HFSS 2.1

HFSS 2.1 A

What is safety?

To quote Hollnagel (2013), safety is freedom from unaffordable harm.  While a standard definition is that safety is freedom from unacceptable risk, when we deconstruct the phrase into its constituent words, risk equates to hazard, which is the potential for harm.  If we term something as unacceptable, then we must also define what is acceptable.  Acceptable risk is the residual when we have reduced it “as low as reasonably practicable (ALARP).”  And, when we consider why it is ALARP – namely that the expenditure to further reduce it is disproportionately expensive, what remains is freedom from unaffordable harm.

HFSS 2.1 B

Choose an accident or serious incident or event that interests you and that you can use throughout this course to explore different perceptions and conceptions of safety (as explained in the Welcome to… page). Briefly explain your interest and describe and explain the case as an uncontrolled release of energy, i.e., from the energy-barrier perspective 

The Why

On the morning of March 26, 2024, a tragedy occurred just three miles and 774 days from where I now sit. As a Baltimore-based ship captain and maritime instructor, my life and leisure revolve around the water. My wife and I share a deep love for the water and commercial shipping, often spending our free time observing the vessels in Baltimore harbor as we are out boating.

The Francis Scott Key Bridge was a fixture of our travels and photography; welcoming us home from trips on the Chesapeake Bay.  We have many pictures of it in both happier times (Picture 1) and its tragic aftermath (Picture 2). Given my years researching maritime safety and human factors, the investigation into the allision of the MV Dali with the bridge was of significant professional interest. This interest led us to spend my 57th birthday in Washington, D.C., observing the National Transportation Safety Board’s presentation and deliberation of their findings regarding the event.

But, I digress, as there was an incident.

The Incident

On March 26, 2024, MV Dali departed Dundalk Marine Terminal bound for Sri Lanka.  The 112,383 metric ton displacement^[1] vessel was assisted by two Maryland pilots and two tug boats.  The tug boats assisted the vessel from the berth before being released at 0108^[2].  Once Dali released her lines from the berth, she represented 112,383 metric tons of potential energy and, as she increased speed outbound, each additional knot represented an exponential increase in kinetic energy.

The Key Bridge, designed to 1969 standards (NTSBgov, 2025) and built in 1977, represented a great source of potential energy.  Having been placed at elevations up to 185 feet above the water, this 50,000 tons (NTSB, 2025b, p.55) of steel and concrete met its potential on that early morning of at 0129 (NTSB, 2025, p.47) as it went crashing into the Patapsco River, killing six highway workers and paralyzing marine traffic for months.  The trigger mechanism?  MV Dali, alliding with Pier 17, the southern pier that supported the central span of the continuous through-truss of the Key Bridge (NTSB, 2025b, p.23).  The initiating event or situation for the “trigger?” A loose wire, installed nine years previously when the ship was built (NTSB, 2025b, p.202).

The Theory     

The MV Dali accident serves as a case study of an uncontrolled release of energy within a complex socio-technical system. By applying the energy-barrier model, pioneered by William Haddon (1968) and expanded by Erik Hollnagel (2016) and Snorre Sklet (2006), the tragedy can be understood not as a single failure, but as a sequence of events where various barrier systems were either absent, poorly designed, or overwhelmed.  A basic premise of this model is that “systems accidents have their primary origins in fallible decisions made by designers and high-level … decision makers (Reason, 1990, p.203).”

Hollnagel (2016) defines barriers as being in the following categories:

1. Physical or Material Barriers – physically prevent an action from being carried out or an event from taking place.
2. Functional (active or dynamic) – works by impeding the action to be carried out, for instance by establishing an interlock, either logical or temporal.
3. Symbolic – require an act of interpretation in order to achieve their purpose, hence an ‘intelligent’ agent of some kind that can perceive and respond as intended.
4. Incorporeal – rules, guidelines, safety principles, restrictions and laws. 

Barrier functions may then be classified as preventive, controlling, or mitigating.  They may also be classified in several dimensions, and some main dimensions are; active versus passive, physical/technical versus human/operational, continuously functioning/on-line versus activated/off-line, and permanent versus temporary (Sklet, 2006, p.505).

