In August we brought you disquieting news that Hollysys Automation, the supplier of a control system implicated in China's deadly bullet-train collision this summer, also provides controls for China's nuclear reactors (which are multiplying just as fast as its high speed rail lines). The Hollysys story now looks darker after informed speculation reported in the Wall Street Journalthat the company may not fully comprehend how the control systems work [video below].
The WSJ reports that key components were supplied by Tokyo-based Hitachi without blueprints—a so-called "black box" sale. Don't confuse this black box with the data recorders that airplanes, high speed trains, and even, increasingly, automobiles carry to capture vehicle conditions during an accident. A black box sale is a means of protecting intellectual property. By keeping the buyer in the dark about the internal workings of a product, the seller hopes to prevent reverse-engineering of the equipment.
In Hollysys' and Hitachi's case, the deliberately obscure components lay within the trains' Automatic Train Protection, or ATP—a backup safety system intended to detect and prevent impending collisions. China's rail ministry awarded contracts to Hollysys to supply ATPs and other control systems for high speed trains, refusing to consider bids from foreign suppliers with more experience and sophisticated equipment. To deliver on its bid, however, Hollysys bought in technology that it lacked, from Hitachi.
The obvious drawback to this arrangement is that black box components are harder to understand. Here's the Wall Street Journal's money quote from an unnamed "senior Hitachi executive":
"It's still generally a mystery how a company like Hollysys could integrate our equipment into a broader safety-signaling system without intimate knowledge of our know-how."
That quote suggests that Hitachi could share blame in any failing of said system—a potential liability that the company is clearly aware of. The WSJ story quotes an Hitachi spokesman who asserts that Hollysys received a "technical explanation regarding those components, and we believe Hollysys, as a result, fully understands them."
Hollysys hasn't been heard from since August, when CEO Wang Changli issued a letter to shareholders reaffirming the company's position that its equipment was not responsible for the crash, which killed 40 passengers and injured more than 200.
Beijing-based China Railway Signal & Communication Corp., China's only other domestic supplier of rail control systems, has also been close-lipped. Immediately after the accident CRSC pledged in a statement to "shoulder our responsibility." Then all went quiet, with one exception. As the WSJ puts it:
CRSC hasn't commented about the accident directly, aside from a statement Aug. 23 stating that its top executive, 55-year-old Ma Cheng, collapsed and died during questioning by crash investigators.
Imagine the pressure on executives such as Ma Cheng. Then imagine the pressure on engineers responsible for Hollysys' controls sitting in Chinese nuclear power plants. Are those systems functioning as promised? And, if not, would their suppliers know?
Peter Fairley has been tracking energy technologies and their environmental implications globally for over two decades, charting engineering and policy innovations that could slash dependence on fossil fuels and the political forces fighting them. He has been a Contributing Editor with IEEE Spectrum since 2003.