In an incident involving human error, an electrician at Indira Gandhi International (IGI) airport, New Delhi switched off a miniature circuit breaker (MCB) while fixing an electrical fitting. This MCB as it is reported, is on the line supplying power to air traffic controller (ATC) radar screens and screens went blank. The standby power (may be diesel generator) came into line in a few seconds and rebooting of all consoles and restoration took about 45 minutes.
Meanwhile, the air traffic controllers having tough time, guided the planes for safe landing with their experience. All departures were put on hold in between. As it is during such emergency times, Murphy's law showed its application once again. But the experienced personnel guided even a plane or two, low on fuel to land safely without panic.
From various reports in the internet about the incident, there seems to be failure of, or no uninterrupted power supply (UPS) / inverter backup directly connected to ATC radar system, as the screens went blank. That it took sometime for standby power to come into line, indicates that this is a diesel generator (DG) set power supply. This takes about 30 seconds as we experience in apartment complexes or cinema halls. Generally, people use UPS even for domestic computers, because of fear of losing data. Also, because of power cuts, people use inverter widely at home and business houses. For critical systems, normal power supply should be through inverter/UPS so that any failure of power supply on upstream side will not affect the operations. Now-a-days, solar powered inverters are also available in the market. This should be in addition to the other backups for use. MCB/any other switch should be located on upstream side of these UPS/inverter, rather than on the downstream end so that mistakes like these will not happen. May be the authorities were confident of their backup systems.
Generally, risk assessment is same for aviation and nuclear industries. The risk assessment should be reviewed and measures should be taken to reduce risk levels. It is horrible to think of so many planes in the air without guidance for landing.
To avoid such mistakes as in this case, there is a need for safety work permit system as practiced in all industrial facilities, for carrying out any job having impact on human lives, property and or environment. Also, that this important MCB could be switched off by mistake indicates that critical safety systems are not protected or its importance is not recognized. Authorities have to review entire safety practices, identify critical systems having impact on persons/property/environment and prepare documented procedure for implementation. Suitable caution boards/warning signs/names and contact numbers of authorities to be contacted in case of need should be displayed near these critical items. A nodal authority (safety officer) should be identified for entire ATC under whom, permission/approval should be given for various works so that there will not be any lapse. If more than an authority is identified, there may be a situation that one will not know about permission/approval given by the other. Also, lockout/tagout (LOTO) system, if feasible needs to be put in place.
Apart from power failure like above, it is possible that due to hardware or software glitch or even entry of insects/lizards, the screens can go blank or computer system can hang and for such a situation also, one has to plan for diverse redundant systems to avoid surprise/panic. Whenever, there is no communication between computers or computer and signal receiving/emitting towers or no change in data for a specified time (may be a second or milli second or some other duration depending upon the criticality), audio-visual alarms should be incorporated to alert the concerned personnel for immediate action.