Both Heinrich (1941) and Reason (1990) consider the initial design phase (Figure 1) an important consideration in accident causality.  The Key Bridge and its protective dolphins were built to the standards applicable at the time, yet not updated as new regulations came into place and incidents such as the Sunshine Skyway disaster (NTSB, 1981) and allision of MV Blue Nagoya with the Key Bridge in 1980 (NTSBgov, 2025).  It was noted after these incidents that, “Those passing under bridges today differ dramatically from those of 30 years ago, and very likely from those of 30 years in the future … it seems sensible to estimate the impact kinetic energy on some basis other than that of existing traffic patterns under the bridge (NRC, 1983, p.37).”

The Leading Indicator

            Concerns regarding the suitability of the pier protection for the Key Bridge were raised in 2006 (Hamons, 2006) by Capt. Joe Smith of the Maryland Pilots at a Harbor Safety Committee meeting.  Deblois (1926) states that safety committees “serve to give keymen an opportunity for direct participation in a general effort to prevent accidents.”  As an “incorporeal” barrier, the safety committee may have highlighted the differences between the barriers installed on the Key Bridge (Figure 2) and those installed on the rebuilt Sunshine Skyway Bridge (Figure 3).

Examples of the barriers present or lacking in this incident include:

Physical Barriers

• Pier Protection:Previously discussed – failed to adequately protect the bridge’s support structure. 
• Tug Escort: Although not required in this port, a tug escort may have been a mitigation when Dali’s propulsion failed.
• MDTA police: Were able to stop traffic on the bridge in minutes, likely reducing fatalities (NTSB, 2025b, p.169)

Functional Barriers

• Propulsion and Steering: Dali’s control systems allowed the vessel’s kinetic energy to be directed in a safe direction.  It was only after this barrier failed that the bridge was at risk.
• Engine Configuration (Cooling Water Pressure): Dali’s main engine was configured to shut down automatically upon the loss of cooling water pressure (NTSB, 2025b, p.199).  This barrier to main engine damage became a risk factor in the systemic view.

Symbolic Barriers

• Motorist Warning Systems: A hazard alert system to warn motorists or workers of safety issues was lacking. Flashing lights, traffic gates, or sirens activated by fiber-optic sensors could have prevented vehicles from entering dangerous areas (NTSB, 2025b, pp. 169-177).
• Instructional Labels and Warnings: The terminal block manufacturer (WAGO) could have provided clear warnings in their data sheets, explaining that improper wire-label banding can impede full insertion and lead to arcing (NTSB, 2025b, p.206).  Also considered “incorporeal.”
• MDTA police: Were on scene to provide “traffic calming” as a barrier to highway worker harm (NTSB, 2025b, p.26).

Incorporeal Barriers

• Bridge Vulnerability Assessments: Maryland Transportation Authority (MDTA) had not performed an updated vulnerability assessment as recommended.  This may have provided the information necessary to prioritize proactive upgrades to pier protection systems.
• Tug Escort Policies: While not required, a mandatory tug escort policy through/past vital infrastructure could have provided a reactive physical barrier.

The Conclusion

Barriers are an effective means against known risks, a way to prevent unwanted events from taking place and to protect against their consequences (Hollnagel, 2008, p.229).  The energy-barrier model is useful for safety design and engineering “based on the premise that linear, potentially dangerous sequences of events can be predicted analytically (Rosness et al., 2010, p.43).”  Conversely, the barrier model may not be as effective against complex situations.  With the necessary requisite imagination, however, the kinetic energy of a massive vessel such as MV Dali can be safely contained, ensuring that a technical malfunction on a ship does not escalate into a multi-billion dollar disaster.

References

Busch, C. (2022). Preventing industrial accidents: Reappraising H. W. Heinrich – more than triangles and dominoes. Routledge.

CRS (Congressional Research Service). (2024). Baltimore Bridge Collapse: Frequently Asked Questions (FAQ). https://www.congress.gov/crs-product/R48028

Deblois, L. (1926). Industrial Safety Organization for Executive and Engineer. New York.

