Incident Details

Incident: River Avon Boat Tour Company Revenue Loss Due to Software Fault

Published Date: 2020-09-18

Postmortem Analysis
Timeline	1. The software failure incident happened on Tuesday, as mentioned in the article [104834]. Therefore, the estimated timeline for the incident would be: Step 1: The incident happened on a Tuesday. Step 2: The article was published on 2020-09-18. Step 3: Estimating back, the incident likely occurred in September 2020.
System	1. Software operating the vertical sluice gate [104834]
Responsible Organization	1. The software failure incident was caused by a fault in the software that operates a vertical sluice gate, leading to the sudden opening of the gate and the subsequent drop in water levels on the River Avon in Bath [104834].
Impacted Organization	1. Boat tour company (River Adventures) - The company reported losing £1,000 a day due to the inability to run trips on the drained section of the River Avon [104834]. 2. Boat owners and workers on the river - Individuals who were stranded due to the sudden drop in water levels were impacted financially and operationally [104834].
Software Causes	1. The software cause of the failure incident was a fault in the software that operates a vertical sluice gate, causing it to open suddenly [104834].
Non-software Causes	1. A fault with a sluice gate led to the sudden drop in water levels on the River Avon in Bath [104834]. 2. The malfunction was specifically attributed to a fault in the software that operates a vertical sluice gate, causing it to open suddenly [104834].
Impacts	1. The boat tour company was losing £1,000 a day in revenue due to the inability to run trips on the drained section of the River Avon, leading to a significant financial impact on the business [104834]. 2. The shortened tourist season, already affected by the Covid-19 pandemic and previous flooding, exacerbated the financial strain on the company [104834]. 3. Boat owners and workers on the river were affected by the incident, causing worry and distress among those impacted [104834].
Preventions	1. Regular maintenance and testing of the software operating the vertical sluice gate could have potentially prevented the software failure incident [104834]. 2. Implementing a system for early detection of faults or anomalies in the software controlling the sluice gate could have helped in identifying and addressing the issue before it led to a significant drop in water levels [104834]. 3. Having a backup or fail-safe mechanism in place in case of software malfunctions could have mitigated the impact of the fault and prevented the sudden opening of the sluice gate [104834].
Fixes	1. Implementing a fix for the fault in the software that operates the vertical sluice gate to prevent it from opening suddenly, causing water level drops [104834].
References	1. Paul Siddall, director of River Adventures [104834] 2. Boat owners affected by the incident [104834] 3. The Environment Agency, specifically Ian Withers [104834]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization	(a) The software failure incident related to the draining of a section of the River Avon due to a fault with a sluice gate has happened before with the same organization. Boat owners who became stranded criticized the Environment Agency for not acting soon enough and mentioned that the problem had happened before [104834]. (b) The software failure incident related to the sudden drop in water levels on the River Avon in Bath due to a fault in the software operating a vertical sluice gate has not been explicitly mentioned to have occurred at multiple organizations in the articles provided.
Phase (Design/Operation)	design	(a) The software failure incident in the article was related to the design phase. The incident occurred due to a fault in the software that operates a vertical sluice gate, causing it to open suddenly, which led to the water levels plunging on a stretch of the River Avon in Bath [104834].
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident, which caused the water level to drop in the River Avon, was attributed to a fault in the software that operates a vertical sluice gate. The fault within the software caused the gate to open suddenly, leading to the unplanned drainage of the river section [104834].
Nature (Human/Non-human)	non-human_actions	(a) The software failure incident in this case was attributed to a fault in the software that operates a vertical sluice gate, causing it to open suddenly. This indicates a non-human action as the contributing factor to the failure [104834]. (b) The article does not provide information suggesting that the software failure incident was due to contributing factors introduced by human actions.
Dimension (Hardware/Software)	software	(a) The software failure incident occurred due to a fault in the software that operates a vertical sluice gate, causing it to open suddenly. This fault led to the water level drop in the River Avon in Bath, impacting a boat tour company and causing financial losses [104834]. (b) The software failure incident was specifically attributed to a fault in the software that controls the operation of the sluice gate. This software fault resulted in the sudden opening of the gate, leading to the unintended draining of the river section and subsequent financial implications for the boat tour company [104834].
Objective (Malicious/Non-malicious)	non-malicious	(a) The software failure incident in this case was non-malicious. The incident was attributed to a fault in the software that operates a vertical sluice gate, causing it to open suddenly, leading to a drop in water levels on the River Avon in Bath [104834]. The Environment Agency acknowledged the fault and expressed regret for the distress caused by the incident, indicating that it was not a deliberate act to harm the system.
Intent (Poor/Accidental Decisions)	accidental_decisions	(a) The software failure incident in this case was not due to poor decisions but rather an accidental decision or mistake. The incident occurred due to a fault in the software that operates a vertical sluice gate, causing it to open suddenly, leading to the draining of a section of the River Avon [Article 104834]. The Environment Agency admitted that they "could have done better" and that the situation was "distressing," indicating that the failure was not a result of intentional poor decisions but rather an unintended mistake.
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident in this case was not explicitly attributed to development incompetence. The article mentions that the fault with the software operating the vertical sluice gate caused it to open suddenly, leading to the drop in water levels on the River Avon in Bath. However, there is no indication that this fault was due to a lack of professional competence by humans or the development organization involved. (b) The software failure incident was described as accidental in nature. The article states that the drop in water levels on the River Avon was caused by a fault in the software that operates the vertical sluice gate, leading to the unplanned draining of the river section. This indicates that the incident was accidental rather than intentional.
Duration	temporary	(a) The software failure incident in this case was temporary. The article mentions that the fault in the software that operates the vertical sluice gate caused it to open suddenly, leading to a drop in water levels on the River Avon in Bath. The Environment Agency planned to slowly raise the water levels to rectify the situation, indicating that the incident was not permanent but rather a temporary issue caused by the software fault [104834].
Behaviour	value	(a) crash: The software failure incident in the article was not described as a crash where the system loses state and does not perform any of its intended functions [104834]. (b) omission: The software failure incident in the article was not described as a failure due to the system omitting to perform its intended functions at an instance(s) [104834]. (c) timing: The software failure incident in the article was not described as a failure due to the system performing its intended functions correctly, but too late or too early [104834]. (d) value: The software failure incident in the article was described as a failure due to the system performing its intended functions incorrectly. The fault in the software that operates a vertical sluice gate caused it to open suddenly, leading to a drop in water levels on the River Avon [104834]. (e) byzantine: The software failure incident in the article was not described as a failure due to the system behaving erroneously with inconsistent responses and interactions [104834]. (f) other: The software failure incident in the article was not described with any other specific behavior not covered by the options provided [104834].

