In August we brought you disquieting news that Hollysys Automation — the supplier of a control system implicated in China’s deadly bullet-train collision this summer — also provides controls for China’s nuclear reactors (which are multiplying just as fast as its high speed rail lines). The Hollysys story now looks darker after informed speculation reported in the Wall Street Journal that the company may not fully comprehend how the control systems work.
The WSJ reports that key components were supplied by Tokyo-based Hitachi without blueprints — a so-called “black box” sale. Don’t confuse this black box with the data recorders that airplanes, high speed trains and even, increasingly, automobiles carry to capture vehicle conditions during an accident. A black box sale is a means of protecting intellectual property. By keeping the buyer in the dark about the internal workings of a product, the seller hopes to prevent reverse-engineering of the equipment.
In Hollysys and Hitachi’s case the deliberately obscure components lay within the trains’ Automatic Train Protection or ATP–a backup safety system intended to detect and prevent impending collisions. China’s rail ministry awarded contracts to Hollysys to supply ATPs and other control systems for high speed trains, refusing to consider bids from foreign suppliers with more experience and sophisticated equipment. To deliver on its bid, however, Hollysys bought in technology that it lacked from Hitachi.
The obvious drawback to this arrangement is that black box components are harder to understand. Here’s the Wall Street Journal‘s money quote from an unnamed ‘senior Hitachi executive’:
“It’s still generally a mystery how a company like Hollysys could integrate our equipment into a broader safety-signaling system without intimate knowledge of our know-how.”
That quote suggests that Hitachi could share blame in any failing of said system — a potential liability that the company is clearly aware of. The WSJ story quotes an Hitachi spokesman who asserts that Hollysys received a “technical explanation regarding those components, and we believe Hollysys, as a result, fully understands them.”
Hollysys hasn’t been heard from since August, when CEO Wang Changli issued a letter to shareholders reaffirming the company’s position that its equipment was not responsible for the crash, which killed 40 passengers and injured over 200 more.
Beijing-based China Railway Signal & Communication Corp, China’s only other domestic supplier of rail control systems, has also been close-lipped. Immediately after the accident CRSC pledged in a statement to “shoulder our responsibility.” Then all went quiet, with one exception. As the WSJ puts it:
CRSC hasn’t commented about the accident directly, aside from a statement Aug. 23 stating that its top executive, 55-year-old Ma Cheng, collapsed and died during questioning by crash investigators.
Imagine the pressure on executives such as Ma Cheng. Then imagine the pressure on engineers responsible for Hollysys’ controls sitting in Chinese nuclear power plants. Are those systems functioning as promised? And, if not, would their suppliers know?
This post was created for Energywise, IEEE Spectrum’s blog on green power, cars and climate