Case Study: Ghost In Machine, Unwanted Touchscreen Activation
Staff on an up-bound tanker in a river waterway decided to anchor the vessel just below the lock to wait for traffic ahead to clear. While it was anchoring the vessel lost propulsion.
The Master immediately contacted the engine room crew, who requested that propulsion control be transferred to the engine room. This would allow them to attempt to restart the engine.
As the engine room crew were working to restart the main engine, the port bow anchor was remotely released from the bridge.
Despite these efforts, the vessel grounded. Although the main engine was soon restarted and propulsion control was transferred back to the bridge, attempts to free the vessel under power were unsuccessful. Two days later the vessel was refloated with the assistance of two tugs and towed to a nearby dock. Subsequent underwater inspection showed there was no apparent damage to the vessel.
The investigation found that the main engine shutdown feature on the touchscreen integrated alarm monitoring and control system had inadvertently been activated. The touchscreen was mounted horizontally in the centre bridge console, close to other controls such as steering and propulsion. At the time of the loss of propulsion, four crew members were within 2m of the touchscreen.
Tests showed that the touchscreen was reactive to a variety of inputs – including the telephone cord situated next to it. When the main engine shutdown button was activated on the touchscreen, a generic and ambiguous system status message appeared on the screen. The message did not specify that the engine was about to shut down, nor did it indicate how the shutdown was activated or from where (bridge, engine room, emergency stop etc).
A plastic cover was placed over the touchscreen to prevent another inadvertent shutdown. After a thorough review, the equipment manufacturer disabled the main engine shutdown function on the touchscreen and the plastic cover was removed. In case of an emergency, the main engine can still be shut down from the bridge via the traditional shutdown button.
In order to use shipboard equipment effectively, crews must know how to operate that equipment during routine and emergency situations. In this case, given that the screen controlled the vessel’s integrated alarm monitoring and control system, it was especially important for crew members to familiarise themselves with the sensitivity level of the screen and the lack of any confirmation message after any action was taken using it.