Haddon, W., Jr. (1968). The changing approach to the epidemiology, prevention, and amelioration of trauma: the transition to approaches etiologically rather than descriptively based. American Journal of Public Health and the Nation’s Health, 58(8), 1431–1438. https://doi.org/10.2105/ajph.58.8.1431

Haddon, W., Jr. (1970). On the escape of tigers: an ecologic note. American Journal of Public Health and the Nation’s Health, 60(12), 2229–2234. https://doi.org/10.2105/ajph.60.12.2229-b

Hamons, F. (2006). Summary of the Port of Baltimore Harbor Safety and Coordination Committee Meeting. https://cocodoc.com/app/project/6ef4cf228110443ea6eeaea92d76b22d

Heinrich, H. W. (1941). Industrial Accident Prevention: A Scientific Approach. https://archive.org/details/dli.ernet.14601

Hollnagel, E. (2008). Risk + barriers = safety? Safety Science. https://www.sciencedirect.com/science/article/pii/S0925753507000896

Hollnagel, E. (2012). Resilience Engineering and Crisis management. https://gnssn.iaea.org/NSNI/SC/TMMtU/Presentations/Mr%20Hollnagel’s%20Presentation%202.pdf

Hollnagel, E. (2013). Safety-I and Safety-II: The Past and Future of Safety Management. https://skybrary.aero/sites/default/files/bookshelf/4889.pdf

Hollnagel, E. (2016). Barriers and Accident Prevention. Routledge.

Madden, R. (2019). Picture of Francis Scott Key Bridge.

Madden, R. (2024). Picture of MV Dali Post-Allision

NRC (National Research Council). (1983). Ship Collisions with Bridges: The Nature of the Accidents, Their Prevention and Mitigation. https://apps.dtic.mil/sti/tr/pdf/ADA135602.pdf

NTSB (National Transportation Safety Board). (1981). Ramming of the Sunshine Skyway Bridge by the Liberian Bulk Carrier SUMMIT VENTURE – Tampa Bay, Florida – May 9, 1980. https://www.ntsb.gov/investigations/AccidentReports/Reports/MAR8103.pdf

NTSB (National Transportation Safety Board). (2025a). Safeguarding Bridges from Vessel Strikes: Need for Vulnerability Assessment and Risk Reduction Strategies. https://www.ntsb.gov/investigations/AccidentReports/Reports/MIR2510.pdf

NTSB (National Transportation Safety Board). (2025b). Contact of Containership Dali with Francis Scott Key Bridge and Subsequent Bridge Collapse. https://www.ntsb.gov/investigations/AccidentReports/Reports/MIR2540.pdf

NTSBgov. (2025, November 21). NTSB Board Meeting – Contact of containership Dali with the Francis Scott Key Bridge [Video]. YouTube. https://youtu.be/eFS9sGiKTeA?si=n7IgpwcW4Q6x33dT

Reason, J. (1990). Human Error. Cambridge University Press.

Rosness, R., Grøtan, T., Guttormsen, G, Herrera, I, Steiro, T., Størseth, F., Tinmannsvik, R., Wærø, I. (2010). SINTEF: Organizational Accidents and Resilient Organizations: Six Perspectives (Revision 2). https://www.sintef.no/en/publications/publication/0198cc902a7a-a266af3d-9caa-423e-80f4-8cc878f1533e/

Sklet, S. (2006). Safety barriers: Definition, classification, and performance. Journal of Loss Prevention in the Process Industries, 19(5), 494–506. https://doi.org/10.1016/j.jlp.2005.12.004

Swuste, P., Groeneweg, J., Guldenmund, F. W., van Gulijk, C., Lemkowitz, S., Oostendorp, Y., & Zwaard, W. (2023). From safety to safety science: The evolution of thinking and practice. Routledge.

---

[1] Displacement – the volume or weight of a fluid (such as water) displaced by a floating body (such as a ship) of equal weight (Merriam-Webster)

[2] All times are in Eastern Standard Time, referenced to a 24-hour clock or military time