One of my bridges is a large vertical lift that is a critical part of the main traffic artery into the city. This drawbridge has the potential to disrupt tens of thousands of motorists and can impact traffic into and out of the city for many hours following an extended opening. It is vital that the bridge operate with a maximum level of dependability to avoid unnecessary delays.
This is accomplished through a system of redundant components and auxiliary systems that allow for the operation of the bridge to continue even in the event of a major failure. These features are designed into the bridge specifically to provide a high level of reliability. For example…
…the bridge uses an electric motor in each tower to raise or lower the bridge span. Each tower contains two motors, with only one operated at any time. The second is a redundant motor that can be selected in the event of a motor problem in either tower. But what if there is a problem in the drive system that controls the motor and not the motor itself…
…well there’s a redundancy there too. Each individual motor has its own drive equipment in the event that any one drive becomes problematic. But what if the bridge lost electrical power and couldn’t supply electricity to the motor or motor drive equipment…
…then the auxiliary generator located on the bridge will start and switch the bridge over to a self-contained electrical supply to continue with any opening. The bridge can run indefinitely on its own power in the event of even a prolonged utility outage. But what if it’s not the power supply, nor the motor drive system, nor the motors themselves at fault, but some supportive component that provides height or speed input to the computers? Or what if it’s the computers that run everything…
…not only are there redundant components that are selectable in the event of a problem, and a completely separate computer that can be brought online within seconds of a computer failure, but also a completely separate auxiliary system in case all this redundancy fails. In fact, the bridge can be raised or lowered completely independent of the installed control system, even in the event of a loss of both utility power and the standby generator. So in effect, we have backups to the backups of the backups.
Why?
Worst case scenario.
Engineers understand the principle of worst case scenario and design drawbridges with the expectation that sooner or later, the worst case scenario will simply become, well, the scenario. And in the world of drawbridges, the impossible can and will eventually happen. So nothing is actually impossible. Instead, I like to think of it as highly improbable at best. While the concept of worst case scenario seems simple enough for everyone to understand, no one will ever understand it quite as clearly as someone in drawbridge maintenance with a little time under their belt.
I would be interested in hearing any stories you have of worst case scenarios or ways that you have witnesses the impossible on your bridges. Please feel free to share your comments below.