IoT System Layer

Layer	Option	Rationale
Perception	actuator, embedded_software	The software failure incident mentioned in the article was related to the embedded software. The fault that caused the water level to drop in the River Avon was specifically attributed to a fault in the software that operates a vertical sluice gate, leading to it opening suddenly [Article 104834].
Communication	unknown	The software failure incident described in the article [104834] was related to a fault in the software that operates a vertical sluice gate, causing it to open suddenly. This fault led to a sudden drop in water levels on a stretch of the River Avon in Bath. The article does not specify whether the failure was related to the communication layer of the cyber-physical system that failed.
Application	TRUE	The software failure incident described in the article [104834] was related to the application layer of the cyber physical system. The fault that occurred, leading to the sudden drop in water levels on the River Avon, was specifically attributed to a fault in the software that operates a vertical sluice gate. This fault caused the gate to open suddenly, resulting in the water level dropping by about 1.8m (5.9ft). Therefore, the failure was indeed related to the application layer of the system, as it was caused by a software malfunction rather than a physical issue or external interference.

Other Details

Category	Option	Rationale
Consequence	property, delay, non-human, theoretical_consequence	The consequence of the software failure incident described in the article [104834] was primarily financial impact. The boat tour company was losing £1,000 a day due to the inability to run trips on the river section that was drained because of the fault with the sluice gate software. This loss of revenue had a significant impact on the business, affecting both the company's operations and its employees. Additionally, the incident had broader implications for people living and working on the river, as it added to the challenges faced during an already shortened tourist season due to the Covid-19 pandemic and previous flooding events. The article did not mention any direct physical harm, death, or immediate danger to individuals resulting from the software failure incident.
Domain	transportation, entertainment	(a) The failed system was intended to support the tourism industry, specifically the boat tour company operating on the River Avon in Bath [104834].

Sources

Boat trip firm losing £1,000 a day after River Avon section drained - BBC.com - Published on: 2020-09-18
Article ID: 104834

Back to List