ABSTRACT
A barrier model can faithfully explain the last few minutes before an accident. The accident in turn is invariably caused or permitted by the unsafe act of a person and/or a mechanical or physical hazard. The "physical cause" of the loss of the Space Shuttle Columbia in February 2003 was "a breach in the Thermal Protection System on the leading edgeof the left wing. The focus on defenses as the best investment in safety has led in many systems to greater complexity. More defenses mean more engineered systems, more procedures, more paperwork, and more people. The complexity of many systems, and of the technology they employ, can also mean that one kind of safety needs to be considered against another. In devising countermeasures, it is crucial to understand the vulnerabilities through which entire parts of a system can contribute to system failure under different guises or conditions.
