Israeli forces reported the Patriot errors back to US Patriots were used widely in Israel as well as in Saudi Arabia. Now, one of the major problems in testing the Patriot system is that it wasn’t designed to store its own performance data. You can use an external data recorder to do this, but members of the US military often did not use them. There was some fear that the external recorder could cause a system shutdown. Israeli forces, however, made much more use of these recorders, and as a result, they caught the error, and reported it back to us. It was clear from their data that an operation range of 20 hours or more is enough to cause the radar to miss the Scud. We took the Israeli report into account, and sent out a memo on February 21st recommending that bases not operate their Patriot batteries for long periods of time. They didn’t specify how long was long. Software updates were also released to correct the problem, but the fact is, officials assumed that the experience in Israel wouldn’t be typical. They didn’t think anybody was running their control computer for longer than 14 hours at a time. The software update arrived in Dhahran on February 26th, one day after the strike.

8 Lessons Learned When you adapt an older software system to a new use, make sure you also analyze the likely behavior of the users. Take the results of testing seriously! If user A could find the error, user B can too. You can’t be too accurate when lives are at stake. Military software must be robust. Don’t rely on assumptions; if it’s a usage standard, include it in the operating instructions. Protect against error, not against error discovery. When you adapt an older software system to a new use, make sure you also analyze the likely behavior of the users. So much of what happened could have been avoided if it had been anticipated that the Patriot Missile Batteries were going to be stuck in one place for long periods of time, running continuously. Take the results of testing seriously! If user A could find the error, user B can too. That’s what testing is for. You can’t be too accurate when lives are at stake. Military software must be robust. If there hadn’t been a problem with the data recorders, they would have been more widely used, and the error reports would have been flooding in from everywhere. Don’t rely on assumptions; if it’s a usage standard, include it in the operating instructions. “Run the computer for 14 hours maximum,” is a five word sentence, and almost impossible to misinterpret. But that leads to the next lesson: Protect against error, not against error discovery. An instruction that gives a max operating time in effect admits that errors occur outside of that range. In many projects, admission of something as simple as “this device has operating limits” is unacceptable to your superiors, so designers just hope that users won’t exceed the limits, without warning the user.

9 References http://en.wikipedia.org/wiki/Gulf_War

Download ppt "Patriot Missile Failure"

Similar presentations

CML CML CS 230: Computer Organization and Assembly Language Aviral Shrivastava Department of Computer Science and Engineering School of Computing and Informatics.

CML CML CS 230: Computer Organization and Assembly Language Aviral Shrivastava Department of Computer Science and Engineering School of Computing and Informatics.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan
The Persian Gulf War Operation DESERT STORM. 2 Overview  Background to the Conflict Iraqi threats  The Plan of Attack Concept of Operations Five Strategic.

The Persian Gulf War Operation DESERT STORM. 2 Overview  Background to the Conflict Iraqi threats  The Plan of Attack Concept of Operations Five Strategic.
By Cody Brown.  What started the conflict  A little History  Why we got involved  Why we got involved cont.  How we helped  Major events  Casualty.

By Cody Brown.  What started the conflict  A little History  Why we got involved  Why we got involved cont.  How we helped  Major events  Casualty.
Chapter 7 - Software Development1 Chapter 7 Software Development A Textbook aimed at protecting consumers Software Quality Links Ian Foster and Grid Computing.

Chapter 7 - Software Development1 Chapter 7 Software Development A Textbook aimed at protecting consumers Software Quality Links Ian Foster and Grid Computing.
Patriot Missiles Michael Beattie. Overview  Sophisticated guided missile  Designed to detect, target, and hit an incoming missile  Depends on ground-based.

Patriot Missiles Michael Beattie. Overview  Sophisticated guided missile  Designed to detect, target, and hit an incoming missile  Depends on ground-based.
Create your futurewww.utdallas.edu Office of Communications create your futurewww.utdallas.edu Patriot Missile Failure Benji Boban SYSM 6309: Advanced.

Create your futurewww.utdallas.edu Office of Communications create your futurewww.utdallas.edu Patriot Missile Failure Benji Boban SYSM 6309: Advanced.
The Unintended Consequences of a career in Engineering Or How to end up a mass murderer without even trying.

The Unintended Consequences of a career in Engineering Or How to end up a mass murderer without even trying.
CSC 4250 Computer Architectures September 12, 2006 Appendix H. Computer Arithmetic.

CSC 4250 Computer Architectures September 12, 2006 Appendix H. Computer Arithmetic.
WHY THEY FAILED AND LESSONS TO BE DRAWN Samuel Franklin G53QAT: Quality Assurance and Testing Famous Software Failures.

WHY THEY FAILED AND LESSONS TO BE DRAWN Samuel Franklin G53QAT: Quality Assurance and Testing Famous Software Failures.
Software Safety Basics

Software Safety Basics
Software Engineering Disasters

Software Engineering Disasters
What is Rounding Error? AiS Challenge STI 2003 Richard Allen.

What is Rounding Error? AiS Challenge STI 2003 Richard Allen.
Testing & Debugging CSC 171 FALL 2004 LECTURE 13.

Testing & Debugging CSC 171 FALL 2004 LECTURE 13.
Steps in Program Development Introduction to VBA.

Steps in Program Development Introduction to VBA.
Chapter 8 Representing Information Digitally.

Chapter 8 Representing Information Digitally.
BELLWORK How did Saddam justify his invasion of Kuwait?

BELLWORK How did Saddam justify his invasion of Kuwait?
1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.

1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.
Amanda Alvarado, Sabrina Nunez, Cortney Mitchell, and Jonah Rodriguez The Gulf War.

Amanda Alvarado, Sabrina Nunez, Cortney Mitchell, and Jonah Rodriguez The Gulf War.
Name: Alyssa Spangler Gulf War. Who was the war with? The Gulf War was with U.S., Britain, France, Saudi Arabia, Egypt, Syria, Italy VS. Iraq.

Name: Alyssa Spangler Gulf War. Who was the war with? The Gulf War was with U.S., Britain, France, Saudi Arabia, Egypt, Syria, Italy VS. Iraq.

Similar presentations

Ads by Google